Skip to content

fix(membership): log audit record failures instead of dropping them#1770

Open
AmanGIT07 wants to merge 1 commit into
mainfrom
fix/audit-record-errors
Open

fix(membership): log audit record failures instead of dropping them#1770
AmanGIT07 wants to merge 1 commit into
mainfrom
fix/audit-record-errors

Conversation

@AmanGIT07

Copy link
Copy Markdown
Contributor

Summary

Audit record writes in the membership audit helpers discarded their error. They now go through a helper that logs the failure. The member operation still succeeds.

Changes

  • core/membership: route the seven audit record writes through a new createAuditRecord helper
  • On failure the log line carries every field of the record (event, org, resource, target, metadata, timestamp) so the record can be recreated manually
  • Add a test case asserting a failed audit record write does not fail AddOrganizationMember

Technical Details

No caller-visible behavior change: the audit helpers stay fire-and-forget.

Test Plan

  • go test ./core/membership/ passes
  • Build and type checking passes

Audit record writes in the membership audit helpers discarded their
error. Route them through a helper that logs the full record when the
write fails. The member operation still succeeds.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@vercel

vercel Bot commented Jul 17, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
frontier Ready Ready Preview, Comment Jul 17, 2026 10:12am

@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Summary by CodeRabbit

  • Bug Fixes
    • Membership actions now continue successfully when audit record storage is temporarily unavailable.
    • Failed audit record writes generate warning details to support manual recovery.
    • Existing membership audit logging behavior remains unchanged.

Walkthrough

Changes

Membership audit resilience

Layer / File(s) Summary
Centralize audit record persistence
core/membership/service.go
Adds Service.createAuditRecord, which logs audit record details when repository creation fails.
Route membership audits through the helper
core/membership/service.go, core/membership/service_test.go
Updates organization, project, and group membership audit paths and tests successful member addition despite audit write failure.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Possibly related PRs

Suggested reviewers: rohilsurana

🚥 Pre-merge checks | ✅ 2
✅ Passed checks (2 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2


ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d26df683-675f-40e6-b51d-a492932219c0

📥 Commits

Reviewing files that changed from the base of the PR and between cfe2cf3 and 83d6794.

📒 Files selected for processing (2)
  • core/membership/service.go
  • core/membership/service_test.go

Comment on lines +808 to +816
args := []any{
"error", err,
"event", record.Event,
"org_id", record.OrgID,
"resource_id", record.Resource.ID,
"resource_type", record.Resource.Type,
"resource_name", record.Resource.Name,
"occurred_at", record.OccurredAt,
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the relevant service code and nearby helpers.
sed -n '760,860p' core/membership/service.go

printf '\n--- search for actor enrichment and audit record creation ---\n'
rg -n "enrichActorFromContext|Actor|WarnContext|createAuditRecord|auditRecordRepository.Create|auditOrgMemberAdded|metadata|email" core/membership -S

printf '\n--- search for logger middleware or context enrichment ---\n'
rg -n "actor.*context|context.*actor|middleware.*actor|With.*Actor|enrich.*Actor|logger.*actor" -S .

Repository: raystack/frontier

Length of output: 10010


🏁 Script executed:

#!/bin/bash
set -euo pipefail

sed -n '60,110p' internal/store/postgres/audit_record_repository.go
printf '\n---\n'
sed -n '190,260p' internal/store/postgres/audit_record.go
printf '\n---\n'
sed -n '220,280p' core/auditrecord/service.go
printf '\n---\n'
sed -n '1,120p' pkg/server/connect_interceptors/authentication.go
printf '\n---\n'
sed -n '1,120p' core/audit/context.go

Repository: raystack/frontier

Length of output: 10862


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the audit logger implementation to see whether WarnContext adds actor data automatically.
sed -n '1,240p' core/audit/logger.go
printf '\n---\n'
rg -n "type Logger|func \(.*WarnContext|WithAttrs|extractActorFromContext|AuditActorContextKey|AuditRecordActorContextKey" core/audit internal/store/postgres pkg/server -S

Repository: raystack/frontier

Length of output: 2831


🏁 Script executed:

#!/bin/bash
set -euo pipefail

sed -n '1,220p' pkg/server/connect_interceptors/logger.go
printf '\n---\n'
rg -n "WarnContext|WithContext|context.*logger|actor.*log|AuditActorContextKey|AuditRecordActorContextKey" pkg/server/connect_interceptors core -S

Repository: raystack/frontier

Length of output: 4954


Include the actor ID in the fallback log
WarnContext only carries request-scoped attrs here, and this path still logs an empty actor because the repository fills it in later. Add the actor ID from context so a failed audit write can be recreated fully.

Source: Learnings

Comment on lines +817 to +824
if record.Target != nil {
args = append(args,
"target_id", record.Target.ID,
"target_type", record.Target.Type,
"target_name", record.Target.Name,
"target_metadata", record.Target.Metadata,
)
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Redact PII from the fallback audit logs.

Logging record.Target.Name and record.Target.Metadata directly writes Personally Identifiable Information (PII) — such as user names and email addresses (which are added to the metadata in methods like auditOrgMemberAdded) — to the standard application logs. While your secure audit database is designed to store this, standard log aggregators often lack the same strict data retention and compliance controls, risking GDPR/CCPA violations.

Consider redacting or hashing PII fields from the log arguments before logging.

@AmanGIT07
AmanGIT07 requested a review from rohilsurana July 17, 2026 10:17
@coveralls

Copy link
Copy Markdown

Coverage Report for CI Build 29572653683

Coverage increased (+0.03%) to 46.139%

Details

  • Coverage increased (+0.03%) from the base build.
  • Patch coverage: 27 of 27 lines across 1 file are fully covered (100%).
  • No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.


Coverage Stats

Coverage Status
Relevant Lines: 38341
Covered Lines: 17690
Line Coverage: 46.14%
Coverage Strength: 13.33 hits per line

💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants