Audit log events omit target username

Open FloThinksPi opened this issue 3 years ago • 1 comments

Issue

There are audit log events that when fetched over v3 api are missing the name field of the target.

Context

Currently it is just known that auditlog events of type:

audit.user.space_developer_remove

are missing the target user name in the json response. I could imagine other log types that return a target of type user are affected but did not test yet. Iwill extend the lists in case i find more log types that do not display targets user name.

Related endpoint docs: https://v3-apidocs.cloudfoundry.org/version/3.118.0/index.html#list-audit-events

Steps to Reproduce

cf curl '/v3/audit_events?types=audit.user.space_developer_remove'

Expected result

{
...
  "target": {
    "guid": "a595fe2f-01ff-4965-a50c-290258ab8582",
    "type": "user",
    "name": "Greg"
  },
...
}

Current result

{
...
  "target": {
    "guid": "a595fe2f-01ff-4965-a50c-290258ab8582",
    "type": "user",
    "name": ""
  },
...
}

--> target.name is empty

Possible Fix

Add the user name to the target of above audit log types

Jul 01 '22 13:07 FloThinksPi

Some thoughts:

The CCDB does not store the username.
The event is created in the UserEventRepository.
There is a helper method (User.uaa_users_info) to retrieve additional information from the UAA.

Jul 05 '22 09:07 philippthun