dashboard still relies on audit_ namespace

irods / contrib

A pooled collection of community-contributed code that works alongside iRODS

BSD 3-Clause "New" or "Revised" License

13 stars 19 forks source link

dashboard still relies on audit_ namespace #42

Closed trel closed 1 month ago

trel commented 2 months ago

this is no longer needed. we can just use pep_ now directly.

alanking commented 2 months ago

Would like to confirm (somehow) that PEPs which return errors that are not RULE_ENGINE_CONTINUE or SYS_NOT_SUPPORTED fall through appropriately to the audit plugin so that the events are logged.

For example, if I want to prevent uploads to a particular server via the Put API (for whatever reason) and I return SYS_NOT_ALLOWED or something in pep_api_data_obj_put_pre, would the audit plugin emit a message for such an event so that we can see that it was attempted?

korydraughn commented 2 months ago

If the audit plugin is first in the list, it should capture the PEP and allow the next REP to handle it (i.e. block it if desired) just fine.

alanking commented 2 months ago

I see. We will need to update our slides to reflect that if that's the requirement. If it "just works" then no need

alanking commented 1 month ago

Confirmed that everything is working. See https://github.com/irods/contrib/pull/43#issuecomment-2120536542. @trel: I think this is good for the closing.