diff --git a/client/web/src/featureFlags/featureFlags.ts b/client/web/src/featureFlags/featureFlags.ts index bd1a77e39f73..d3d3dc2ce234 100644 --- a/client/web/src/featureFlags/featureFlags.ts +++ b/client/web/src/featureFlags/featureFlags.ts @@ -6,7 +6,6 @@ import type { OrgFeatureFlagOverridesResult, OrgFeatureFlagOverridesVariables } export const FEATURE_FLAGS = [ 'admin-analytics-cache-disabled', 'admin-onboarding', - 'auditlog-expansion', 'blob-page-switch-areas-shortcuts', 'cody-chat-mock-test', 'contrast-compliant-syntax-highlighting', diff --git a/cmd/frontend/graphqlbackend/external_services.go b/cmd/frontend/graphqlbackend/external_services.go index 4db6d34f8eb9..49d2181c1cca 100644 --- a/cmd/frontend/graphqlbackend/external_services.go +++ b/cmd/frontend/graphqlbackend/external_services.go @@ -22,7 +22,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/conf" "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/extsvc" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/gqlutil" "github.com/sourcegraph/sourcegraph/internal/repos" "github.com/sourcegraph/sourcegraph/internal/repoupdater" @@ -80,22 +79,20 @@ func (r *schemaResolver) AddExternalService(ctx context.Context, args *addExtern return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - - arg := struct { - Kind string - DisplayName string - Namespace *graphql.ID - }{ - Kind: args.Input.Kind, - DisplayName: args.Input.DisplayName, - Namespace: args.Input.Namespace, - } - // Log action of Code Host Connection being added - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionAdded, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + arg := struct { + Kind string + DisplayName string + Namespace *graphql.ID + }{ + Kind: args.Input.Kind, + DisplayName: args.Input.DisplayName, + Namespace: args.Input.Namespace, + } + // Log action of Code Host Connection being added + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionAdded, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + // Now, schedule the external service for syncing immediately. s := repos.NewStore(r.logger, r.db) err = s.EnqueueSingleSyncJob(ctx, externalService.ID) @@ -196,26 +193,24 @@ func (r *schemaResolver) UpdateExternalService(ctx context.Context, args *update logger.Warn("Failed to get new redacted config", log.Error(err)) } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - arg := struct { - ID graphql.ID - DisplayName *string - UpdaterID *int32 - PrevConfig string - LatestConfig *string - }{ - ID: args.Input.ID, - DisplayName: args.Input.DisplayName, - UpdaterID: &userID, - PrevConfig: prevConfig, - LatestConfig: &latestConfig, - } - // Log action of Code Host Connection being updated - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } - + arg := struct { + ID graphql.ID + DisplayName *string + UpdaterID *int32 + PrevConfig string + LatestConfig *string + }{ + ID: args.Input.ID, + DisplayName: args.Input.DisplayName, + UpdaterID: &userID, + PrevConfig: prevConfig, + LatestConfig: &latestConfig, + } + // Log action of Code Host Connection being updated + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + // Now, schedule the external service for syncing immediately. s := repos.NewStore(r.logger, r.db) err = s.EnqueueSingleSyncJob(ctx, es.ID) @@ -344,19 +339,18 @@ func (r *schemaResolver) DeleteExternalService(ctx context.Context, args *delete } } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - arguments := struct { - GraphQLID graphql.ID `json:"GraphQL ID"` - ExternalServiceID int64 `json:"External Service ID"` - }{ - GraphQLID: args.ExternalService, - ExternalServiceID: id, - } - // Log action of Code Host Connection being deleted - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionDeleted, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arguments); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + arguments := struct { + GraphQLID graphql.ID `json:"GraphQL ID"` + ExternalServiceID int64 `json:"External Service ID"` + }{ + GraphQLID: args.ExternalService, + ExternalServiceID: id, + } + // Log action of Code Host Connection being deleted + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionDeleted, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arguments); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + return &EmptyResponse{}, nil } diff --git a/cmd/frontend/graphqlbackend/external_services_test.go b/cmd/frontend/graphqlbackend/external_services_test.go index cfe239ac5a52..2494e43f233f 100644 --- a/cmd/frontend/graphqlbackend/external_services_test.go +++ b/cmd/frontend/graphqlbackend/external_services_test.go @@ -7,6 +7,7 @@ import ( "testing" "time" + mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require" "github.com/google/go-cmp/cmp" "github.com/graph-gophers/graphql-go" gqlerrors "github.com/graph-gophers/graphql-go/errors" @@ -68,6 +69,9 @@ func