rusackas commented on code in PR #41305:
URL: https://github.com/apache/superset/pull/41305#discussion_r3456943106
##########
superset/security/api.py:
##########
@@ -204,6 +208,15 @@ def guest_token(self) -> Response:
body["rls"],
**({"datasets": body["datasets"]} if "datasets" in body else
{}),
)
+ logger.info(
+ "Guest token issued: %s",
+ build_guest_token_audit_payload(
+ issuer_user_id=get_user_id(),
+ source_ip=request.remote_addr,
+ body=body,
+ token=token,
+ ),
+ )
Review Comment:
The endpoint already carries the audit event, so issuance is recorded in
the configured pipeline regardless. This line is a deliberate, structured
supplement, not the audit record itself. Folding the rich payload into is a
reasonable follow-up but a bigger rewiring than this PR intends, so I'd rather
not pull it in here.
##########
superset/security/api.py:
##########
@@ -204,6 +208,15 @@ def guest_token(self) -> Response:
body["rls"],
**({"datasets": body["datasets"]} if "datasets" in body else
{}),
)
+ logger.info(
+ "Guest token issued: %s",
+ build_guest_token_audit_payload(
+ issuer_user_id=get_user_id(),
+ source_ip=request.remote_addr,
+ body=body,
+ token=token,
+ ),
+ )
Review Comment:
The endpoint already carries the `@event_logger.log_this` audit event, so
issuance is recorded in the configured pipeline regardless. This line is a
deliberate, structured supplement, not the audit record itself. Folding the
rich payload into `log_this_with_extra_payload` is a reasonable follow-up but a
bigger rewiring than this PR intends, so I'd rather not pull it in here.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
