sbp commented on issue #957: URL: https://github.com/apache/tooling-trusted-releases/issues/957#issuecomment-4193428812
@alitheg We were originally going to just add an `audit_guidance` for this, but the more I think about it, the more I think that some explicit logging here would be helpful. The UID of the target for impersonation isn't logged in the request log, and I think it would be good to have an event that explicitly says what's happening, for clarity. But this makes it awkward because it's not a storage interface audit event, as you say. The storage interface is for all filesystem and database changes (not just those connected to a release), but in this case nothing is happening in the filesystem or the database. Since we're planing to have `User` objects, however, I suppose we could reflect impersonations there, e.g. by setting `currently_impersonating` or `last_used_impersonation` or something like that. Then it would become a storage interface concern, and could reasonably have a storage interface audit event associated with it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
