Add audit event when configuration of Saml Provider at instance level
Summary
Currently, we do have an audit event when SAML is configured on a group:
group_saml_provider_create
group_saml_provider_updated
Refer to this MR for implementation Add audit event types for group_saml_provider_c... (!111227 - merged)
But there is no audit event when SAML is configured at instance level.
Proposal
Add an audit event when SAML is configured at instance level:
instance_saml_provider_create
instance_saml_provider_updated
Will Not Do -- Workaround
The decision is not to proceed with development for an instance level audit event for instance level SAML configuration.
The changes aren't made through a request-response cycle in a web-context, and aren't associated with a user that needs to be logged in.
Yes, there would likely be a *nix or windows user on that system that edits the file but it's not the same level of specificity. We can't reliably track who changed something on the file system and would likely only be able to track that a change has been made by caching changes between subsequent runs of a tracking script, but that won't give us 100% accuracy into who made those changes.
We do not currently have auditing in place at file system level. That's probably better left to dedicated OS level tools.