AuditEvents: Inconsistent types for from/to/target_id values
Summary
The to
, from
, and target_id
fields on the structure audit_json.log
have inconsistent types depending on the audit event. This makes it difficult to ingest into common data processing pipelines without a large amount of custom pre-processing code, including any based on Elastic Search or BigQuery, that require consistent types when importing data.
In particular, the native true
and false
values being used for some settings conflict with the strings used for almost everything else.
In project events, including but not limited to add
, the target_id
is currently the name with namespace, not a numerical id.
Steps to reproduce
In any project with support for Packages, as project Maintainer or above, see the audit_json.log entry for any of these actions:
- Add or remove a project member.
- Enable or disable the Packages features.
- Create a new project.
What is the expected correct behavior?
Consistent data types each field.
Proposal
These attributes should always be integers:
-
target_id
These attributes should always be strings:
Output of checks
This bug happens on GitLab.com.
Relevant logs and/or screenshots
Example messages with different types:
{
"severity": "INFO",
"time": "2019-02-28T18:29:52.100Z",
"correlation_id": "4qogam6ous3",
"author_id": 51,
"entity_id": 18,
"entity_type": "Project",
"change": "packages_enabled",
"from": true,
"to": false,
"author_name": "test2",
"target_id": 18,
"target_type": "Project",
"target_details": "test2/pubproj",
"ip_address": "127.0.0.1",
"entity_path": "test2/pubproj"
}
{
"severity": "INFO",
"time": "2019-05-17T21:29:53.822Z",
"correlation_id": "rRNgYZM9B59",
"author_id": 50,
"entity_id": 15,
"entity_type": "Project",
"change": "access_level",
"from": "Reporter",
"to": "Guest",
"author_name": "test1",
"target_id": 8040,
"target_type": "User",
"target_details": "test2",
"ip_address": "127.0.0.1",
"entity_path": "privet-group1/devproj"
}
# string for a target_id
{
"severity": "INFO",
"time": "2019-07-03T22:25:49.234Z",
"correlation_id": "wDuJjAufRo6",
"author_id": 1,
"entity_id": 29,
"entity_type": "Project",
"add": "project",
"author_name": "Administrator",
"target_id": "root/test-project",
"target_type": "Project",
"target_details": "root/test-project",
"ip_address": "127.0.0.1",
"entity_path": "root/test-project"
}
cc @gitlab-com/gl-security/secops