diff --git a/client/web/src/featureFlags/featureFlags.ts b/client/web/src/featureFlags/featureFlags.ts
index bd1a77e39f73..d3d3dc2ce234 100644
--- a/client/web/src/featureFlags/featureFlags.ts
+++ b/client/web/src/featureFlags/featureFlags.ts
@@ -6,7 +6,6 @@ import type { OrgFeatureFlagOverridesResult, OrgFeatureFlagOverridesVariables }
export const FEATURE_FLAGS = [
'admin-analytics-cache-disabled',
'admin-onboarding',
- 'auditlog-expansion',
'blob-page-switch-areas-shortcuts',
'cody-chat-mock-test',
'contrast-compliant-syntax-highlighting',
diff --git a/cmd/frontend/graphqlbackend/external_services.go b/cmd/frontend/graphqlbackend/external_services.go
index 4db6d34f8eb9..49d2181c1cca 100644
--- a/cmd/frontend/graphqlbackend/external_services.go
+++ b/cmd/frontend/graphqlbackend/external_services.go
@@ -22,7 +22,6 @@ import (
"github.com/sourcegraph/sourcegraph/internal/conf"
"github.com/sourcegraph/sourcegraph/internal/database"
"github.com/sourcegraph/sourcegraph/internal/extsvc"
- "github.com/sourcegraph/sourcegraph/internal/featureflag"
"github.com/sourcegraph/sourcegraph/internal/gqlutil"
"github.com/sourcegraph/sourcegraph/internal/repos"
"github.com/sourcegraph/sourcegraph/internal/repoupdater"
@@ -80,22 +79,20 @@ func (r *schemaResolver) AddExternalService(ctx context.Context, args *addExtern
return nil, err
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
-
- arg := struct {
- Kind string
- DisplayName string
- Namespace *graphql.ID
- }{
- Kind: args.Input.Kind,
- DisplayName: args.Input.DisplayName,
- Namespace: args.Input.Namespace,
- }
- // Log action of Code Host Connection being added
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionAdded, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil {
- r.logger.Warn("Error logging security event", log.Error(err))
- }
+ arg := struct {
+ Kind string
+ DisplayName string
+ Namespace *graphql.ID
+ }{
+ Kind: args.Input.Kind,
+ DisplayName: args.Input.DisplayName,
+ Namespace: args.Input.Namespace,
+ }
+ // Log action of Code Host Connection being added
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionAdded, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil {
+ r.logger.Warn("Error logging security event", log.Error(err))
}
+
// Now, schedule the external service for syncing immediately.
s := repos.NewStore(r.logger, r.db)
err = s.EnqueueSingleSyncJob(ctx, externalService.ID)
@@ -196,26 +193,24 @@ func (r *schemaResolver) UpdateExternalService(ctx context.Context, args *update
logger.Warn("Failed to get new redacted config", log.Error(err))
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- arg := struct {
- ID graphql.ID
- DisplayName *string
- UpdaterID *int32
- PrevConfig string
- LatestConfig *string
- }{
- ID: args.Input.ID,
- DisplayName: args.Input.DisplayName,
- UpdaterID: &userID,
- PrevConfig: prevConfig,
- LatestConfig: &latestConfig,
- }
- // Log action of Code Host Connection being updated
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil {
- r.logger.Warn("Error logging security event", log.Error(err))
- }
-
+ arg := struct {
+ ID graphql.ID
+ DisplayName *string
+ UpdaterID *int32
+ PrevConfig string
+ LatestConfig *string
+ }{
+ ID: args.Input.ID,
+ DisplayName: args.Input.DisplayName,
+ UpdaterID: &userID,
+ PrevConfig: prevConfig,
+ LatestConfig: &latestConfig,
+ }
+ // Log action of Code Host Connection being updated
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil {
+ r.logger.Warn("Error logging security event", log.Error(err))
}
+
// Now, schedule the external service for syncing immediately.
s := repos.NewStore(r.logger, r.db)
err = s.EnqueueSingleSyncJob(ctx, es.ID)
@@ -344,19 +339,18 @@ func (r *schemaResolver) DeleteExternalService(ctx context.Context, args *delete
}
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- arguments := struct {
- GraphQLID graphql.ID `json:"GraphQL ID"`
- ExternalServiceID int64 `json:"External Service ID"`
- }{
- GraphQLID: args.ExternalService,
- ExternalServiceID: id,
- }
- // Log action of Code Host Connection being deleted
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionDeleted, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arguments); err != nil {
- r.logger.Warn("Error logging security event", log.Error(err))
- }
+ arguments := struct {
+ GraphQLID graphql.ID `json:"GraphQL ID"`
+ ExternalServiceID int64 `json:"External Service ID"`
+ }{
+ GraphQLID: args.ExternalService,
+ ExternalServiceID: id,
+ }
+ // Log action of Code Host Connection being deleted
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionDeleted, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arguments); err != nil {
+ r.logger.Warn("Error logging security event", log.Error(err))
}
+
return &EmptyResponse{}, nil
}
diff --git a/cmd/frontend/graphqlbackend/external_services_test.go b/cmd/frontend/graphqlbackend/external_services_test.go
index cfe239ac5a52..2494e43f233f 100644
--- a/cmd/frontend/graphqlbackend/external_services_test.go
+++ b/cmd/frontend/graphqlbackend/external_services_test.go
@@ -7,6 +7,7 @@ import (
"testing"
"time"
+ mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require"
"github.com/google/go-cmp/cmp"
"github.com/graph-gophers/graphql-go"
gqlerrors "github.com/graph-gophers/graphql-go/errors"
@@ -68,6 +69,9 @@ func TestAddExternalService(t *testing.T) {
db.UsersFunc.SetDefaultReturn(users)
db.ExternalServicesFunc.SetDefaultReturn(externalServices)
db.HandleFunc.SetDefaultReturn(&handle{db})
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
RunTests(t, []*Test{
{
@@ -96,6 +100,7 @@ func TestAddExternalService(t *testing.T) {
`,
},
})
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
}
func TestUpdateExternalService(t *testing.T) {
@@ -203,6 +208,10 @@ func TestUpdateExternalService(t *testing.T) {
es := backend.NewStrictMockExternalServicesService()
es.ValidateConnectionFunc.SetDefaultReturn(nil)
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
+
mockExternalServicesService = es
t.Cleanup(func() { mockExternalServicesService = nil })
@@ -231,6 +240,7 @@ func TestUpdateExternalService(t *testing.T) {
`,
Context: actor.WithActor(context.Background(), &actor.Actor{UID: 1}),
})
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
}
func TestExcludeRepoFromExternalServices_ExternalServiceDoesntSupportRepoExclusion(t *testing.T) {
@@ -566,6 +576,9 @@ func TestDeleteExternalService(t *testing.T) {
db := dbmocks.NewMockDB()
db.UsersFunc.SetDefaultReturn(users)
db.ExternalServicesFunc.SetDefaultReturn(externalServices)
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
RunTests(t, []*Test{
{
@@ -587,6 +600,7 @@ func TestDeleteExternalService(t *testing.T) {
Context: actor.WithActor(context.Background(), &actor.Actor{UID: 1}),
},
})
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
}
func TestExternalServicesResolver(t *testing.T) {
diff --git a/cmd/frontend/graphqlbackend/org.go b/cmd/frontend/graphqlbackend/org.go
index 7139994a49dd..6a4a593868e3 100644
--- a/cmd/frontend/graphqlbackend/org.go
+++ b/cmd/frontend/graphqlbackend/org.go
@@ -15,7 +15,6 @@ import (
"github.com/sourcegraph/sourcegraph/internal/database"
"github.com/sourcegraph/sourcegraph/internal/dotcom"
"github.com/sourcegraph/sourcegraph/internal/errcode"
- "github.com/sourcegraph/sourcegraph/internal/featureflag"
"github.com/sourcegraph/sourcegraph/internal/gqlutil"
"github.com/sourcegraph/sourcegraph/internal/types"
"github.com/sourcegraph/sourcegraph/lib/errors"
@@ -27,11 +26,9 @@ func (r *schemaResolver) Organization(ctx context.Context, args struct{ Name str
return nil, err
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log action for siteadmin viewing an organization's details
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil {
- r.logger.Warn("Error logging security event", log.Error(err))
- }
+ // Log action for siteadmin viewing an organization's details
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil {
+ r.logger.Warn("Error logging security event", log.Error(err))
}
return &OrgResolver{db: r.db, org: org}, nil
@@ -272,12 +269,10 @@ func (r *schemaResolver) CreateOrganization(ctx context.Context, args *struct {
return nil, err
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log an event when a new organization being created
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil {
- r.logger.Warn("Error logging security event", log.Error(err))
+ // Log an event when a new organization being created
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil {
+ r.logger.Warn("Error logging security event", log.Error(err))
- }
}
// Add the current user as the first member of the new org.
@@ -310,13 +305,12 @@ func (r *schemaResolver) UpdateOrganization(ctx context.Context, args *struct {
return nil, err
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log an event when organization settings are updated
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil {
- r.logger.Warn("Error logging security event", log.Error(err))
+ // Log an event when organization settings are updated
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil {
+ r.logger.Warn("Error logging security event", log.Error(err))
- }
}
+
return &OrgResolver{db: r.db, org: updatedOrg}, nil
}
diff --git a/cmd/frontend/graphqlbackend/org_test.go b/cmd/frontend/graphqlbackend/org_test.go
index c8f77a1cf6a6..4c151da725d2 100644
--- a/cmd/frontend/graphqlbackend/org_test.go
+++ b/cmd/frontend/graphqlbackend/org_test.go
@@ -6,6 +6,7 @@ import (
"strconv"
"testing"
+ mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require"
gqlerrors "github.com/graph-gophers/graphql-go/errors"
"github.com/graph-gophers/graphql-go/relay"
"github.com/stretchr/testify/assert"
@@ -38,10 +39,14 @@ func TestOrganization(t *testing.T) {
orgs.GetByNameFunc.SetDefaultReturn(&mockedOrg, nil)
orgs.GetByIDFunc.SetDefaultReturn(&mockedOrg, nil)
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+
db := dbmocks.NewMockDB()
db.OrgsFunc.SetDefaultReturn(orgs)
db.UsersFunc.SetDefaultReturn(users)
db.OrgMembersFunc.SetDefaultReturn(orgMembers)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
t.Run("can access organizations", func(t *testing.T) {
RunTests(t, []*Test{
@@ -64,6 +69,8 @@ func TestOrganization(t *testing.T) {
},
})
})
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
+
}
func TestOrganizationMembers(t *testing.T) {
@@ -85,10 +92,14 @@ func TestOrganizationMembers(t *testing.T) {
mockedOrg := types.Org{ID: 1, Name: "acme"}
orgs.GetByNameFunc.SetDefaultReturn(&mockedOrg, nil)
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+
db := dbmocks.NewMockDB()
db.OrgsFunc.SetDefaultReturn(orgs)
db.UsersFunc.SetDefaultReturn(users)
db.OrgMembersFunc.SetDefaultReturn(orgMembers)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
t.Run("org members can list members", func(t *testing.T) {
users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{Username: "alice", ID: 1}, nil)
@@ -120,6 +131,7 @@ func TestOrganizationMembers(t *testing.T) {
})
})
}
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
})
t.Run("non-members", func(t *testing.T) {
@@ -208,6 +220,8 @@ func TestOrganizationMembers(t *testing.T) {
},
})
})
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
+
})
}
@@ -224,10 +238,14 @@ func TestCreateOrganization(t *testing.T) {
orgMembers := dbmocks.NewMockOrgMemberStore()
orgMembers.CreateFunc.SetDefaultReturn(&types.OrgMembership{OrgID: mockedOrg.ID, UserID: userID}, nil)
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+
db := dbmocks.NewMockDB()
db.OrgsFunc.SetDefaultReturn(orgs)
db.UsersFunc.SetDefaultReturn(users)
db.OrgMembersFunc.SetDefaultReturn(orgMembers)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
ctx := actor.WithActor(context.Background(), &actor.Actor{UID: userID})
@@ -253,6 +271,7 @@ func TestCreateOrganization(t *testing.T) {
"name": "acme",
},
})
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
})
t.Run("Fails for unauthenticated user", func(t *testing.T) {
@@ -335,11 +354,15 @@ func TestAddOrganizationMember(t *testing.T) {
permssync.MockSchedulePermsSync = func(_ context.Context, logger log.Logger, _ database.DB, _ permssync.ScheduleSyncOpts) {}
defer func() { permssync.MockSchedulePermsSync = nil }()
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+
db := dbmocks.NewMockDB()
db.OrgsFunc.SetDefaultReturn(orgs)
db.UsersFunc.SetDefaultReturn(users)
db.OrgMembersFunc.SetDefaultReturn(orgMembers)
db.FeatureFlagsFunc.SetDefaultReturn(featureFlags)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
ctx := actor.WithActor(context.Background(), &actor.Actor{UID: 1})
diff --git a/cmd/frontend/graphqlbackend/orgs.go b/cmd/frontend/graphqlbackend/orgs.go
index cde0de69c581..807518b91f59 100644
--- a/cmd/frontend/graphqlbackend/orgs.go
+++ b/cmd/frontend/graphqlbackend/orgs.go
@@ -8,7 +8,6 @@ import (
"github.com/sourcegraph/sourcegraph/internal/actor"
"github.com/sourcegraph/sourcegraph/internal/auth"
"github.com/sourcegraph/sourcegraph/internal/database"
- "github.com/sourcegraph/sourcegraph/internal/featureflag"
"github.com/sourcegraph/sourcegraph/internal/gqlutil"
)
@@ -47,14 +46,13 @@ func (r *orgConnectionResolver) Nodes(ctx context.Context) ([]*OrgResolver, erro
org: org,
})
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log an event when listing organizations.
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgListViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil {
- logger.Error(err)
+ // Log an event when listing organizations.
