docs(10-01): complete config backup audit events plan
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Staack
@@ -45,8 +45,8 @@
|
||||
|
||||
### Observability
|
||||
|
||||
- [ ] **OBS-01**: Audit events logged: `config_snapshot_created`, `config_snapshot_skipped_duplicate`
|
||||
- [ ] **OBS-02**: Audit events logged: `config_diff_generated`, `config_backup_manual_trigger`
|
||||
- [x] **OBS-01**: Audit events logged: `config_snapshot_created`, `config_snapshot_skipped_duplicate`
|
||||
- [x] **OBS-02**: Audit events logged: `config_diff_generated`, `config_backup_manual_trigger`
|
||||
|
||||
## v2 Requirements
|
||||
|
||||
@@ -91,8 +91,8 @@
|
||||
| UI-02 | Phase 7: Config History UI | Complete |
|
||||
| UI-03 | Phase 8: Diff Viewer & Download | Complete |
|
||||
| UI-04 | Phase 8: Diff Viewer & Download | Complete |
|
||||
| OBS-01 | Phase 10: Audit & Observability | Pending |
|
||||
| OBS-02 | Phase 10: Audit & Observability | Pending |
|
||||
| OBS-01 | Phase 10: Audit & Observability | Complete |
|
||||
| OBS-02 | Phase 10: Audit & Observability | Complete |
|
||||
|
||||
**Coverage:**
|
||||
- v1 requirements: 25 total
|
||||
|
||||
@@ -21,7 +21,7 @@ Decimal phases appear between their surrounding integers in numeric order.
|
||||
- [x] **Phase 7: Config History UI** - Timeline section on device page with change summaries (completed 2026-03-13)
|
||||
- [ ] **Phase 8: Diff Viewer & Download** - Unified diff display with syntax highlighting and .rsc download
|
||||
- [x] **Phase 9: Retention & Cleanup** - 90-day retention policy with automatic snapshot deletion (completed 2026-03-13)
|
||||
- [ ] **Phase 10: Audit & Observability** - Audit event logging for all config backup operations
|
||||
- [x] **Phase 10: Audit & Observability** - Audit event logging for all config backup operations (completed 2026-03-13)
|
||||
|
||||
## Phase Details
|
||||
|
||||
@@ -183,4 +183,4 @@ Note: Phase 9 depends only on Phase 3 and Phase 10 depends on Phases 3/4/5, so P
|
||||
| 7. Config History UI | 1/1 | Complete | 2026-03-13 |
|
||||
| 8. Diff Viewer & Download | 1/2 | In Progress| |
|
||||
| 9. Retention & Cleanup | 1/1 | Complete | 2026-03-13 |
|
||||
| 10. Audit & Observability | 0/1 | Not started | - |
|
||||
| 10. Audit & Observability | 1/1 | Complete | 2026-03-13 |
|
||||
|
||||
@@ -3,14 +3,14 @@ gsd_state_version: 1.0
|
||||
milestone: v9.6
|
||||
milestone_name: milestone
|
||||
status: completed
|
||||
stopped_at: Completed 09-01-PLAN.md
|
||||
last_updated: "2026-03-13T04:34:12Z"
|
||||
last_activity: 2026-03-13 -- Completed 09-01 retention cleanup
|
||||
stopped_at: Completed 10-01-PLAN.md
|
||||
last_updated: "2026-03-13T04:46:04Z"
|
||||
last_activity: 2026-03-13 -- Completed 10-01 config backup audit events
|
||||
progress:
|
||||
total_phases: 10
|
||||
completed_phases: 9
|
||||
total_plans: 13
|
||||
completed_plans: 13
|
||||
completed_phases: 10
|
||||
total_plans: 14
|
||||
completed_plans: 14
|
||||
percent: 100
|
||||
---
|
||||
|
||||
@@ -21,14 +21,14 @@ progress:
|
||||
See: .planning/PROJECT.md (updated 2026-03-12)
|
||||
|
||||
**Core value:** Operators can see exactly what changed on a router and when, with reliable config snapshots for download
|
||||
**Current focus:** Phase 9: Retention & Cleanup -- COMPLETE
|
||||
**Current focus:** Phase 10: Audit & Observability -- COMPLETE
|
||||
|
||||
## Current Position
|
||||
|
||||
Phase: 9 of 10 (Retention & Cleanup) -- COMPLETE
|
||||
Phase: 10 of 10 (Audit & Observability) -- COMPLETE
|
||||
Plan: 1 of 1 in current phase
|
||||
Status: Phase 09 complete
|
||||
Last activity: 2026-03-13 -- Completed 09-01 retention cleanup
|
||||
Status: Phase 10 complete
|
||||
Last activity: 2026-03-13 -- Completed 10-01 config backup audit events
|
||||
|
||||
Progress: [██████████] 100%
|
||||
|
||||
@@ -61,6 +61,7 @@ Progress: [██████████] 100%
|
||||
| Phase 08 P01 | 1min | 2 tasks | 3 files |
|
||||
| Phase 08 P02 | 1min | 1 tasks | 3 files |
|
||||
| Phase 09 P01 | 2min | 2 tasks | 4 files |
|
||||
| Phase 10 P01 | 3min | 2 tasks | 4 files |
|
||||
|
||||
## Accumulated Context
|
||||
|
||||
@@ -97,6 +98,8 @@ Recent decisions affecting current work:
|
||||
- [Phase 08]: Blob URL download pattern consistent with existing exportMyData and auditLogsApi.exportCsv patterns
|
||||
- [Phase 09]: make_interval(days => :days) for parameterized PostgreSQL interval in retention cleanup
|
||||
- [Phase 09]: 24h IntervalTrigger with 1h jitter for stagger; AdminAsyncSessionLocal for cross-tenant cleanup
|
||||
- [Phase 10]: Module-level log_action import in subscriber, inline import in diff service/router for audit events
|
||||
- [Phase 10]: All audit log_action calls wrapped in try/except Exception: pass (fire-and-forget pattern)
|
||||
|
||||
### Pending Todos
|
||||
|
||||
@@ -108,6 +111,6 @@ None yet.
