Add comment fields to UI for auditing

kjsbot · kjsbot · commit 71f5cfdb42e1 · 2026-01-26T12:02:52.000-08:00
diff --git a/docs/operation.md b/docs/operation.md
@@ -16,6 +16,7 @@ Existing cluster information can also be modified using the edit button.
 
 ![trino.gateway.io/entity](./assets/trinogateway_cluster_page.png)
 
+**Note:** When adding or modifying a backend through the UI, a comment is required. Please provide a meaningful comment describing the reason for the change.
 
 ## Graceful shutdown
 
diff --git a/gateway-ha/src/main/java/io/trino/gateway/ha/audit/AuditAction.java b/gateway-ha/src/main/java/io/trino/gateway/ha/audit/AuditAction.java
@@ -11,12 +11,13 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.trino.gateway.ha;
+package io.trino.gateway.ha.audit;
 
 public enum AuditAction {
     CREATE,
     UPDATE,
     DELETE,
     ACTIVATE,
-    DEACTIVATE
+    DEACTIVATE,
+    UNKNOWN
 }
diff --git a/gateway-ha/src/main/java/io/trino/gateway/ha/audit/AuditContext.java b/gateway-ha/src/main/java/io/trino/gateway/ha/audit/AuditContext.java
@@ -11,9 +11,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.trino.gateway.ha;
+package io.trino.gateway.ha.audit;
 
 public enum AuditContext {
     TRINO_GW_UI,
-    TRINO_GW_API,
+    TRINO_GW_API
 }
diff --git a/gateway-ha/src/main/java/io/trino/gateway/ha/audit/AuditLogger.java b/gateway-ha/src/main/java/io/trino/gateway/ha/audit/AuditLogger.java
@@ -11,7 +11,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.trino.gateway.ha;
+package io.trino.gateway.ha.audit;
 
 import static java.util.Objects.requireNonNullElse;
 
diff --git a/gateway-ha/src/main/java/io/trino/gateway/ha/audit/CompositeAuditLogger.java b/gateway-ha/src/main/java/io/trino/gateway/ha/audit/CompositeAuditLogger.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.trino.gateway.ha.audit;
+
+import com.google.inject.Inject;
+import io.airlift.log.Logger;
+
+import java.util.Collections;
+import java.util.Set;
+
+import static java.util.Objects.requireNonNullElse;
+
+public class CompositeAuditLogger
+        implements AuditLogger
+{
+    private static final Logger log = Logger.get(CompositeAuditLogger.class);
+    private final Set<AuditLogger> loggers;
+
+    @Inject
+    public CompositeAuditLogger(Set<AuditLogger> loggers)
+    {
+        this.loggers = requireNonNullElse(loggers, Collections.emptySet());
+    }
+
+    @Override
+    public void logAudit(String user, String ip, String backend, AuditAction action, AuditContext context, boolean success, String userComment)
+    {
+        String sanitizedComment = AuditLogger.sanitizeComment(userComment);
+        for (AuditLogger logger : loggers) {
+            try {
+                logger.logAudit(user, ip, backend, action, context, success, sanitizedComment);
+            }
+            catch (Exception e) {
+                log.error(e, "Audit sink %s failed", logger.getClass().getSimpleName());
+            }
+        }
+    }
+}
diff --git a/gateway-ha/src/main/java/io/trino/gateway/ha/audit/DatabaseAuditLogger.java b/gateway-ha/src/main/java/io/trino/gateway/ha/audit/DatabaseAuditLogger.java
@@ -11,7 +11,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.trino.gateway.ha;
+package io.trino.gateway.ha.audit;
 
 import io.airlift.log.Logger;
 import io.trino.gateway.ha.persistence.dao.AuditLogDao;
diff --git a/gateway-ha/src/main/java/io/trino/gateway/ha/audit/LogAuditLogger.java b/gateway-ha/src/main/java/io/trino/gateway/ha/audit/LogAuditLogger.java
@@ -11,7 +11,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.trino.gateway.ha;
+package io.trino.gateway.ha.audit;
 
 import io.airlift.log.Logger;
 
