Add New Table for Audit Logs #803
Description
Summary
Add support for schema change for new table to store auditing logs.
Motivation
At LinkedIn, we need logging support for admin operations regarding backends. The lack of traceability and context can make it difficult when debugging issues. To satisfy this requirement, we need a schema change to that'll allow us to store audit logs for ease of querying. Currently, when an admin performs an operation, there is no audit trail in the gateway database. This makes it hard to answer questions such as:
-
Who changed a backend or routing group?
-
What exactly changed (before vs after) and what's the status of the change?
-
When did the change occur?
-
From where (IP) and why (comment) was the change made?
Having an auditing in the gateway would make debugging easier and support internal compliance requirements.
Proposed Solution
Change Trino-Gateway mySQL schema to include a new table, gw_audit_events, that'll write each Gateway operation as a new row with user ID, IP, timestamp, operation, context, and comment.
Rough idea of the schema
CREATE TABLE gw_audit_events (
user_id VARCHAR(256) NOT NULL,
timestamp TIMESTAMP(3) NOT NULL, -- timestamp in UTC time
ip_address VARCHAR(45) NULL,
operation VARCHAR(128) NOT NULL, -- e.x: CREATE, UPDATE
target VARCHAR(256) NULL, -- which backend was the change made to
status VARCHAR(256) NOT NULL, -- success/failure status of the operation
context TEXT NULL, -- from which method was the request made ex: UI, CLI
comment TEXT NULL
);
Furthermore, we should also log the information using the Logger class:
{"message":"GW_AUDIT_LOG: user=admin, ipAddress=0:0:0:0:0:0:0:1, backend=trino-1, action=DEACTIVATE, context=trino-gw-ui"}
With these changes, the logs will be able to be queried and stored long term as well as be used for short term monitoring.
I am willing to participate in design reviews to help move this feature forward. Please let me know how best to proceed with further review and/or collaboration!