queue and override manipulations should have an audit trail

Bug #885739 reported by Adam Conrad
28
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Thiago F. Pappacena

Bug Description

There are several archive administration tasks that we really need an audit trail for. Removals already get a blame tag on them, which is lovely, but we'd like to see a similar blame on other manipulations, at the very least packages moving to the accepted queue, and overrides being updated.

I suspect that both of these could, at least for now, be represented in the publishing history (since accepts and overrides both create a publishing record), which should be reasonably simple given that package removals are already represented in the same UI. Not sure how the schema will deal sanely with this, but my hope is that this won't be much effort.

(Note that while I'm sure there's some interest in writing a more involved auditing scheme and fancy UIs around such, we're much more interested in having accept/override auditing Very Soon than we are in having something fancy Some Day)

Related branches

Revision history for this message
Julian Edwards (julian-edwards) wrote :

SPPH can easily store a Person to record who dunnit.

Changed in launchpad:
status: New → Triaged
importance: Undecided → High
tags: added: lp-soyuz soyuz-publish
Revision history for this message
Stéphane Graber (stgraber) wrote :

On top of the improvements described above, it'd also be great to have a proper mapping between a queue entry and its uploader.

The main use for me would be for queuebot, so I can display:
"New package blah uploaded by person.ircname (universe) [old-version => new-version] (package sets)"

And then when accepted:
"Accepted package blah by audit.ircname"

Where audit.ircname would be the IRC nickname of the person accepting or rejecting the queue item and person.ircname would be the IRC nickname of the person who signed the package (as I guess LP can't always match the Changed-By with an LP account but can always match the GPG key with an LP account)

Revision history for this message
Kate Stewart (kate.stewart) wrote :

Lack of this feature is impacting the release team efficiency. Too much time is spent trying to figure out who might have approved something when someone disagrees whether it should go in or not.

Revision history for this message
Robert Collins (lifeless) wrote :

This bug isn't currently escalated, so its being worked on in a best-effort fashion today; I'm sure StevenK (who has been spending slack time on it) would appreciate more hands, or perhaps you could escalate it.

On the actual technical aspects, wedging various things around to workaround the lack of a generic audit system is very time consuming - and we would have paid for a generic system many times over by now if we had had one; such a system can have a very narrow interface. StevenK has been bringing up a microservice audit system in django, and is nearly done with that. Getting that hooked in will be about the same amount of time as doing the necessary schema and code migrations involved in the sketch that wgrant and stevenk put together for doing this in-DB : I think it is totally worth doing this as a service vs adding more techdebt.

Revision history for this message
Kate Stewart (kate.stewart) wrote :

Please consider this bug escalated on behalf of Ubuntu Engineering.

Revision history for this message
Adam Conrad (adconrad) wrote :

Doing it as an external service feels a bit odd. Don't we then lose consistent and coherent mappings between actions and audit, at least as far as internal LP consistency goes? Maybe I'm not understanding the grand plan here, but it would feel very odd to me if, say "package uploader" wasn't something directly associated with an SPR, why wouldn't changes to queue and publishing states get the same first-class treatment?

Revision history for this message
Launchpad QA Bot (lpqabot) wrote :
Changed in launchpad:
assignee: nobody → Steve Kowalik (stevenk)
tags: added: qa-needstesting
Changed in launchpad:
status: Triaged → Fix Committed
William Grant (wgrant)
Changed in launchpad:
status: Fix Committed → In Progress
Steve Kowalik (stevenk)
tags: added: qa-ok
removed: qa-needstesting
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
removed: qa-ok
Steve Kowalik (stevenk)
tags: added: qa-ok
removed: qa-needstesting
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
removed: qa-ok
Steve Kowalik (stevenk)
tags: added: qa-ok
removed: qa-needstesting
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
removed: qa-ok
Steve Kowalik (stevenk)
tags: added: qa-untestable
removed: qa-needstesting
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
removed: qa-untestable
Steve Kowalik (stevenk)
tags: added: qa-untestable
removed: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Released
Steve Kowalik (stevenk)
Changed in launchpad:
status: Fix Released → In Progress
Curtis Hovey (sinzui)
Changed in launchpad:
status: In Progress → Triaged
William Grant (wgrant)
tags: added: package-overrides
Revision history for this message
Colin Watson (cjwatson) wrote :

DB patch looks good to deploy:

2020-01-24 19:04:48,003 INFO 2210-11-0 applied just now in 0.1 seconds

Changed in launchpad:
assignee: Steve Kowalik (stevenk) → Thiago F. Pappacena (pappacena)
status: Triaged → In Progress
Revision history for this message
Colin Watson (cjwatson) wrote :

We now have auditing for queue accept and reject operations; you'll see information on the +queue page.

Override operations aren't done yet.

Colin Watson (cjwatson)
Changed in launchpad:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.