diff --git a/gateway-ha/src/main/java/io/trino/gateway/ha/config/AdminProxyBackendConfiguration.java b/gateway-ha/src/main/java/io/trino/gateway/ha/config/AdminProxyBackendConfiguration.java
@@ -0,0 +1,128 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.trino.gateway.ha.config;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonSetter;
+import io.trino.gateway.ha.audit.AuditAction;
+import io.trino.gateway.ha.audit.AuditContext;
+
+public class AdminProxyBackendConfiguration
+{
+    private final ProxyBackendConfiguration proxyBackendConfiguration = new ProxyBackendConfiguration();
+    private AuditAction action;
+    private String comment = "";
+    private AuditContext context;
+
+    @JsonProperty
+    public String getName()
+    {
+        return proxyBackendConfiguration.getName();
+    }
+
+    @JsonSetter
+    public void setName(String name)
+    {
+        proxyBackendConfiguration.setName(name);
+    }
+
+    @JsonProperty
+    public String getProxyTo()
+    {
+        return proxyBackendConfiguration.getProxyTo();
+    }
+
+    @JsonSetter
+    public void setProxyTo(String proxyTo)
+    {
+        proxyBackendConfiguration.setProxyTo(proxyTo);
+    }
+
+    @JsonProperty
+    public String getExternalUrl()
+    {
+        return proxyBackendConfiguration.getExternalUrl();
+    }
+
+    @JsonSetter
+    public void setExternalUrl(String externalUrl)
+    {
+        proxyBackendConfiguration.setExternalUrl(externalUrl);
+    }
+
+    @JsonProperty
+    public boolean isActive()
+    {
+        return proxyBackendConfiguration.isActive();
+    }
+
+    @JsonSetter
+    public void setActive(boolean active)
+    {
+        proxyBackendConfiguration.setActive(active);
+    }
+
+    @JsonProperty
+    public String getRoutingGroup()
+    {
+        return proxyBackendConfiguration.getRoutingGroup();
+    }
+
+    @JsonSetter
+    public void setRoutingGroup(String routingGroup)
+    {
+        proxyBackendConfiguration.setRoutingGroup(routingGroup);
+    }
+
+    @JsonProperty
+    public AuditAction getAction()
+    {
+        return this.action;
+    }
+
+    @JsonSetter
+    public void setAction(AuditAction action)
+    {
+        this.action = action;
+    }
+
+    @JsonProperty
+    public String getComment()
+    {
+        return this.comment;
+    }
+
+    @JsonSetter
+    public void setComment(String comment)
+    {
+        this.comment = comment;
+    }
+
+    @JsonProperty
+    public AuditContext getContext()
+    {
+        return this.context;
+    }
+
+    @JsonSetter
+    public void setContext(AuditContext context)
+    {
+        this.context = context;
+    }
+
+    public ProxyBackendConfiguration getProxyBackendConfiguration()
+    {
+        return proxyBackendConfiguration;
+    }
+}
diff --git a/gateway-ha/src/main/java/io/trino/gateway/ha/module/HaGatewayProviderModule.java b/gateway-ha/src/main/java/io/trino/gateway/ha/module/HaGatewayProviderModule.java
@@ -19,7 +19,10 @@
 import com.google.inject.Scopes;
 import com.google.inject.Singleton;
 import io.airlift.http.client.HttpClient;
-import io.trino.gateway.ha.DatabaseAuditLogger;
+import io.trino.gateway.ha.audit.AuditLogger;
+import io.trino.gateway.ha.audit.CompositeAuditLogger;
+import io.trino.gateway.ha.audit.DatabaseAuditLogger;
+import io.trino.gateway.ha.audit.LogAuditLogger;
 import io.trino.gateway.ha.clustermonitor.ClusterStatsHttpMonitor;
 import io.trino.gateway.ha.clustermonitor.ClusterStatsInfoApiMonitor;
 import io.trino.gateway.ha.clustermonitor.ClusterStatsJdbcMonitor;
@@ -73,6 +76,7 @@
 
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import static io.airlift.jaxrs.JaxrsBinder.jaxrsBinder;
 import static io.trino.gateway.ha.config.ClusterStatsMonitorType.INFO_API;
@@ -91,7 +95,7 @@ public class HaGatewayProviderModule
     private final GatewayBackendManager gatewayBackendManager;
     private final QueryHistoryManager queryHistoryManager;
     private final PathFilter pathFilter;
-    private final DatabaseAuditLogger dbAuditLogger;
+    private final CompositeAuditLogger compositeAuditLogger;
 
     @Override
     protected void configure()
@@ -102,7 +106,7 @@ protected void configure()
         binder().bind(QueryHistoryManager.class).toInstance(queryHistoryManager);
         binder().bind(BackendStateManager.class).in(Scopes.SINGLETON);
         binder().bind(PathFilter.class).toInstance(pathFilter);
-        binder().bind(DatabaseAuditLogger.class).toInstance(dbAuditLogger);
+        binder().bind(AuditLogger.class).toInstance(compositeAuditLogger);
     }
 
     public HaGatewayProviderModule(HaGatewayConfiguration configuration)
@@ -128,7 +132,10 @@ public HaGatewayProviderModule(HaGatewayConfiguration configuration)
         resourceGroupsManager = new HaResourceGroupsManager(connectionManager);
         gatewayBackendManager = new HaGatewayManager(jdbi, configuration.getRouting());
         queryHistoryManager = new HaQueryHistoryManager(jdbi, configuration.getDataStore().getJdbcUrl().startsWith("jdbc:oracle"));
-        dbAuditLogger = new DatabaseAuditLogger(jdbi);
+
+        LogAuditLogger logAuditLogger = new LogAuditLogger();
+        DatabaseAuditLogger dbAuditLogger = new DatabaseAuditLogger(jdbi);
+        compositeAuditLogger = new CompositeAuditLogger(Set.of(logAuditLogger, dbAuditLogger));
     }
 
     private LbOAuthManager getOAuthManager(HaGatewayConfiguration configuration)
diff --git a/gateway-ha/src/main/java/io/trino/gateway/ha/resource/GatewayWebAppResource.java b/gateway-ha/src/main/java/io/trino/gateway/ha/resource/GatewayWebAppResource.java
diff --git a/webapp/src/components/cluster.tsx b/webapp/src/components/cluster.tsx
diff --git a/webapp/src/constant.ts b/webapp/src/constant.ts
diff --git a/webapp/src/locales/en_US.ts b/webapp/src/locales/en_US.ts

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ Existing cluster information can also be modified using the edit button.`
`16`	`16`
`17`	`17`	`![trino.gateway.io/entity](./assets/trinogateway_cluster_page.png)`
`18`	`18`
	`19`	`+Note: When adding or modifying a backend through the UI, a comment is required. Please provide a meaningful comment describing the reason for the change.`
`19`	`20`
`20`	`21`	`## Graceful shutdown`
`21`	`22`