search

lightblue-platform / lightblue-audit-hook

Audit hook for lightblue.
GNU General Public License v3.0
1 stars 9 forks source link

How to guarantee all identity field values are available? #1

Closed jewzaam closed 10 years ago

jewzaam commented 10 years ago

To audit something we need to identify that thing. To identify it we need all the identity field values. The way hooks are written the pre and post are simply the things that were involved in the CRUD operation, not necessarily all the fields. One possible solution is to force projection of identity fields. A problem with this is 'find' operation, which might be doing aggregate (distinct) functions on results. Some options then are:

This issue is being opened as both a discussion and solution, in that we need to implement solution once it's identified..

bserdar commented 10 years ago

Hooks are called using the "unprojected" versions of the docs, right? All identity fields are also "required", so they are guaranteed to be in the hook doc. One thing we can do is to add those ID fields to the hook projection, if there is any.

On Mon, Aug 11, 2014 at 3:38 PM, Naveen Malik notifications@github.com wrote:

To audit something we need to identify that thing. To identify it we need all the identity field values. The way hooks are written the pre and post are simply the things that were involved in the CRUD operation, not necessarily all the fields. One possible solution is to force projection of identity fields. A problem with this is 'find' operation, which might be doing aggregate (distinct) functions on results. Some options then are:

  • don't audit 'find'
  • only audit 'find' if all identity fields are available
  • for insert, set, and update always project all identity fields
  • for delete project identity fields before executing delete (this is an extra query)

This issue is being opened as both a discussion and solution, in that we need to implement solution once it's identified..

— Reply to this email directly or view it on GitHub https://github.com/lightblue-platform/lightblue-audit-hook/issues/1.

jewzaam commented 10 years ago

Is hook projection applied against the request and response documents or against pre and post data in datastore?

----- Original Message -----

Hooks are called using the "unprojected" versions of the docs, right? All identity fields are also "required", so they are guaranteed to be in the hook doc. One thing we can do is to add those ID fields to the hook projection, if there is any.

On Mon, Aug 11, 2014 at 3:38 PM, Naveen Malik notifications@github.com wrote:

To audit something we need to identify that thing. To identify it we need all the identity field values. The way hooks are written the pre and post are simply the things that were involved in the CRUD operation, not necessarily all the fields. One possible solution is to force projection of identity fields. A problem with this is 'find' operation, which might be doing aggregate (distinct) functions on results. Some options then are:

  • don't audit 'find'
  • only audit 'find' if all identity fields are available
  • for insert, set, and update always project all identity fields
  • for delete project identity fields before executing delete (this is an extra query)

This issue is being opened as both a discussion and solution, in that we need to implement solution once it's identified..

— Reply to this email directly or view it on GitHub https://github.com/lightblue-platform/lightblue-audit-hook/issues/1.

Reply to this email directly or view it on GitHub: https://github.com/lightblue-platform/lightblue-audit-hook/issues/1#issuecomment-52535468

bserdar commented 10 years ago

Hook projection is applied to pre- and post- version of the doc, not to response or request.

                processedDocuments.add(new HookDoc(
                        doc.getEntityMetadata(),
                        project(doc.getPreDoc(), projector),
                        project(doc.getPostDoc(), projector),
                        doc.getOperation()));

On Mon, Aug 18, 2014 at 1:30 PM, Naveen Malik notifications@github.com wrote:

Is hook projection applied against the request and response documents or against pre and post data in datastore?

----- Original Message -----

Hooks are called using the "unprojected" versions of the docs, right? All identity fields are also "required", so they are guaranteed to be in the hook doc. One thing we can do is to add those ID fields to the hook projection, if there is any.

On Mon, Aug 11, 2014 at 3:38 PM, Naveen Malik notifications@github.com

wrote:

To audit something we need to identify that thing. To identify it we need all the identity field values. The way hooks are written the pre and post are simply the things that were involved in the CRUD operation, not necessarily all the fields. One possible solution is to force projection of identity fields. A problem with this is 'find' operation, which might be doing aggregate (distinct) functions on results. Some options then are:

  • don't audit 'find'
  • only audit 'find' if all identity fields are available
  • for insert, set, and update always project all identity fields
  • for delete project identity fields before executing delete (this is an extra query)

This issue is being opened as both a discussion and solution, in that we need to implement solution once it's identified..

— Reply to this email directly or view it on GitHub https://github.com/lightblue-platform/lightblue-audit-hook/issues/1.

Reply to this email directly or view it on GitHub:

https://github.com/lightblue-platform/lightblue-audit-hook/issues/1#issuecomment-52535468

— Reply to this email directly or view it on GitHub https://github.com/lightblue-platform/lightblue-audit-hook/issues/1#issuecomment-52542381 .

jewzaam commented 10 years ago

Seems this could then be left to the definition of the hook, because it will list what fields to project. Or a way for hook implementations to indicate they require identity fields always or not?

----- Original Message -----

Hook projection is applied to pre- and post- version of the doc, not to response or request.

                processedDocuments.add(new HookDoc(
                        doc.getEntityMetadata(),
                        project(doc.getPreDoc(), projector),
                        project(doc.getPostDoc(), projector),
                        doc.getOperation()));

On Mon, Aug 18, 2014 at 1:30 PM, Naveen Malik notifications@github.com wrote:

Is hook projection applied against the request and response documents or against pre and post data in datastore?

----- Original Message -----

Hooks are called using the "unprojected" versions of the docs, right? All identity fields are also "required", so they are guaranteed to be in the hook doc. One thing we can do is to add those ID fields to the hook projection, if there is any.

On Mon, Aug 11, 2014 at 3:38 PM, Naveen Malik notifications@github.com

wrote:

To audit something we need to identify that thing. To identify it we need all the identity field values. The way hooks are written the pre and post are simply the things that were involved in the CRUD operation, not necessarily all the fields. One possible solution is to force projection of identity fields. A problem with this is 'find' operation, which might be doing aggregate (distinct) functions on results. Some options then are:

  • don't audit 'find'
  • only audit 'find' if all identity fields are available
  • for insert, set, and update always project all identity fields
  • for delete project identity fields before executing delete (this is an extra query)

This issue is being opened as both a discussion and solution, in that we need to implement solution once it's identified..

— Reply to this email directly or view it on GitHub https://github.com/lightblue-platform/lightblue-audit-hook/issues/1.

Reply to this email directly or view it on GitHub:

https://github.com/lightblue-platform/lightblue-audit-hook/issues/1#issuecomment-52535468

— Reply to this email directly or view it on GitHub https://github.com/lightblue-platform/lightblue-audit-hook/issues/1#issuecomment-52542381 .

Reply to this email directly or view it on GitHub: https://github.com/lightblue-platform/lightblue-audit-hook/issues/1#issuecomment-52543276

bserdar commented 10 years ago

We can keep it simple: hook implementation complains if it doesn't get all the identity fields, so whoever set up that hook adds those fields to projection, if there is any.

On Mon, Aug 18, 2014 at 2:27 PM, Naveen Malik notifications@github.com wrote:

Seems this could then be left to the definition of the hook, because it will list what fields to project. Or a way for hook implementations to indicate they require identity fields always or not?

----- Original Message -----

Hook projection is applied to pre- and post- version of the doc, not to response or request.

processedDocuments.add(new HookDoc( doc.getEntityMetadata(), project(doc.getPreDoc(), projector), project(doc.getPostDoc(), projector), doc.getOperation()));

On Mon, Aug 18, 2014 at 1:30 PM, Naveen Malik notifications@github.com

wrote:

Is hook projection applied against the request and response documents or against pre and post data in datastore?

----- Original Message -----

Hooks are called using the "unprojected" versions of the docs, right? All identity fields are also "required", so they are guaranteed to be in the hook doc. One thing we can do is to add those ID fields to the hook projection, if there is any.

On Mon, Aug 11, 2014 at 3:38 PM, Naveen Malik < notifications@github.com>

wrote:

To audit something we need to identify that thing. To identify it we need all the identity field values. The way hooks are written the pre and post are simply the things that were involved in the CRUD operation, not necessarily all the fields. One possible solution is to force projection of identity fields. A problem with this is 'find' operation, which might be doing aggregate (distinct) functions on results. Some options then are:

  • don't audit 'find'
  • only audit 'find' if all identity fields are available
  • for insert, set, and update always project all identity fields
  • for delete project identity fields before executing delete (this is an extra query)

This issue is being opened as both a discussion and solution, in that we need to implement solution once it's identified..

— Reply to this email directly or view it on GitHub < https://github.com/lightblue-platform/lightblue-audit-hook/issues/1>.

Reply to this email directly or view it on GitHub:

https://github.com/lightblue-platform/lightblue-audit-hook/issues/1#issuecomment-52535468

— Reply to this email directly or view it on GitHub < https://github.com/lightblue-platform/lightblue-audit-hook/issues/1#issuecomment-52542381>

.

Reply to this email directly or view it on GitHub:

https://github.com/lightblue-platform/lightblue-audit-hook/issues/1#issuecomment-52543276

— Reply to this email directly or view it on GitHub https://github.com/lightblue-platform/lightblue-audit-hook/issues/1#issuecomment-52550036 .

jewzaam commented 10 years ago

Closing as there is nothing to do. CountryAuditHookTest in lightblue-audit-hook tests for combinations of identity present and missing.