search

clojars / clojars-web

A community repository for open-source Clojure libraries
https://clojars.org
Eclipse Public License 1.0
469 stars 114 forks source link

Add audit logging for group membership changes #812

Closed danielcompton closed 2 years ago

danielcompton commented 2 years ago

I went to add someone to the org.flatland group and expected to see the action show up in the audit log. When I looked at the feature I realised the log only covers deploy actions. Would it be good to extend/add to the log concept for other actions around adding/removing members and creating tokens?

Alternatively, we could just change the copy of the header to say that it is an "Audit log for org.flatland deploys for the last 30 days"?

One other thought, do we need to limit the audit logs to the last 30 days?

Screenshot of Safari (5-10-21, 2-10-08 PM)
tobias commented 2 years ago

I agree that we should add members and tokens to the audit log - it was initially added to work around #774, and my intention was to expand it to other actions, but I haven't yet done that.

The logs are stored in postgres, and I was worried about growth, but we could remove the truncation and monitor the growth rate. I agree it would be useful to have more than 30 days of history.

tobias commented 2 years ago

Clojars-149 now has: