Skip to content

auditlog: switch to pghistory (for real) #13587

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
valentijnscholten wants to merge 20 commits into
base: dev
Choose a base branch
from
Open

auditlog: switch to pghistory (for real) #13587

valentijnscholten wants to merge 20 commits into from
+824 −1,138

Conversation

@valentijnscholten
Copy link
Member

@valentijnscholten valentijnscholten commented Nov 1, 2025
edited
Loading

In #13169 we introducted django-pghistory as an alternative auditlog solution. The goal has always been to move to django-pghistory, which is what this PR does now that we have had some time to test it.

This PR:

  • Removes DD_AUDITLOG_TYPE
  • Removes any code related to tracking changes with django-auditlog
  • Keeps existing records
  • Keeps displaying existing records
  • Removes any unit tests / workflow runs that were specific to django-auditlog

I tried removing the django-auditlog as a dependency, but this has some complications. We may have to postpone this a bit to not have everything in one release.

@valentijnscholten valentijnscholten added this to the 2.53.0 milestone Nov 1, 2025
@github-actions github-actions bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR docs unittests labels Nov 1, 2025
@github-actions github-actions bot added the New Migration Adding a new migration file. Take care when merging. label Nov 1, 2025
@github-actions github-actions bot added the ui label Nov 1, 2025
@valentijnscholten valentijnscholten marked this pull request as ready for review November 1, 2025 22:49
@valentijnscholten valentijnscholten marked this pull request as draft November 2, 2025 07:40
@valentijnscholten
Copy link
Member Author

valentijnscholten commented Nov 2, 2025

Converted back to draft as we need to align the merge/release with Pro.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 3, 2025

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 6, 2025

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 10, 2025

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@valentijnscholten valentijnscholten modified the milestones: 2.53.0, 2.54.0 Nov 27, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 7, 2025

Conflicts have been resolved. A maintainer will review the pull request shortly.

Valentijn Scholten added 2 commits December 7, 2025 18:25
@valentijnscholten valentijnscholten changed the title auditlog: switch to pghistory auditlog: switch to pghistory (for real) Dec 7, 2025
@valentijnscholten valentijnscholten added the affects_pro PRs that affect Pro and need a coordinated release/merge moment. label Dec 8, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 8, 2025

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 8, 2025

Conflicts have been resolved. A maintainer will review the pull request shortly.

Maffooch
Maffooch approved these changes Dec 10, 2025
View reviewed changes
dojo/settings/settings.dist.py Outdated
# Insert pghistory HistoryMiddleware before CurrentRequestUserMiddleware
middleware_list.insert(crum_index, "dojo.middleware.PgHistoryMiddleware")
# Insert pghistory HistoryMiddleware before CurrentRequestUserMiddleware
middleware_list.insert(crum_index, "dojo.middleware.PgHistoryMiddleware")
Copy link
Contributor

@Maffooch Maffooch Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this moved the MIDDLEWARE block?

Copy link
Member Author

@valentijnscholten valentijnscholten Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Maffooch you mean like this 8878a0f

@valentijnscholten valentijnscholten marked this pull request as ready for review December 11, 2025 06:49
@dryrunsecurity
Copy link

dryrunsecurity bot commented Dec 11, 2025
edited
Loading

DryRun Security

🔴 Risk threshold exceeded.

This pull request modifies several sensitive code paths (dojo/filters.py, dojo/middleware.py, and two DB migration scripts dojo/db_migrations/0249_* and 0250_*), which the scanner flagged as sensitive edits that may require configuration of allowed authors or paths in .dryrunsecurity.yaml. None of the findings are marked blocking, but they are flagged at a failing risk threshold and should be reviewed carefully.

🔴 Configured Codepaths Edit in dojo/filters.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
🔴 Configured Codepaths Edit in dojo/middleware.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
🔴 Configured Codepaths Edit in dojo/middleware.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
🔴 Configured Codepaths Edit in dojo/db_migrations/0249_findingreviewers_findingreviewersevent_and_more.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
🔴 Configured Codepaths Edit in dojo/db_migrations/0250_pghistory_backfill.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
🔴 Configured Codepaths Edit in dojo/filters.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

We've notified @mtesauro.

All finding details can be found in the DryRun Security Dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Maffooch Maffooch Maffooch approved these changes

@Jino-T Jino-T Jino-T approved these changes

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

@blakeaowens blakeaowens Awaiting requested review from blakeaowens

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

affects_pro PRs that affect Pro and need a coordinated release/merge moment. docs New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR ui unittests

Projects

None yet

Milestone

2.54.0

Development

Successfully merging this pull request may close these issues.

3 participants

@valentijnscholten @Maffooch @Jino-T