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgListViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil {
+ logger.Error(err)
- }
}
+
return l, nil
}
diff --git a/cmd/frontend/graphqlbackend/orgs_test.go b/cmd/frontend/graphqlbackend/orgs_test.go
index e58a52c19b7a..1d2cafdb44e2 100644
--- a/cmd/frontend/graphqlbackend/orgs_test.go
+++ b/cmd/frontend/graphqlbackend/orgs_test.go
@@ -3,6 +3,8 @@ package graphqlbackend
import (
"testing"
+ mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require"
+
"github.com/sourcegraph/sourcegraph/internal/database/dbmocks"
"github.com/sourcegraph/sourcegraph/internal/types"
)
@@ -19,6 +21,10 @@ func TestOrgs(t *testing.T) {
db.UsersFunc.SetDefaultReturn(users)
db.OrgsFunc.SetDefaultReturn(orgs)
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
+
RunTests(t, []*Test{
{
Schema: mustParseGraphQLSchema(t, db),
@@ -47,4 +53,5 @@ func TestOrgs(t *testing.T) {
`,
},
})
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
}
diff --git a/cmd/frontend/graphqlbackend/outbound_requests.go b/cmd/frontend/graphqlbackend/outbound_requests.go
index 8b2416fd8c00..a0220e946289 100644
--- a/cmd/frontend/graphqlbackend/outbound_requests.go
+++ b/cmd/frontend/graphqlbackend/outbound_requests.go
@@ -13,7 +13,6 @@ import (
"github.com/sourcegraph/sourcegraph/internal/actor"
"github.com/sourcegraph/sourcegraph/internal/auth"
"github.com/sourcegraph/sourcegraph/internal/database"
- "github.com/sourcegraph/sourcegraph/internal/featureflag"
"github.com/sourcegraph/sourcegraph/internal/gqlutil"
"github.com/sourcegraph/sourcegraph/internal/httpcli"
"github.com/sourcegraph/sourcegraph/internal/types"
@@ -64,13 +63,11 @@ func (r *schemaResolver) OutboundRequests(ctx context.Context, args *outboundReq
after = ""
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
-
- // Log an even when Outbound requests are viewed
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil {
- r.logger.Warn("Error logging security event", log.Error(err))
- }
+ // Log an even when Outbound requests are viewed
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil {
+ r.logger.Warn("Error logging security event", log.Error(err))
}
+
return &outboundRequestConnectionResolver{
first: args.First,
after: after,
@@ -89,13 +86,11 @@ func (r *schemaResolver) outboundRequestByID(ctx context.Context, id graphql.ID)
return nil, err
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
-
- // Log an even when Outbound requests are viewed
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", graphql.ID(key)); err != nil {
- r.logger.Warn("Error logging security event", log.Error(err))
- }
+ // Log an even when Outbound requests are viewed
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", graphql.ID(key)); err != nil {
+ r.logger.Warn("Error logging security event", log.Error(err))
}
+
item, _ := httpcli.GetOutboundRequestLogItem(key)
return &OutboundRequestResolver{req: item}, nil
}
diff --git a/cmd/frontend/graphqlbackend/site.go b/cmd/frontend/graphqlbackend/site.go
index e91a857d1894..7ae5c701665e 100644
--- a/cmd/frontend/graphqlbackend/site.go
+++ b/cmd/frontend/graphqlbackend/site.go
@@ -30,7 +30,6 @@ import (
"github.com/sourcegraph/sourcegraph/internal/database/migration/schemas"
"github.com/sourcegraph/sourcegraph/internal/dotcom"
"github.com/sourcegraph/sourcegraph/internal/env"
- "github.com/sourcegraph/sourcegraph/internal/featureflag"
"github.com/sourcegraph/sourcegraph/internal/gqlutil"
"github.com/sourcegraph/sourcegraph/internal/insights"
"github.com/sourcegraph/sourcegraph/internal/lazyregexp"
@@ -111,23 +110,19 @@ func (r *siteResolver) Configuration(ctx context.Context, args *SiteConfiguratio
// The only way a non-admin can access this field is when `returnSafeConfigsOnly`
// is set to true.
if returnSafeConfigsOnly {
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log an event when site config is viewed by non-admin user.
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigRedactedViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil {
- r.logger.Warn("Error logging security event", log.Error(err))
- }
+ // Log an event when site config is viewed by non-admin user.
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigRedactedViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil {
+ r.logger.Warn("Error logging security event", log.Error(err))
}
+
return &siteConfigurationResolver{db: r.db, returnSafeConfigsOnly: returnSafeConfigsOnly}, nil
}
return nil, err
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
-
- // Log an event when site config is viewed by admin user.
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil {
- r.logger.Warn("Error logging security event", log.Error(err))
- }
+ // Log an event when site config is viewed by admin user.
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil {
+ r.logger.Warn("Error logging security event", log.Error(err))
}
return &siteConfigurationResolver{db: r.db, returnSafeConfigsOnly: returnSafeConfigsOnly}, nil
}
@@ -339,13 +334,11 @@ func (r *schemaResolver) UpdateSiteConfiguration(ctx context.Context, args *stru
return false, err
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
-
- // Log an event when site config is updated
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil {
- r.logger.Warn("Error logging security event", log.Error(err))
- }
+ // Log an event when site config is updated
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil {
+ r.logger.Warn("Error logging security event", log.Error(err))
}
+
return r.configurationServer.NeedServerRestart(), nil
}
diff --git a/cmd/frontend/graphqlbackend/site_test.go b/cmd/frontend/graphqlbackend/site_test.go
index 3fb88bfeffe8..99cbc9034d3f 100644
--- a/cmd/frontend/graphqlbackend/site_test.go
+++ b/cmd/frontend/graphqlbackend/site_test.go
@@ -5,6 +5,7 @@ import (
"sort"
"testing"
+ mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
"github.com/hexops/autogold/v2"
@@ -30,6 +31,9 @@ func TestSiteConfiguration(t *testing.T) {
users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{}, nil)
db := dbmocks.NewMockDB()
db.UsersFunc.SetDefaultReturn(users)
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
ctx := actor.WithActor(context.Background(), &actor.Actor{UID: 1})
_, err := newSchemaResolver(db, gitserver.NewTestClient(t), nil).Site().Configuration(ctx, &SiteConfigurationArgs{
@@ -39,6 +43,8 @@ func TestSiteConfiguration(t *testing.T) {
if err == nil || !errors.Is(err, auth.ErrMustBeSiteAdmin) {
t.Fatalf("err: want %q but got %v", auth.ErrMustBeSiteAdmin, err)
}
+ //Log functions is not called since non-admin user will not get the site config when ReturnSafeConfigsOnly is false
+ mockrequire.CalledN(t, securityLogEvents.LogSecurityEventFunc, 0)
})
t.Run("ReturnSafeConfigsOnly is true", func(t *testing.T) {
@@ -46,6 +52,9 @@ func TestSiteConfiguration(t *testing.T) {
users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{}, nil)
db := dbmocks.NewMockDB()
db.UsersFunc.SetDefaultReturn(users)
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
ctx := actor.WithActor(context.Background(), &actor.Actor{UID: 1})
r, err := newSchemaResolver(db, gitserver.NewTestClient(t), nil).Site().Configuration(ctx, &SiteConfigurationArgs{
@@ -75,6 +84,8 @@ func TestSiteConfiguration(t *testing.T) {
if err != nil {
t.Fatalf("err: want nil but got %v", err)
}
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
+
})
})
@@ -97,7 +108,9 @@ func TestSiteConfiguration(t *testing.T) {
db := dbmocks.NewMockDB()
db.UsersFunc.SetDefaultReturn(users)
db.ConfFunc.SetDefaultReturn(conf)
-
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
ctx := actor.WithActor(context.Background(), &actor.Actor{UID: 1})
t.Run("ReturnSafeConfigsOnly is false", func(t *testing.T) {
@@ -160,7 +173,10 @@ func TestSiteConfiguration(t *testing.T) {
t.Fatalf("err: want nil but got %v", err)
}
})
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
+
})
+
}
func TestSiteConfigurationHistory(t *testing.T) {
diff --git a/cmd/frontend/graphqlbackend/user.go b/cmd/frontend/graphqlbackend/user.go
index 2e33a33dd297..a1b5cd4a70da 100644
--- a/cmd/frontend/graphqlbackend/user.go
+++ b/cmd/frontend/graphqlbackend/user.go
@@ -21,7 +21,6 @@ import (
"github.com/sourcegraph/sourcegraph/internal/database"
"github.com/sourcegraph/sourcegraph/internal/dotcom"
"github.com/sourcegraph/sourcegraph/internal/errcode"
- "github.com/sourcegraph/sourcegraph/internal/featureflag"
"github.com/sourcegraph/sourcegraph/internal/gqlutil"
"github.com/sourcegraph/sourcegraph/internal/types"
"github.com/sourcegraph/sourcegraph/lib/errors"
@@ -488,12 +487,12 @@ func (r *schemaResolver) UpdateUser(ctx context.Context, args *updateUserArgs) (
if err := r.db.Users().Update(ctx, userID, update); err != nil {
return nil, err
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log an event when a user account is modified/updated
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameAccountModified, "", uint32(userID), "", "BACKEND", args); err != nil {
