misc: added audit logs for project and org role management operations #4554
Conversation
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Summary
This PR adds comprehensive audit logging for project and organization role management operations across the Infisical application. The changes implement tracking for six key role operations: create, update, and delete for both project roles and organization roles.
The implementation spans both frontend and backend components:
Backend Changes:
- Adds six new EventType enum values (
CREATE_PROJECT_ROLE,UPDATE_PROJECT_ROLE,DELETE_PROJECT_ROLE,CREATE_ORG_ROLE,UPDATE_ORG_ROLE,DELETE_ORG_ROLE) to the audit log system - Defines corresponding TypeScript interfaces for each event type to capture relevant metadata including role slug, name, description, and permissions
- Integrates audit log creation into four router files: the main project role router, organization role router, and both deprecated project role routers
- Captures comprehensive metadata for each operation, including the original role name for update operations to track changes
- Serializes complex permission structures as JSON strings for storage in audit logs
Frontend Changes:
- Updates the EventType enum in the frontend to match backend definitions
- Adds human-readable display names for the new audit events in the constants mapping (e.g., "Create Project Role", "Update Org Role")
The audit logging follows established patterns throughout the codebase, ensuring consistency in how role management operations are tracked. Each audit log includes proper organizational and project context, actor information, and detailed metadata about what changed. This enhancement provides security teams and administrators with complete visibility into role lifecycle events, supporting compliance requirements and security monitoring for this critical access control functionality.
Confidence score: 4/5
- This PR is safe to merge with low risk of immediate production issues
- Score reflects solid implementation following established patterns, though there's one minor metadata consistency issue in the deprecated router
- Pay close attention to the deprecated project role router where update audit logs use request body values instead of actual updated role data
7 files reviewed, 4 comments
Description 📣
This PR adds support for emitting audit logs for project and org role management operations
Type ✨
Tests 🛠️
# Here's some code block to paste some code snippets