Crazy-xyr commented on issue #12640:
URL: https://github.com/apache/apisix/issues/12640#issuecomment-3342235901
Audit is a good idea, `A dedicated audit logs viewer`. I don't think it's
necessary at present. Currently, admin_key is a weak RBAC mode. It's unlikely
that everyone distributes different keys to use the dashboard, so that the
operator is the same, unless methods such as user/password are supported.
Most logs plugins only provide the stored api. Does this mean that plugins
need to be modified to offer a query api?
What i focus on is the configuration comparison between the new and old
routes. Currently, each rollback relies on the etcd
MVCC(`-auto-compaction-retention=7d`), And admin_api use access_log to print
the request path, method, json body, and token for auditing
Can we implement the json configuration viewer of the previous independent
dashboard, and add a new button to view the plugin configuration of the
previous version? Put the configuration changes of the previous few versions
into the key-value ( like "previous":{ } ) of etcd, or query etcd MVCC, and all
configuration changes can be audited and rolled back,I think it's better to do
so
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
