Security Reports#30853
Conversation
smallinsky
force-pushed
the
smallinsky/athena_sec_reports
branch
6 times, most recently
from
dcf1e60 to
fbf2733
Compare
smallinsky
force-pushed
the
smallinsky/athena_sec_reports
branch
2 times, most recently
from
306199f to
81fcf04
Compare
smallinsky
force-pushed
the
smallinsky/athena_sec_reports
branch
8 times, most recently
from
75851c1 to
acf8d83
Compare
smallinsky
force-pushed
the
smallinsky/athena_sec_reports
branch
4 times, most recently
from
f421f3e to
4f655fd
Compare
github-actions
Bot
requested review from
marcoandredinis,
rosstimothy and
tigrato
github-actions
Bot
added
audit-log
|
@smallinsky - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes. |
r0mant
left a comment
r0mant
left a comment
There was a problem hiding this comment.
Looks like this is mostly a bunch of our standard boilerplate so don't have a whole lot of feedback.
| sb.WriteString("SELECT\n") | ||
| sb.WriteString(" event_date, event_time\n") | ||
| for _, v := range d.Columns { | ||
| sb.WriteString(viewSchemaLine(v.NameJSON(), v.NameSQL(), v.Type)) | ||
| } |
There was a problem hiding this comment.
Is this safe w/r/t SQL injections? Can any part of this be user-provider? I would add a comment explaining why using string builder to assemble a query is safe here.
Same for all other places where string builder is used.
There was a problem hiding this comment.
I have updated a function comment.
Access monitoring user can run any SQL Query on events table so Protecting it agains SQL injection does't make any sense. The IAM Role is responsible to limit the scope and grant only read only access on Athena audit events table.
smallinsky
force-pushed
the
smallinsky/athena_sec_reports
branch
4 times, most recently
from
8279062 to
a842504
Compare
public-teleport-github-review-bot
Bot
removed request for
hugoShaka,
jakule and
ryanclark
smallinsky
force-pushed
the
smallinsky/athena_sec_reports
branch
from
dca751a to
a637add
Compare
smallinsky
force-pushed
the
smallinsky/athena_sec_reports
branch
4 times, most recently
from
44c77e5 to
9e6f83e
Compare
smallinsky
force-pushed
the
smallinsky/athena_sec_reports
branch
from
c030806 to
5371bf5
Compare
| // SecReportsService is a service that manages security reports. | ||
| service SecReportsService { | ||
| // UpsertAuditQuery upsets an audit query. | ||
| rpc UpsertAuditQuery(UpsertAuditQueryRequest) returns (google.protobuf.Empty); |
There was a problem hiding this comment.
We should really be returning the resource on any write; by returning a pbempty we have no way to return the revision, and anything that depends on knowing the value that was written (like terraform) needs a second roundtrip to read the resource again, with no real way to know if it has changed in the meantime.
There was a problem hiding this comment.
Good point. I will migrate to Upsert call where old value is returned. Thanks.
4 participants
What
Audit Report implementation:
If that will help I can in Review I can split this PR into smaller chunks.
Related: https://github.com/gravitational/teleport.e/pull/2038