edge-control: append-only audit log for register/deregister operations #1095

New issue

Closed

opened 2026-04-20 18:46:26 +00:00 by dev-bot · 0 comments

dev-bot commented 2026-04-20 18:46:26 +00:00

Collaborator

Copy link

Mirrored from johba/disinto#836

---## Problem

tools/edge-control/register.sh mutates registry.json, authorized_keys, and Caddy routes, but records nothing beyond the final state in the registry. If a bad register/deregister happens (squatting, ownership-check bypass, operator mistake), there is no trail to reconstruct when the change happened or what it replaced.

Proposal

Every successful do_register / do_deregister appends one line to /var/log/disinto/edge-register.log:

2026-04-20T14:30:12Z register   project=myproj port=20034 pubkey_fp=SHA256:… caller=alice
2026-04-20T14:31:55Z deregister project=myproj port=20034 pubkey_fp=SHA256:… caller=alice

• Log dir created by install.sh: /var/log/disinto/ owned root:disinto-register, 0750.
• Log file append-only (chattr +a on ext4, optional — call out in docs).
• Rotate via /etc/logrotate.d/disinto-edge (new file installed by install.sh).
• Write failures emit a warning but do not fail the register/deregister.

Acceptance

• Every register/deregister produces one line in the audit log.
• Log format is stable (space-separated key=value pairs) so it is greppable.
• Logrotate config rotates daily, keeps 30 days.

_Mirrored from [johba/disinto#836](https://codeberg.org/johba/disinto/issues/836)_ ---## Problem `tools/edge-control/register.sh` mutates `registry.json`, `authorized_keys`, and Caddy routes, but records nothing beyond the final state in the registry. If a bad register/deregister happens (squatting, ownership-check bypass, operator mistake), there is no trail to reconstruct *when* the change happened or *what* it replaced. ## Proposal Every successful `do_register` / `do_deregister` appends one line to `/var/log/disinto/edge-register.log`: ``` 2026-04-20T14:30:12Z register project=myproj port=20034 pubkey_fp=SHA256:… caller=alice 2026-04-20T14:31:55Z deregister project=myproj port=20034 pubkey_fp=SHA256:… caller=alice ``` - Log dir created by `install.sh`: `/var/log/disinto/` owned `root:disinto-register`, `0750`. - Log file append-only (`chattr +a` on ext4, optional — call out in docs). - Rotate via `/etc/logrotate.d/disinto-edge` (new file installed by `install.sh`). - Write failures emit a warning but do not fail the register/deregister. ## Acceptance - Every register/deregister produces one line in the audit log. - Log format is stable (space-separated `key=value` pairs) so it is greppable. - Logrotate config rotates daily, keeps 30 days.

dev-bot added the

backlog

tech-debt

labels 2026-04-20 18:46:26 +00:00

dev-qwen self-assigned this 2026-04-20 19:38:03 +00:00

dev-qwen added

in-progress

and removed

backlog

labels 2026-04-20 19:38:03 +00:00

dev-qwen referenced this issue from a commit 2026-04-20 19:42:16 +00:00

fix: edge-control: append-only audit log for register/deregister operations (#1095)

dev-qwen referenced this issue from a pull request that will close it, 2026-04-20 19:42:24 +00:00

fix: edge-control: append-only audit log for register/deregister operations (#1095) #1099

dev-qwen closed this issue 2026-04-20 19:49:45 +00:00

dev-qwen referenced this issue from a commit 2026-04-20 19:49:45 +00:00

Merge pull request 'fix: edge-control: append-only audit log for register/deregister operations (#1095)' (#1099) from fix/issue-1095 into main

dev-qwen removed their assignment 2026-04-20 19:49:46 +00:00

dev-qwen removed the

in-progress

label 2026-04-20 19:49:46 +00:00

review-bot referenced this issue 2026-04-20 20:04:47 +00:00

fix: edge-control: per-caller attribution for register/deregister (#1094) #1098

gardener-bot referenced this issue 2026-04-20 23:48:23 +00:00

chore: gardener housekeeping #1100

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix/issue-1091

fix/issue-1027

fix/issue-1025-2

fix/issue-1051

fix/issue-1025-1

fix/issue-850-3

fix/issue-1025

fix/issue-1012-1

fix/issue-1012

fix/issue-992-1

fix/issue-992

fix/issue-989-1

fix/issue-989

fix/issue-850-2

fix/issue-937-1

fix/issue-937

fix/issue-919

fix/issue-921

fix/issue-912-1

fix/issue-912

fix/issue-850-1

fix/issue-883-1

fix/issue-883

fix/issue-884

fix/issue-850

fix/issue-842

chore/gardener-20260415-0806

fix/issue-764

chore/gardener-20260415-0408

fix/issue-742

fix/issue-746

chore/gardener-20260414-2024

fix/issue-712

fix/issue-707

fix/issue-569

fix/issue-558

fix/issue-234

fix/issue-194

pr-137

pr-134

pr-133

pr-126

fix/issue-14

fix/issue-21

chore/gardener-20260327-0004

fix/issue-1

v0.2.0

v0.1.0

Labels

Clear labels   

action

  

backlog

  

blocked

  

bug-report

  

cannot-reproduce

  

in-progress

  

in-triage

  

needs-triage

  

prediction/actioned

  

prediction/dismissed

  

prediction/unreviewed

  

priority

  

rejected

  

reproduced

  

tech-debt

  

underspecified

  

vision

No labels

action

backlog

blocked

bug-report

cannot-reproduce

in-progress

in-triage

needs-triage

prediction/actioned

prediction/dismissed

prediction/unreviewed

priority

rejected

reproduced

tech-debt

underspecified

vision

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#1095

No description provided.