Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Security plugin config entries should have a created_at and updated_at timestamp #3079

Closed
cwperks opened this issue Jul 31, 2023 · 6 comments
Closed

[FEATURE] Security plugin config entries should have a created_at and updated_at timestamp #3079

cwperks opened this issue Jul 31, 2023 · 6 comments
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@cwperks
Copy link
Member

cwperks commented Jul 31, 2023
edited
Loading

Is your feature request related to a problem?

Config entries in the security index such as users, roles and roles_mappings have no timestamps associated with them to indicate when the entry was created or when it was most recently modified. When investigating issues, its often helpful to have this contextual information to determine when a change was made to help locate more information about the change. In many frameworks like Ruby on Rails, these timestamps come as a convention to track any objects that get persisted.

Each entry in the security index (i.e. a user or a role) should have these timestamps on the entry. This entry would help a cluster admin identify when a particular user/role/role_mapping/etc. is created or last modified.

What solution would you like?

Add created_at and updated_at timestamps to config entries in the security index.

Example

Each entry, such as this example for user has both of these values

admin:
  hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
  reserved: true
  backend_roles:
  - "admin"
  description: "Demo admin user"
  created_at: 2023‐08‐30T06:05:02Z
  updated_at 2023‐09‐01T08:09:03Z
@cwperks cwperks added enhancement New feature or request untriaged Require the attention of the repository maintainers and may need to be prioritized labels Jul 31, 2023
@stephen-crawford
Copy link
Contributor

[Triage] Hey @cwperks, could you provide some more info as to the action items required for the change? If someone goes to complete the issue, I think we will want them to know how the created_at and updated_at fields are related to the objects you are referring to. For instance, if a user has a role, and then the role is updated, doe the user also get the new updated_at field?

@stephen-crawford stephen-crawford removed the untriaged Require the attention of the repository maintainers and may need to be prioritized label Jul 31, 2023
@stephen-crawford
Copy link
Contributor

[Triage] @cwperks just following-up.

@peternied
Copy link
Member

2 cents - I think adding a setting like this would help cluster operators troubleshoot behavior that might have been due to a config change. Without this change that kind of diagnosis is not possible

@cwperks
Copy link
Member Author

cwperks commented Aug 14, 2023
edited
Loading

@scrawfor99 I think it should be only when that particular config entry was updated. i.e. if a roles_mapping is updated to map the user craig to role custom_role, then it would be the config entry corresponding to the roles_mapping for custom_role that should update its updated_at timestamp.

If the user craig changed their password then I would expect the updated_at timestamp to reflect when the craig internal_user config entry was last updated.

@RyanL1997 RyanL1997 self-assigned this Sep 1, 2023
@peternied
Copy link
Member

@RyanL1997 FYI - I updated the description to include an example for user simaliar to what @cwperks mentioned; consider this as you create a solution

@davidlago davidlago assigned cwperks and unassigned RyanL1997 Sep 6, 2023
@stephen-crawford stephen-crawford added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. labels Sep 18, 2023
@davidlago davidlago added the triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. label Oct 2, 2023
@peternied peternied mentioned this issue Aug 13, 2024
Closed
5 tasks
@cwperks
Copy link
Member Author

cwperks commented Feb 5, 2025

Closing this issue in favor of #5093. In general, it would be useful to know when a particular config entry was last modified.

@cwperks cwperks closed this as completed Feb 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@peternied @davidlago @cwperks @stephen-crawford @RyanL1997