- r.logger.Error("Error logging security event", log.Error(err))
- }
+
+ // Log an event when a user account is modified/updated
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameAccountModified, "", uint32(userID), "", "BACKEND", args); err != nil {
+ r.logger.Error("Error logging security event", log.Error(err))
}
+
return UserByIDInt32(ctx, r.db, userID)
}
@@ -875,11 +874,10 @@ func (r *schemaResolver) SetUserCompletionsQuota(ctx context.Context, args SetUs
log.Int("targetUserID", int(user.ID)),
log.Intp("oldQuota", oldQuota),
log.Intp("newQuota", newQuota))
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil {
- r.logger.Error("Error logging security event", log.Error(err))
- }
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil {
+ r.logger.Error("Error logging security event", log.Error(err))
}
+
return UserByIDInt32(ctx, r.db, user.ID)
}
@@ -917,13 +915,12 @@ func (r *schemaResolver) SetUserCodeCompletionsQuota(ctx context.Context, args S
if err := r.db.Users().SetCodeCompletionsQuota(ctx, user.ID, quota); err != nil {
return nil, err
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log an event when user's code completions quota is updated
- if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCodeCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil {
- r.logger.Error("Error logging security event", log.Error(err))
- }
+ // Log an event when user's code completions quota is updated
+ if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCodeCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil {
+ r.logger.Error("Error logging security event", log.Error(err))
}
+
return UserByIDInt32(ctx, r.db, user.ID)
}
diff --git a/cmd/frontend/graphqlbackend/user_emails_test.go b/cmd/frontend/graphqlbackend/user_emails_test.go
index dd52323802bb..2f388b843ae9 100644
--- a/cmd/frontend/graphqlbackend/user_emails_test.go
+++ b/cmd/frontend/graphqlbackend/user_emails_test.go
@@ -253,6 +253,10 @@ func TestSetUserEmailVerified(t *testing.T) {
db.UserExternalAccountsFunc.SetDefaultReturn(userExternalAccounts)
db.SubRepoPermsFunc.SetDefaultReturn(dbmocks.NewMockSubRepoPermsStore())
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
+
RunTests(t, test.gqlTests(db))
if test.expectCalledGrantPendingPermissions {
@@ -260,6 +264,7 @@ func TestSetUserEmailVerified(t *testing.T) {
} else {
mockrequire.NotCalled(t, authz.GrantPendingPermissionsFunc)
}
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
})
}
}
diff --git a/cmd/frontend/graphqlbackend/user_test.go b/cmd/frontend/graphqlbackend/user_test.go
index a0f087628fdd..d4a5e51fe31a 100644
--- a/cmd/frontend/graphqlbackend/user_test.go
+++ b/cmd/frontend/graphqlbackend/user_test.go
@@ -7,6 +7,7 @@ import (
"strings"
"testing"
+ mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require"
gqlerrors "github.com/graph-gophers/graphql-go/errors"
"github.com/stretchr/testify/assert"
@@ -459,7 +460,9 @@ func TestUpdateUser(t *testing.T) {
users.GetByCurrentAuthUserFunc.SetDefaultReturn(mockUser, nil)
users.UpdateFunc.SetDefaultReturn(nil)
db.UsersFunc.SetDefaultReturn(users)
-
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
RunTests(t, []*Test{
{
Context: actor.WithActor(context.Background(), &actor.Actor{UID: 1}),
@@ -486,6 +489,7 @@ func TestUpdateUser(t *testing.T) {
`,
},
})
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
})
t.Run("scim controlled user cannot change display or username", func(t *testing.T) {
@@ -907,6 +911,11 @@ func TestSchema_SetUserCompletionsQuota(t *testing.T) {
users.GetByCurrentAuthUserFunc.SetDefaultReturn(mockUser, nil)
users.UpdateFunc.SetDefaultReturn(nil)
db.UsersFunc.SetDefaultReturn(users)
+
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
+
var quota *int
users.SetChatCompletionsQuotaFunc.SetDefaultHook(func(ctx context.Context, i1 int32, i2 *int) error {
quota = i2
@@ -941,6 +950,7 @@ func TestSchema_SetUserCompletionsQuota(t *testing.T) {
`,
},
})
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
})
}
@@ -983,6 +993,11 @@ func TestSchema_SetUserCodeCompletionsQuota(t *testing.T) {
users.GetByCurrentAuthUserFunc.SetDefaultReturn(mockUser, nil)
users.UpdateFunc.SetDefaultReturn(nil)
db.UsersFunc.SetDefaultReturn(users)
+
+ securityLogEvents := dbmocks.NewMockSecurityEventLogsStore()
+ securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil)
+ db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents)
+
var quota *int
