[Audit Event webhooks] Technical Exploration: High-level feasibility analysis
Topic to Evaluate
- Epic Iteration 0 and 1 primarily. Iteration 2 if time.
Tasks to Evaluate
-
Determine feasibility of the feature - We have determined that this feature is very much feasible.
-
Create issue for implementation or update existing implementation issue description with implementation proposal - Consider if making an epic for each iteration would be better than a single issue
- List any open questions or areas of concern. Scope of this issue also includes working with the rest of the team on these as they come up, to see if they can be answered.
-
Set weight on implementation issue -
If weight is greater than 5, break issue into smaller issues -
Add task -
Add task
Iteration 1 - HTTP webhook
- Namespace-level audit event emission: &6122 (closed)
- Instance-level audit event emission: &6125 (closed)
Most likely built outside of existing webhook screen and in a new Audit Event only screen. Will get around needing to update HAML forms and give us flexibility to allow all the advanced customization & configuration needed in the future.
Iteration 2 (S3 ingress)
-
Group/Namespace owners can set S3 credentials for group and project level events. (Access Key/Secret Key/Region/Bucket) (SaaS-first) -
Instance owners can set S3 credentials for instance-level events. -
Audit event service creates a structured JSON file and posts it to S3.
Iteration 3 (additional ingress adapters - GCP, etc.)
...
Edited by Sam Kerr