|
||||
|
||||
## Session Continuity
|
||||
|
||||
Last session: 2026-03-13T04:34:12Z
|
||||
Stopped at: Completed 09-01-PLAN.md
|
||||
Last session: 2026-03-13T04:46:04Z
|
||||
Stopped at: Completed 10-01-PLAN.md
|
||||
Resume file: None
|
||||
|
||||
98
.planning/phases/10-audit-observability/10-01-SUMMARY.md
Normal file
98
.planning/phases/10-audit-observability/10-01-SUMMARY.md
Normal file
@@ -0,0 +1,98 @@
|
||||
---
|
||||
phase: 10-audit-observability
|
||||
plan: 01
|
||||
subsystem: api
|
||||
tags: [audit, logging, config-backup, nats, observability]
|
||||
|
||||
# Dependency graph
|
||||
requires:
|
||||
- phase: 03-snapshot-ingestion
|
||||
provides: config_snapshot_subscriber handle_config_snapshot handler
|
||||
- phase: 05-config-diff
|
||||
provides: config_diff_service generate_and_store_diff function
|
||||
- phase: 04-manual-backup-trigger
|
||||
provides: config_backups trigger_config_snapshot endpoint
|
||||
provides:
|
||||
- Audit trail for all config backup operations (4 event types)
|
||||
- Tests verifying audit event emission
|
||||
affects: []
|
||||
|
||||
# Tech tracking
|
||||
tech-stack:
|
||||
added: []
|
||||
patterns: [try/except-wrapped log_action calls for fire-and-forget audit, inline imports in diff service to avoid circular deps]
|
||||
|
||||
key-files:
|
||||
created:
|
||||
- backend/tests/test_audit_config_backup.py
|
||||
modified:
|
||||
- backend/app/services/config_snapshot_subscriber.py
|
||||
- backend/app/services/config_diff_service.py
|
||||
- backend/app/routers/config_backups.py
|
||||
|
||||
key-decisions:
|
||||
- "Module-level import of log_action in snapshot subscriber (no circular risk), inline import in diff service and router (consistent with existing best-effort pattern)"
|
||||
- "All audit calls wrapped in try/except Exception: pass to never break parent operations"
|
||||
|
||||
patterns-established:
|
||||
- "Audit event pattern: try/except-wrapped log_action calls at success points in NATS subscribers and API endpoints"
|
||||
|
||||
requirements-completed: [OBS-01, OBS-02]
|
||||
|
||||
# Metrics
|
||||
duration: 3min
|
||||
completed: 2026-03-13
|
||||
---
|
||||
|
||||
# Phase 10 Plan 01: Config Backup Audit Events Summary
|
||||
|
||||
**Four audit event types (created, skipped_duplicate, diff_generated, manual_trigger) wired into config backup operations with try/except safety and 4 passing tests**
|
||||
|
||||
## Performance
|
||||
|
||||
- **Duration:** 3 min
|
||||
- **Started:** 2026-03-13T04:43:11Z
|
||||
- **Completed:** 2026-03-13T04:46:04Z
|
||||
- **Tasks:** 2
|
||||
- **Files modified:** 4
|
||||
|
||||
## Accomplishments
|
||||
- Added audit logging to all 4 config backup operations: snapshot creation, deduplication skip, diff generation, and manual backup trigger
|
||||
- All log_action calls follow project pattern: try/except wrapped, fire-and-forget, with tenant_id, device_id, action, resource_type, and details
|
||||
- 4 new tests verify correct audit action strings are emitted, all 17 tests pass (4 new + 13 existing)
|
||||
|
||||
## Task Commits
|
||||
|
||||
Each task was committed atomically:
|
||||
|
||||
1. **Task 1: Add audit event emission to snapshot subscriber, diff service, and backup trigger endpoint** - `1a1ceb2` (feat)
|
||||
2. **Task 2: Add tests verifying audit events are emitted** - `fb91fed` (test)
|
||||
|
||||
## Files Created/Modified
|
||||
- `backend/app/services/config_snapshot_subscriber.py` - Added config_snapshot_created and config_snapshot_skipped_duplicate audit events
|
||||
- `backend/app/services/config_diff_service.py` - Added config_diff_generated audit event after diff INSERT
|
||||
- `backend/app/routers/config_backups.py` - Added config_backup_manual_trigger audit event on manual trigger success
|
||||
- `backend/tests/test_audit_config_backup.py` - 4 tests verifying all audit event types are emitted
|
||||
|
||||
## Decisions Made
|
||||
- Module-level import of log_action in snapshot subscriber (no circular dependency risk since audit_service has no deps on snapshot subscriber)
|
||||
- Inline import in diff service try block (consistent with existing best-effort pattern and avoids any potential circular import)
|
||||
- Inline import in config_backups router try block (same pattern as diff service)
|
||||
|
||||
## Deviations from Plan
|
||||
|
||||
None - plan executed exactly as written.
|
||||
|
||||
## Issues Encountered
|
||||
None
|
||||
|
||||
## User Setup Required
|
||||
None - no external service configuration required.
|
||||
|
||||
## Next Phase Readiness
|
||||
- Audit trail complete for all config backup operations
|
||||
- All existing tests continue to pass with the new audit imports
|
||||
|
||||
---
|
||||
*Phase: 10-audit-observability*
|
||||
*Completed: 2026-03-13*
|
||||
Reference in New Issue
Block a user