users.SetCodeCompletionsQuotaFunc.SetDefaultHook(func(ctx context.Context, i1 int32, i2 *int) error {
quota = i2
@@ -1017,6 +1032,7 @@ func TestSchema_SetUserCodeCompletionsQuota(t *testing.T) {
`,
},
})
+ mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc)
})
}
diff --git a/cmd/frontend/internal/backend/BUILD.bazel b/cmd/frontend/internal/backend/BUILD.bazel
index 03330f85fdef..f26fc158e1d1 100644
--- a/cmd/frontend/internal/backend/BUILD.bazel
+++ b/cmd/frontend/internal/backend/BUILD.bazel
@@ -45,7 +45,6 @@ go_library(
"//internal/extsvc/github",
"//internal/extsvc/gitlab",
"//internal/extsvc/gitolite",
- "//internal/featureflag",
"//internal/gitserver",
"//internal/gitserver/gitdomain",
"//internal/httpcli",
diff --git a/cmd/frontend/internal/backend/user_emails.go b/cmd/frontend/internal/backend/user_emails.go
index b0542e556d4b..5119ea6989b0 100644
--- a/cmd/frontend/internal/backend/user_emails.go
+++ b/cmd/frontend/internal/backend/user_emails.go
@@ -19,7 +19,6 @@ import (
"github.com/sourcegraph/sourcegraph/internal/dotcom"
"github.com/sourcegraph/sourcegraph/internal/errcode"
"github.com/sourcegraph/sourcegraph/internal/extsvc"
- "github.com/sourcegraph/sourcegraph/internal/featureflag"
"github.com/sourcegraph/sourcegraph/internal/txemail"
"github.com/sourcegraph/sourcegraph/internal/txemail/txtypes"
"github.com/sourcegraph/sourcegraph/internal/types"
@@ -92,19 +91,16 @@ func (e *userEmails) Add(ctx context.Context, userID int32, email string) error
return err
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- arguments := struct {
- UserID int32 `json:"UserID"`
- Email string `json:"email"`
- }{
- UserID: userID,
- Email: email,
- }
- // Log action of new email being added to user profile
- if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailAdded, "", uint32(userID), "", "BACKEND", arguments); err != nil {
- logger.Warn("Error logging security event", log.Error(err))
- }
-
+ arguments := struct {
+ UserID int32 `json:"UserID"`
+ Email string `json:"email"`
+ }{
+ UserID: userID,
+ Email: email,
+ }
+ // Log action of new email being added to user profile
+ if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailAdded, "", uint32(userID), "", "BACKEND", arguments); err != nil {
+ logger.Warn("Error logging security event", log.Error(err))
}
if conf.EmailVerificationRequired() {
@@ -147,21 +143,20 @@ func (e *userEmails) Remove(ctx context.Context, userID int32, email string) err
if err := tx.UserEmails().Remove(ctx, userID, email); err != nil {
return errors.Wrap(err, "removing user e-mail")
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- arguments := struct {
- UserID int32 `json:"UserID"`
- Email string `json:"email"`
- }{
- UserID: userID,
- Email: email,
- }
- // Log action of email being removed from user profile
- if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailRemoved, "", uint32(userID), "", "BACKEND", arguments); err != nil {
- logger.Warn("Error logging security event", log.Error(err))
- }
+ arguments := struct {
+ UserID int32 `json:"UserID"`
+ Email string `json:"email"`
+ }{
+ UserID: userID,
+ Email: email,
+ }
+ // Log action of email being removed from user profile
+ if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailRemoved, "", uint32(userID), "", "BACKEND", arguments); err != nil {
+ logger.Warn("Error logging security event", log.Error(err))
}
+
// 🚨 SECURITY: If an email is removed, invalidate any existing password reset
// tokens that may have been sent to that email.
if err := tx.Users().DeletePasswordResetCode(ctx, userID); err != nil {
@@ -263,13 +258,12 @@ func (e *userEmails) SetVerified(ctx context.Context, userID int32, email string
Email: email,
Verified: verified,
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log action of email being verified/unverified
- if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailVerifiedToggle, "", uint32(userID), "", "BACKEND", arguments); err != nil {
- logger.Warn("Error logging security event", log.Error(err))
- }
+ // Log action of email being verified/unverified
+ if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailVerifiedToggle, "", uint32(userID), "", "BACKEND", arguments); err != nil {
+ logger.Warn("Error logging security event", log.Error(err))
}
+
// Eagerly attempt to sync permissions again. This needs to happen _after_ the
// transaction has committed so that it takes into account any changes triggered
// by changes in the verification status of the e-mail.