TestAddExternalService(t *testing.T) { db.UsersFunc.SetDefaultReturn(users) db.ExternalServicesFunc.SetDefaultReturn(externalServices) db.HandleFunc.SetDefaultReturn(&handle{db}) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) RunTests(t, []*Test{ { @@ -96,6 +100,7 @@ func TestAddExternalService(t *testing.T) { `, }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) } func TestUpdateExternalService(t *testing.T) { @@ -203,6 +208,10 @@ func TestUpdateExternalService(t *testing.T) { es := backend.NewStrictMockExternalServicesService() es.ValidateConnectionFunc.SetDefaultReturn(nil) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) + mockExternalServicesService = es t.Cleanup(func() { mockExternalServicesService = nil }) @@ -231,6 +240,7 @@ func TestUpdateExternalService(t *testing.T) { `, Context: actor.WithActor(context.Background(), &actor.Actor{UID: 1}), }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) } func TestExcludeRepoFromExternalServices_ExternalServiceDoesntSupportRepoExclusion(t *testing.T) { @@ -566,6 +576,9 @@ func TestDeleteExternalService(t *testing.T) { db := dbmocks.NewMockDB() db.UsersFunc.SetDefaultReturn(users) db.ExternalServicesFunc.SetDefaultReturn(externalServices) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) RunTests(t, []*Test{ { @@ -587,6 +600,7 @@ func TestDeleteExternalService(t *testing.T) { Context: actor.WithActor(context.Background(), &actor.Actor{UID: 1}), }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) } func TestExternalServicesResolver(t *testing.T) { diff --git a/cmd/frontend/graphqlbackend/org.go b/cmd/frontend/graphqlbackend/org.go index 7139994a49dd..6a4a593868e3 100644 --- a/cmd/frontend/graphqlbackend/org.go +++ b/cmd/frontend/graphqlbackend/org.go @@ -15,7 +15,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/dotcom" "github.com/sourcegraph/sourcegraph/internal/errcode" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/gqlutil" "github.com/sourcegraph/sourcegraph/internal/types" "github.com/sourcegraph/sourcegraph/lib/errors" @@ -27,11 +26,9 @@ func (r *schemaResolver) Organization(ctx context.Context, args struct{ Name str return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log action for siteadmin viewing an organization's details - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + // Log action for siteadmin viewing an organization's details + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } return &OrgResolver{db: r.db, org: org}, nil @@ -272,12 +269,10 @@ func (r *schemaResolver) CreateOrganization(ctx context.Context, args *struct { return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log an event when a new organization being created - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) + // Log an event when a new organization being created + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) - } } // Add the current user as the first member of the new org. @@ -310,13 +305,12 @@ func (r *schemaResolver) UpdateOrganization(ctx context.Context, args *struct { return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log an event when organization settings are updated - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) + // Log an event when organization settings are updated + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) - } } + return &OrgResolver{db: r.db, org: updatedOrg}, nil } diff --git a/cmd/frontend/graphqlbackend/org_test.go b/cmd/frontend/graphqlbackend/org_test.go index c8f77a1cf6a6..4c151da725d2 100644 --- a/cmd/frontend/graphqlbackend/org_test.go +++ b/cmd/frontend/graphqlbackend/org_test.go @@ -6,6 +6,7 @@ import ( "strconv" "testing" + mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require" gqlerrors "github.com/graph-gophers/graphql-go/errors" "github.com/graph-gophers/graphql-go/relay" "github.com/stretchr/testify/assert" @@ -38,10 +39,14 @@ func TestOrganization(t *testing.T) { orgs.GetByNameFunc.SetDefaultReturn(&mockedOrg, nil) orgs.GetByIDFunc.SetDefaultReturn(&mockedOrg, nil) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db := dbmocks.NewMockDB() db.OrgsFunc.SetDefaultReturn(orgs) db.UsersFunc.SetDefaultReturn(users) db.OrgMembersFunc.SetDefaultReturn(orgMembers) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) t.Run("can access organizations", func(t *testing.T) { RunTests(t, []*Test{ @@ -64,6 +69,8 @@ func TestOrganization(t *testing.T) { }, }) }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) + } func TestOrganizationMembers(t *testing.T) { @@ -85,10 +92,14 @@ func TestOrganizationMembers(t *testing.T) { mockedOrg := types.Org{ID: 1, Name: "acme"} orgs.GetByNameFunc.SetDefaultReturn(&mockedOrg, nil) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db := dbmocks.NewMockDB() db.OrgsFunc.SetDefaultReturn(orgs) db.UsersFunc.SetDefaultReturn(users) db.OrgMembersFunc.SetDefaultReturn(orgMembers) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) t.Run("org members can list members", func(t *testing.T) { users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{Username: "alice", ID: 1}, nil) @@ -120,6 +131,7 @@ func TestOrganizationMembers(t *testing.T) { }) }) } + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) }) t.Run("non-members", func(t *testing.T) { @@ -208,6 +220,8 @@ func TestOrganizationMembers(t *testing.T) { }, }) }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) + }) } @@ -224,10 +238,14 @@ func TestCreateOrganization(t *testing.T) { orgMembers := dbmocks.NewMockOrgMemberStore() orgMembers.CreateFunc.SetDefaultReturn(&types.OrgMembership{OrgID: mockedOrg.ID, UserID: userID}, nil) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db := dbmocks.NewMockDB() db.OrgsFunc.SetDefaultReturn(orgs) db.UsersFunc.SetDefaultReturn(users) db.OrgMembersFunc.SetDefaultReturn(orgMembers) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) ctx := actor.WithActor(context.Background(), &actor.Actor{UID: userID}) @@ -253,6 +271,7 @@ func TestCreateOrganization(t *testing.T) { "name": "acme", }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) }) t.Run("Fails for unauthenticated user", func(t *testing.T) { @@ -335,11 +354,15 @@ func TestAddOrganizationMember(t *testing.T) { permssync.MockSchedulePermsSync = func(_ context.Context, logger log.Logger, _ database.DB, _ permssync.ScheduleSyncOpts) {} defer func() { permssync.MockSchedulePermsSync = nil }() + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db := dbmocks.NewMockDB() db.OrgsFunc.SetDefaultReturn(orgs) db.UsersFunc.SetDefaultReturn(users) db.OrgMembersFunc.SetDefaultReturn(orgMembers) db.FeatureFlagsFunc.SetDefaultReturn(featureFlags) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) ctx := actor.WithActor(context.Background(), &actor.Actor{UID: 1}) diff --git a/cmd/frontend/graphqlbackend/orgs.go b/cmd/frontend/graphqlbackend/orgs.go index cde0de69c581..807518b91f59 100644 --- a/cmd/frontend/graphqlbackend/orgs.go +++ b/cmd/frontend/graphqlbackend/orgs.go @@ -8,7 +8,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/actor" "github.com/sourcegraph/sourcegraph/internal/auth" "github.com/sourcegraph/sourcegraph/internal/database" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/gqlutil" ) @@ -47,14 +46,13 @@ func (r *orgConnectionResolver) Nodes(ctx context.Context) ([]*OrgResolver, erro org: org, }) } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log an event when listing organizations. - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgListViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { - logger.Error(err) + // Log an event when listing organizations. + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgListViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { + logger.Error(err) - } } + return l, nil } diff --git a/cmd/frontend/graphqlbackend/orgs_test.go b/cmd/frontend/graphqlbackend/orgs_test.go index e58a52c19b7a..1d2cafdb44e2 100644 --- a/cmd/frontend/graphqlbackend/orgs_test.go +++ b/cmd/frontend/graphqlbackend/orgs_test.go @@ -3,6 +3,8 @@ package graphqlbackend import ( "testing" + mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require" + "github.com/sourcegraph/sourcegraph/internal/database/dbmocks" "github.com/sourcegraph/sourcegraph/internal/types" ) @@ -19,6 +21,10 @@ func TestOrgs(t *testing.T) { db.UsersFunc.SetDefaultReturn(users) db.OrgsFunc.SetDefaultReturn(orgs) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) + RunTests(t, []*Test{ { Schema: mustParseGraphQLSchema(t, db), @@ -47,4 +53,5 @@ func TestOrgs(t *testing.T) { `, }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) } diff --git a/cmd/frontend/graphqlbackend/outbound_requests.go b/cmd/frontend/graphqlbackend/outbound_requests.go index 8b2416fd8c00..a0220e946289 100644 --- a/cmd/frontend/graphqlbackend/outbound_requests.go +++ b/cmd/frontend/graphqlbackend/outbound_requests.go @@ -13,7 +13,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/actor" "github.com/sourcegraph/sourcegraph/internal/auth" "github.com/sourcegraph/sourcegraph/internal/database" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/gqlutil" "github.com/sourcegraph/sourcegraph/internal/httpcli" "github.com/sourcegraph/sourcegraph/internal/types" @@ -64,13 +63,11 @@ func (r *schemaResolver) OutboundRequests(ctx context.Context, args *outboundReq after = "" } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - - // Log an even when Outbound requests are viewed - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + // Log an even when Outbound requests are viewed + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + return &outboundRequestConnectionResolver{ first: args.First, after: after, @@ -89,13 +86,11 @@ func (r *schemaResolver) outboundRequestByID(ctx context.Context, id graphql.ID) return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - - // Log an even when Outbound requests are viewed - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", graphql.ID(key)); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + // Log an even when Outbound requests are viewed + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", graphql.ID(key)); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + item, _ := httpcli.GetOutboundRequestLogItem(key) return &OutboundRequestResolver{req: item}, nil } diff --git a/cmd/frontend/graphqlbackend/site.go b/cmd/frontend/graphqlbackend/site.go index e91a857d1894..7ae5c701665e 100644 --- a/cmd/frontend/graphqlbackend/site.go +++ b/cmd/frontend/graphqlbackend/site.go @@ -30,7 +30,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/database/migration/schemas" "github.com/sourcegraph/sourcegraph/internal/dotcom" "github.com/sourcegraph/sourcegraph/internal/env" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/gqlutil" "github.com/sourcegraph/sourcegraph/internal/insights" "github.com/sourcegraph/sourcegraph/internal/lazyregexp" @@ -111,23 +110,19 @@ func (r *siteResolver) Configuration(ctx context.Context, args *SiteConfiguratio // The only way a non-admin can access this field is when `returnSafeConfigsOnly` // is set to true. if returnSafeConfigsOnly { - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log an event when site config is viewed by non-admin user. - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigRedactedViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when site config is viewed by non-admin user. + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigRedactedViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + return &siteConfigurationResolver{db: r.db, returnSafeConfigsOnly: returnSafeConfigsOnly}, nil } return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - - // Log an event when site config is viewed by admin user. - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when site config is viewed by admin user. + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } return &siteConfigurationResolver{db: r.db, returnSafeConfigsOnly: returnSafeConfigsOnly}, nil } @@ -339,13 +334,11 @@ func (r *schemaResolver) UpdateSiteConfiguration(ctx context.Context, args *stru return false, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - - // Log an event when site config is updated - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when site config is updated + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + return r.configurationServer.NeedServerRestart(), nil } diff --git a/cmd/frontend/graphqlbackend/site_test.go b/cmd/frontend/graphqlbackend/site_test.go index 3fb88bfeffe8..99cbc9034d3f 100644 --- a/cmd/frontend/graphqlbackend/site_test.go +++ b/cmd/frontend/graphqlbackend/site_test.go @@ -5,6 +5,7 @@ import ( "sort" "testing" + mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" "github.com/hexops/autogold/v2" @@ -30,6 +31,9 @@ func TestSiteConfiguration(t *testing.T) { users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{}, nil) db := dbmocks.NewMockDB() db.UsersFunc.SetDefaultReturn(users) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) ctx := actor.WithActor(context.Background(), &actor.Actor{UID: 1}) _, err := newSchemaResolver(db, gitserver.NewTestClient(t), nil).Site().Configuration(ctx, &SiteConfigurationArgs{ @@ -39,6 +43,8 @@ func TestSiteConfiguration(t *testing.T) { if err == nil || !errors.Is(err, auth.ErrMustBeSiteAdmin) { t.Fatalf("err: want %q but got %v", auth.ErrMustBeSiteAdmin, err) } + //Log functions is not called since non-admin user will not get the site config when ReturnSafeConfigsOnly is false + mockrequire.CalledN(t, securityLogEvents.LogSecurityEventFunc, 0) }) t.Run("ReturnSafeConfigsOnly is true", func(t *testing.T) { @@ -46,6 +52,9 @@ func TestSiteConfiguration(t *testing.T) { users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{}, nil) db := dbmocks.NewMockDB() db.UsersFunc.SetDefaultReturn(users) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) ctx := actor.WithActor(context.Background(), &actor.Actor{UID: 1}) r, err := newSchemaResolver(db, gitserver.NewTestClient(t), nil).Site().Configuration(ctx, &SiteConfigurationArgs{ @@ -75,6 +84,8 @@ func TestSiteConfiguration(t *testing.T) { if err != nil { t.Fatalf("err: want nil but got %v", err) } + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) + }) }) @@ -97,7 +108,9 @@ func TestSiteConfiguration(t *testing.T) { db := dbmocks.NewMockDB() db.UsersFunc.SetDefaultReturn(users) db.ConfFunc.SetDefaultReturn(conf) - + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) ctx := actor.WithActor(context.Background(), &actor.Actor{UID: 1}) t.Run("ReturnSafeConfigsOnly is false", func(t *testing.T) { @@ -160,7 +173,10 @@ func TestSiteConfiguration(t *testing.T) { t.Fatalf("err: want nil but got %v", err) } }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) + }) + } func TestSiteConfigurationHistory(t *testing.T) { diff --git a/cmd/frontend/graphqlbackend/user.go b/cmd/frontend/graphqlbackend/user.go index 2e33a33dd297..a1b5cd4a70da 100644 --- a/cmd/frontend/graphqlbackend/user.go +++ b/cmd/frontend/graphqlbackend/user.go @@ -21,7 +21,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/dotcom" "github.com/sourcegraph/sourcegraph/internal/errcode" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/gqlutil" "github.com/sourcegraph/sourcegraph/internal/types" "github.com/sourcegraph/sourcegraph/lib/errors" @@ -488,12 +487,12 @@ func (r *schemaResolver) UpdateUser(ctx context.Context, args *updateUserArgs) ( if err := r.db.Users().Update(ctx, userID, update); err != nil { return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log an event when a user account is modified/updated - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameAccountModified, "", uint32(userID), "", "BACKEND", args); err != nil { - r.logger.Error("Error logging security event", log.Error(err)) - } + + // Log an event when a user account is modified/updated + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameAccountModified, "", uint32(userID), "", "BACKEND", args); err != nil { + r.logger.Error("Error logging security event", log.Error(err)) } + return UserByIDInt32(ctx, r.db, userID) } @@ -875,11 +874,10 @@ func (r *schemaResolver) SetUserCompletionsQuota(ctx context.Context, args SetUs log.Int("targetUserID", int(user.ID)), log.Intp("oldQuota", oldQuota), log.Intp("newQuota", newQuota)) - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil { - r.logger.Error("Error logging security event", log.Error(err)) - } + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil { + r.logger.Error("Error logging security event", log.Error(err)) } + return UserByIDInt32(ctx, r.db, user.ID) } @@ -917,13 +915,12 @@ func (r *schemaResolver) SetUserCodeCompletionsQuota(ctx context.Context, args S if err := r.db.Users().SetCodeCompletionsQuota(ctx, user.ID, quota); err != nil { return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log an event when user's code completions quota is updated - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCodeCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil { - r.logger.Error("Error logging security event", log.Error(err)) - } + // Log an event when user's code completions quota is updated + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCodeCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil { + r.logger.Error("Error logging security event", log.Error(err)) } + return UserByIDInt32(ctx, r.db, user.ID) } diff --git a/cmd/frontend/graphqlbackend/user_emails_test.go b/cmd/frontend/graphqlbackend/user_emails_test.go index dd52323802bb..2f388b843ae9 100644 --- a/cmd/frontend/graphqlbackend/user_emails_test.go +++ b/cmd/frontend/graphqlbackend/user_emails_test.go @@ -253,6 +253,10 @@ func TestSetUserEmailVerified(t *testing.T) { db.UserExternalAccountsFunc.SetDefaultReturn(userExternalAccounts) db.SubRepoPermsFunc.SetDefaultReturn(dbmocks.NewMockSubRepoPermsStore()) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) + RunTests(t, test.gqlTests(db)) if test.expectCalledGrantPendingPermissions { @@ -260,6 +264,7 @@ func TestSetUserEmailVerified(t *testing.T) { } else { mockrequire.NotCalled(t, authz.GrantPendingPermissionsFunc) } + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) }) } } diff --git a/cmd/frontend/graphqlbackend/user_test.go b/cmd/frontend/graphqlbackend/user_test.go index a0f087628fdd..d4a5e51fe31a 100644 --- a/cmd/frontend/graphqlbackend/user_test.go +++ b/cmd/frontend/graphqlbackend/user_test.go @@ -7,6 +7,7 @@ import ( "strings" "testing" + mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require" gqlerrors "github.com/graph-gophers/graphql-go/errors" "github.com/stretchr/testify/assert" @@ -459,7 +460,9 @@ func TestUpdateUser(t *testing.T) { users.GetByCurrentAuthUserFunc.SetDefaultReturn(mockUser, nil) users.UpdateFunc.SetDefaultReturn(nil) db.UsersFunc.SetDefaultReturn(users) - + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) RunTests(t, []*Test{ { Context: actor.WithActor(context.Background(), &actor.Actor{UID: 1}), @@ -486,6 +489,7 @@ func TestUpdateUser(t *testing.T) { `, }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) }) t.Run("scim controlled user cannot change display or username", func(t *testing.T) { @@ -907,6 +911,11 @@ func TestSchema_SetUserCompletionsQuota(t *testing.T) { users.GetByCurrentAuthUserFunc.SetDefaultReturn(mockUser, nil) users.UpdateFunc.SetDefaultReturn(nil) db.UsersFunc.SetDefaultReturn(users) + + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) + var