2718 audit project provisioning 2

[rorymckinley]

Description

Audit when a project is inserted, updated or deleted via the provisioning api.

This PR includes changes to the tests to in preparation for the new code and this makes the PR a bit noisy. Working though it commit-by-commit will make it easier to follow. The actual code change is in this commit.

Closes #2718

Validation steps

• Copy the attached files to /tmp on your workstation.

delete.json
insert.json
update.json

• In an IEx session run the following and keep the session open:

import Lightning.Repo
import Ecto.Query
latest_provisioner_event_query = from a in Lightning.Auditing.Audit, where: like(a.event, "%by_provisioner"), order_by: [desc: :inserted_at], limit: 1

• In your terminal, set the API_TOKEN var to your users api token for your local Lightning:

API_TOKEN='...'

From the terminal execute an insertion:

curl -X POST -d @/tmp/insert.json -H "Authorization: Bearer $API_TOKEN" -H "Content-Type: application/json" http://localhost:4000/api/provision

Then, in your IEx session:

latest_event = Repo.one!(latest_provisioner_event_query)

The event attribute of latest_event should be set to inserted_by_provisioner.

From the terminal execute an update:

curl -X POST -d @/tmp/update.json -H "Authorization: Bearer $API_TOKEN" -H "Content-Type: application/json" http://localhost:4000/api/provision

Then, in your IEx session:

latest_event = Repo.one!(latest_provisioner_event_query)

The event attribute of latest_event should be set to updated_by_provisioner.

From the terminal execute a deletion:

curl -X POST -d @/tmp/delete.json -H "Authorization: Bearer $API_TOKEN" -H "Content-Type: application/json" http://localhost:4000/api/provision

Then, in your IEx session:

latest_event = Repo.one!(latest_provisioner_event_query)

The event attribute of latest_event should be set to deleted_by_provisioner.

AI Usage

Please disclose how you've used AI in this work (it's cool, we just want to know!):

• Code generation (copilot but not intellisense)
• Learning or fact checking
• Strategy / design
• Optimisation / refactoring
• Translation / spellchecking / doc gen
• Other
• I have not used AI

You can read more details in our Responsible AI Policy

Pre-submission checklist

• I have performed a self-review of my code.
• I have implemented and tested all related authorization policies. (e.g., :owner, :admin, :editor, :viewer)
• I have updated the changelog.
• I have ticked a box in "AI usage" in this PR

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.40%. Comparing base (abad0f3) to head (e496b47).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2818      +/-   ##
==========================================
+ Coverage   91.37%   91.40%   +0.03%     
==========================================
  Files         338      338              
  Lines       12052    12067      +15     
==========================================
+ Hits        11012    11030      +18     
+ Misses       1040     1037       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jyeshe]

Thanks for the detailed explanation on the PR Rory. The shortcut link to the commit was helpful.
Left only one request for a higher level function on audit_workflows 🙏

[jyeshe]

Being already part of a transaction it wasn't necessary to be on a Multi. Nonetheless, I see little benefit from refactoring it to a reduce_while for now.

[jyeshe]

I imagine it would be more readable replacing the case assignment with a function append_multi or a smarter audit_workflow_multi that does all the logic. Here on the high level would contain only the iteration.

[jyeshe]

Got it, that's why you haven't used the Changeset.get_field

[jyeshe]

Neat!