diff --git a/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go b/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go
index 1dbdcb2c2fae..e6d5dc415af6 100644
--- a/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go
+++ b/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go
@@ -16,7 +16,6 @@ import (
"github.com/sourcegraph/sourcegraph/internal/conf"
"github.com/sourcegraph/sourcegraph/internal/database"
"github.com/sourcegraph/sourcegraph/internal/database/dbutil"
- "github.com/sourcegraph/sourcegraph/internal/featureflag"
"github.com/sourcegraph/sourcegraph/internal/hashutil"
"github.com/sourcegraph/sourcegraph/internal/license"
"github.com/sourcegraph/sourcegraph/internal/slack"
@@ -103,18 +102,16 @@ func (s dbLicenses) Create(ctx context.Context, subscriptionID, licenseKey strin
return "", errors.Wrap(err, "insert")
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- arg := struct {
- SubscriptionID string `json:"subscriptionID"`
- NewUUID uuid.UUID `json:"newUUID"`
- }{
- SubscriptionID: subscriptionID,
- NewUUID: newUUID,
- }
- // Log an event when a license is created in DotCom
- if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil {
- logger.Warn("Error logging security event", log.Error(err))
- }
+ arg := struct {
+ SubscriptionID string `json:"subscriptionID"`
+ NewUUID uuid.UUID `json:"newUUID"`
+ }{
+ SubscriptionID: subscriptionID,
+ NewUUID: newUUID,
+ }
+ // Log an event when a license is created in DotCom
+ if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil {
+ logger.Warn("Error logging security event", log.Error(err))
}
postLicenseCreationToSlack(ctx, logger, subscriptionID, version, expiresAt, info)
@@ -390,12 +387,11 @@ ORDER BY created_at DESC
results = append(results, &v)
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log an event when liscense list is viewed in Dotcom
- if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", q.Args()); err != nil {
- logger.Warn("Error logging security event", log.Error(err))
- }
+ // Log an event when liscense list is viewed in Dotcom
+ if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", q.Args()); err != nil {
+ logger.Warn("Error logging security event", log.Error(err))
}
+
return results, nil
}
diff --git a/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go b/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go
index ee24a62d02ca..940502d3b505 100644
--- a/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go
+++ b/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go
@@ -17,7 +17,6 @@ import (
"github.com/sourcegraph/sourcegraph/internal/actor"
"github.com/sourcegraph/sourcegraph/internal/database"
"github.com/sourcegraph/sourcegraph/internal/database/dbutil"
- "github.com/sourcegraph/sourcegraph/internal/featureflag"
"github.com/sourcegraph/sourcegraph/internal/trace"
"github.com/sourcegraph/sourcegraph/lib/errors"
)
@@ -96,12 +95,11 @@ INSERT INTO product_subscriptions(id, user_id, account_number) VALUES($1, $2, $3
).Scan(&id); err != nil {
return "", errors.Wrap(err, "insert")
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log an event when a new subscription is created.
- if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionCreated, "", uint32(userID), "", "BACKEND", newUUID); err != nil {
- logger.Warn("Error logging security event", log.Error(err))
- }
+ // Log an event when a new subscription is created.
+ if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionCreated, "", uint32(userID), "", "BACKEND", newUUID); err != nil {
+ logger.Warn("Error logging security event", log.Error(err))
}
+
return id, nil
}
@@ -152,12 +150,11 @@ func (s dbSubscriptions) List(ctx context.Context, opt dbSubscriptionsListOption
if mocks.subscriptions.List != nil {
return mocks.subscriptions.List(ctx, opt)
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log an event when a list of subscriptions is requested.
- if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionsListed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", opt); err != nil {
- logger.Warn("Error logging security event", log.Error(err))
- }
+ // Log an event when a list of subscriptions is requested.
+ if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionsListed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", opt); err != nil {
+ logger.Warn("Error logging security event", log.Error(err))
}
+
return s.list(ctx, opt.sqlConditions(), opt.LimitOffset)
}
@@ -307,12 +304,11 @@ func (s dbSubscriptions) Update(ctx context.Context, id string, update DBSubscri
if nrows == 0 {
return errSubscriptionNotFound
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log an event when a subscription is updated
- if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil {
- logger.Warn("Error logging security event", log.Error(err))
- }
+ // Log an event when a subscription is updated
+ if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil {
+ logger.Warn("Error logging security event", log.Error(err))
}
+
return nil
}
@@ -338,12 +334,11 @@ func (s dbSubscriptions) Archive(ctx context.Context, id string) error {
if nrows == 0 {
return errSubscriptionNotFound
}
- if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) {
- // Log an event when a subscription is archived
- if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionArchived, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil {
- logger.Warn("Error logging security event", log.Error(err))
- }
+ // Log an event when a subscription is archived
+ if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionArchived, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil {
+ logger.Warn("Error logging security event", log.Error(err))
}
+
return nil
}