Add audit log categorization and enhanced filtering options #465
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Praveenrajmani
force-pushed
the
audit-log-changes
branch
from
b1339ba to
4b1b83f
Compare
Praveenrajmani
force-pushed
the
audit-log-changes
branch
2 times, most recently
from
5955705 to
65b1605
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR introduces comprehensive audit log categorization and enhanced filtering capabilities for MinIO admin operations. The changes enable more granular audit log queries and structured tracking of audit events across different categories of operations.
Key Changes:
- Added audit event categorization with 18 categories (config, user, service-account, policy, group, bucket, lifecycle, replication, notification, encryption, cors, versioning, service, kms, site-replication, pool, idp, log-recorder) and 14 action types (create, update, delete, enable, disable, set, reset, restore, clear, start, stop, restart, attach, detach)
- Extended the
Auditstruct withCategory,Action, andDetailsfields for richer audit event metadata - Added
MaxPerNodefield to log options (APILogOpts, AuditLogOpts, ErrorLogOpts) to limit log entries retrieved per cluster node - Added
Categoryfilter toAuditLogOptsfor filtering audit logs by category
Reviewed Changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| log/audit.go | Added audit enums (AuditCategory, AuditAction), extended Audit struct with category/action/details fields, introduced detailed audit structures for different categories, and added Message/Details methods for human-readable summaries |
| log/audit_gen_test.go | Generated msgp serialization test code for new audit detail types (BucketConfigAuditDetails, ConfigAuditDetails, GroupAuditDetails, IAMImportDetails, IDPAuditDetails, KMSAuditDetails, PolicyAuditDetails, PoolAuditDetails, RecorderAuditDetails, ServiceAccountAuditDetails, ServiceAuditDetails, SiteReplicationAuditDetails, UserAuditDetails) |
| audit-logs.go | Added Category filter and MaxPerNode limit to AuditLogOpts for enhanced filtering capabilities |
| api-logs.go | Added MaxPerNode field to APILogOpts to limit log entries per node |
| error-logs.go | Added MaxPerNode field to ErrorLogOpts to limit log entries per node |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
klauspost
reviewed
Oct 21, 2025
Praveenrajmani
force-pushed
the
audit-log-changes
branch
3 times, most recently
from
bd1bfc2 to
ff65607
Compare
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 6 out of 7 changed files in this pull request and generated 4 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
added 2 commits
October 30, 2025 14:36
This commit introduces comprehensive audit log categorization and enhanced filtering capabilities for API, audit, and error logs: - Add AuditCategory enum with 15 categories (config, user, service-account, policy, group, bucket, lifecycle, replication, notification, encryption, cors, versioning, service, kms, site-replication, pool, idp, log-recorder) - Add AuditAction enum with common actions (create, update, delete, enable, disable, set, reset, restore, clear, start, stop, restart, attach, detach) - Extend Audit struct with Category, Action, and Details fields for richer audit event metadata - Add MaxPerNode field to APILogOpts, AuditLogOpts, and ErrorLogOpts to limit log entries retrieved per cluster node - Add Category filter to AuditLogOpts for filtering by audit category - Introduce detailed audit structures for different categories (ConfigAuditDetails, UserAuditDetails, ServiceAccountAuditDetails, PolicyAuditDetails, GroupAuditDetails, BucketConfigAuditDetails, ServiceAuditDetails) - Generate msgp serialization code for new audit types These changes enable more granular audit log queries and structured audit event tracking across MinIO admin operations.
Praveenrajmani
force-pushed
the
audit-log-changes
branch
from
ff65607 to
ca4ea9b
Compare
klauspost
approved these changes
Oct 30, 2025
Praveenrajmani
force-pushed
the
audit-log-changes
branch
from
ca4ea9b to
ae96609
Compare
Praveenrajmani
force-pushed
the
audit-log-changes
branch
from
ae96609 to
591201b
Compare
The newer version of msgp generates simpler code for generic types, removing explicit type conversions in favor of direct method calls.
|
PTAL @balamurugana @vadmeste |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit introduces comprehensive audit log categorization and enhanced filtering capabilities for API, audit, and error logs:
These changes enable more granular audit log queries and structured audit event tracking across MinIO admin operations.