Skip to content

Add stable GetAuditLog API with stable cursor pagination#11321

Merged
sluongng merged 2 commits intomasterfrom
sluongng/stable-audit-log-api
Mar 18, 2026
Merged

Add stable GetAuditLog API with stable cursor pagination#11321
sluongng merged 2 commits intomasterfrom
sluongng/stable-audit-log-api

Conversation

@sluongng
Copy link
Contributor

@sluongng sluongng commented Feb 12, 2026
edited
Loading

Add api.v1 GetAuditLog RPC, schema wiring, docs, and Bazel test coverage for exporting audit logs.

  • Adds stable time-window querying with start_time / end_time, timestamp validation/defaults, configurable page_size (default 100, max 1000), and exclusive end_time semantics.
  • Uses opaque keyset pagination over end_time_usec, event_time_usec, and audit_log_id, with a tuple boundary predicate and ORDER BY (group_id, event_time_usec, audit_log_id) to match the ClickHouse sort key and avoid same-timestamp pagination ambiguity.
  • Reuses shared audit-log row-to-entry conversion and filtering helpers so the stable API output matches existing audit-log redaction and formatting behavior.
  • Documents access via org API key types: Audit log reader key (recommended) or Org admin key. The current implementation exports the authenticated effective organization scope (group_id = user.GetGroupID()).
  • Adds a dedicated ClickHouse-backed //enterprise/server/api:auditlog_test target so the audit-log test runs correctly under Bazel with BuildBuddy RBE enabled.
  • Follow-up: a future PR will add explicit group_id selection so callers can retrieve logs for another organization they are authorized to access.

Part of https://github.com/buildbuddy-io/buildbuddy-internal/issues/4844

vadimberezniker
vadimberezniker reviewed Feb 20, 2026
View reviewed changes
@sluongng
Copy link
Contributor Author

sluongng commented Feb 25, 2026
edited
Loading

Edit: my AI posted a slop comment 😮‍💨

Gona fix it

@sluongng sluongng force-pushed the sluongng/stable-audit-log-api branch 4 times, most recently from 4d2ebef to 2230efa Compare February 25, 2026 11:00
@sluongng sluongng marked this pull request as ready for review February 25, 2026 12:11
@sluongng
Copy link
Contributor Author

sluongng commented Feb 25, 2026

Ok I updated the doc a little bit to recommend the key type required for this api/rpc. PTAL

vadimberezniker
vadimberezniker approved these changes Feb 27, 2026
View reviewed changes
@sluongng sluongng force-pushed the sluongng/stable-audit-log-api branch from 2230efa to ef9f616 Compare February 27, 2026 14:40
bduffany
bduffany approved these changes Mar 2, 2026
View reviewed changes
@sluongng sluongng force-pushed the sluongng/stable-audit-log-api branch 2 times, most recently from e0f839e to 8236475 Compare March 12, 2026 09:28
@sluongng
Copy link
Contributor Author

sluongng commented Mar 12, 2026

Codex review caught an issue where end_time is also needed in auditLogPageToken to ensure the edge entries don't jump from one page to another in extreme cases.

So I added that as a separate commit for easier review.
Please give the PR another read before I hit merge @vadimberezniker @bduffany 🙏

Then we need a Part 2 to add parent-child support.

bduffany
bduffany reviewed Mar 17, 2026
View reviewed changes
@sluongng
Add stable GetAuditLog API with keyset pagination
c65d998 
Add api.v1 GetAuditLog RPC, schema wiring, and docs for exporting the
authenticated organization's audit logs.

Compared to enterprise/server/auditlog.Logger.GetLogs, this endpoint adds
stable time-window querying (start_time/end_time) with timestamp
validation/defaults, configurable page_size (default 100, max 1000), and
exclusive end_time semantics.

Unlike GetLogs timestamp-only pagination, this API uses an opaque keyset
cursor over (end_time_usec, event_time_usec, audit_log_id), a tuple boundary
predicate, and ORDER BY (group_id, event_time_usec, audit_log_id) to match the
ClickHouse sort key and avoid same-timestamp pagination ambiguity.

The API also reuses shared auditlog row-to-entry conversion and filtering
helpers so stable responses match existing enterprise audit-log
redaction/formatting behavior.
@sluongng sluongng force-pushed the sluongng/stable-audit-log-api branch from 8236475 to c65d998 Compare March 18, 2026 08:04
@sluongng sluongng merged commit 6a2effd into master Mar 18, 2026
13 of 16 checks passed
@sluongng sluongng deleted the sluongng/stable-audit-log-api branch March 18, 2026 08:59
@sluongng
Copy link
Contributor Author

sluongng commented Mar 18, 2026

Switch to use # gazelle:go_test file directive to split the new ClickHouse test to a separate target. I expect to add more in there in the next PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bduffany bduffany bduffany approved these changes

@vadimberezniker vadimberezniker vadimberezniker approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sluongng @vadimberezniker @bduffany