quota *int users.SetChatCompletionsQuotaFunc.SetDefaultHook(func(ctx context.Context, i1 int32, i2 *int) error { quota = i2 @@ -941,6 +950,7 @@ func TestSchema_SetUserCompletionsQuota(t *testing.T) { `, }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) }) } @@ -983,6 +993,11 @@ func TestSchema_SetUserCodeCompletionsQuota(t *testing.T) { users.GetByCurrentAuthUserFunc.SetDefaultReturn(mockUser, nil) users.UpdateFunc.SetDefaultReturn(nil) db.UsersFunc.SetDefaultReturn(users) + + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) + var quota *int users.SetCodeCompletionsQuotaFunc.SetDefaultHook(func(ctx context.Context, i1 int32, i2 *int) error { quota = i2 @@ -1017,6 +1032,7 @@ func TestSchema_SetUserCodeCompletionsQuota(t *testing.T) { `, }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) }) } diff --git a/cmd/frontend/internal/backend/BUILD.bazel b/cmd/frontend/internal/backend/BUILD.bazel index 03330f85fdef..f26fc158e1d1 100644 --- a/cmd/frontend/internal/backend/BUILD.bazel +++ b/cmd/frontend/internal/backend/BUILD.bazel @@ -45,7 +45,6 @@ go_library( "//internal/extsvc/github", "//internal/extsvc/gitlab", "//internal/extsvc/gitolite", - "//internal/featureflag", "//internal/gitserver", "//internal/gitserver/gitdomain", "//internal/httpcli", diff --git a/cmd/frontend/internal/backend/user_emails.go b/cmd/frontend/internal/backend/user_emails.go index b0542e556d4b..5119ea6989b0 100644 --- a/cmd/frontend/internal/backend/user_emails.go +++ b/cmd/frontend/internal/backend/user_emails.go @@ -19,7 +19,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/dotcom" "github.com/sourcegraph/sourcegraph/internal/errcode" "github.com/sourcegraph/sourcegraph/internal/extsvc" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/txemail" "github.com/sourcegraph/sourcegraph/internal/txemail/txtypes" "github.com/sourcegraph/sourcegraph/internal/types" @@ -92,19 +91,16 @@ func (e *userEmails) Add(ctx context.Context, userID int32, email string) error return err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - arguments := struct { - UserID int32 `json:"UserID"` - Email string `json:"email"` - }{ - UserID: userID, - Email: email, - } - // Log action of new email being added to user profile - if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailAdded, "", uint32(userID), "", "BACKEND", arguments); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } - + arguments := struct { + UserID int32 `json:"UserID"` + Email string `json:"email"` + }{ + UserID: userID, + Email: email, + } + // Log action of new email being added to user profile + if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailAdded, "", uint32(userID), "", "BACKEND", arguments); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } if conf.EmailVerificationRequired() { @@ -147,21 +143,20 @@ func (e *userEmails) Remove(ctx context.Context, userID int32, email string) err if err := tx.UserEmails().Remove(ctx, userID, email); err != nil { return errors.Wrap(err, "removing user e-mail") } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - arguments := struct { - UserID int32 `json:"UserID"` - Email string `json:"email"` - }{ - UserID: userID, - Email: email, - } - // Log action of email being removed from user profile - if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailRemoved, "", uint32(userID), "", "BACKEND", arguments); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + arguments := struct { + UserID int32 `json:"UserID"` + Email string `json:"email"` + }{ + UserID: userID, + Email: email, + } + // Log action of email being removed from user profile + if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailRemoved, "", uint32(userID), "", "BACKEND", arguments); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + // 🚨 SECURITY: If an email is removed, invalidate any existing password reset // tokens that may have been sent to that email. if err := tx.Users().DeletePasswordResetCode(ctx, userID); err != nil { @@ -263,13 +258,12 @@ func (e *userEmails) SetVerified(ctx context.Context, userID int32, email string Email: email, Verified: verified, } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log action of email being verified/unverified - if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailVerifiedToggle, "", uint32(userID), "", "BACKEND", arguments); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + // Log action of email being verified/unverified + if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailVerifiedToggle, "", uint32(userID), "", "BACKEND", arguments); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + // Eagerly attempt to sync permissions again. This needs to happen _after_ the // transaction has committed so that it takes into account any changes triggered // by changes in the verification status of the e-mail. diff --git a/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go b/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go index 1dbdcb2c2fae..e6d5dc415af6 100644 --- a/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go +++ b/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go @@ -16,7 +16,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/conf" "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/database/dbutil" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/hashutil" "github.com/sourcegraph/sourcegraph/internal/license" "github.com/sourcegraph/sourcegraph/internal/slack" @@ -103,18 +102,16 @@ func (s dbLicenses) Create(ctx context.Context, subscriptionID, licenseKey strin return "", errors.Wrap(err, "insert") } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - arg := struct { - SubscriptionID string `json:"subscriptionID"` - NewUUID uuid.UUID `json:"newUUID"` - }{ - SubscriptionID: subscriptionID, - NewUUID: newUUID, - } - // Log an event when a license is created in DotCom - if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + arg := struct { + SubscriptionID string `json:"subscriptionID"` + NewUUID uuid.UUID `json:"newUUID"` + }{ + SubscriptionID: subscriptionID, + NewUUID: newUUID, + } + // Log an event when a license is created in DotCom + if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } postLicenseCreationToSlack(ctx, logger, subscriptionID, version, expiresAt, info) @@ -390,12 +387,11 @@ ORDER BY created_at DESC results = append(results, &v) } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log an event when liscense list is viewed in Dotcom - if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", q.Args()); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when liscense list is viewed in Dotcom + if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", q.Args()); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + return results, nil } diff --git a/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go b/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go index ee24a62d02ca..940502d3b505 100644 --- a/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go +++ b/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go @@ -17,7 +17,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/actor" "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/database/dbutil" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/trace" "github.com/sourcegraph/sourcegraph/lib/errors" ) @@ -96,12 +95,11 @@ INSERT INTO product_subscriptions(id, user_id, account_number) VALUES($1, $2, $3 ).Scan(&id); err != nil { return "", errors.Wrap(err, "insert") } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log an event when a new subscription is created. - if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionCreated, "", uint32(userID), "", "BACKEND", newUUID); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when a new subscription is created. + if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionCreated, "", uint32(userID), "", "BACKEND", newUUID); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + return id, nil } @@ -152,12 +150,11 @@ func (s dbSubscriptions) List(ctx context.Context, opt dbSubscriptionsListOption if mocks.subscriptions.List != nil { return mocks.subscriptions.List(ctx, opt) } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log an event when a list of subscriptions is requested. - if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionsListed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", opt); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when a list of subscriptions is requested. + if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionsListed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", opt); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + return s.list(ctx, opt.sqlConditions(), opt.LimitOffset) } @@ -307,12 +304,11 @@ func (s dbSubscriptions) Update(ctx context.Context, id string, update DBSubscri if nrows == 0 { return errSubscriptionNotFound } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log an event when a subscription is updated - if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when a subscription is updated + if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + return nil } @@ -338,12 +334,11 @@ func (s dbSubscriptions) Archive(ctx context.Context, id string) error { if nrows == 0 { return errSubscriptionNotFound } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { - // Log an event when a subscription is archived - if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionArchived, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when a subscription is archived + if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionArchived, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + return nil }