Skip to content

update the apiSpec with the audit-logs update #2994

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

update the apiSpec with the audit-logs update #2994

wants to merge 1 commit into from

Conversation

@sivanel97
Copy link
Contributor

@sivanel97 sivanel97 commented Nov 6, 2025
edited by qodo-merge-pro bot
Loading

User description

Description

Updated the audit-log description with the new limitation.

PR Type

Documentation

Description

  • Add non-admin user access limitations to audit logs API

  • Document that non-admin users can only pass identifier or entity parameters

  • Clarify non-admin users cannot view deleted entity audit logs

Diagram Walkthrough

flowchart LR
  A["Audit Logs API Documentation"] -- "Add access limitations note" --> B["Non-admin user restrictions"]
  B -- "Can pass identifier or entity" --> C["Limited access parameters"]
  B -- "Cannot view deleted entities" --> D["Access denial rules"]
Loading

File Walkthrough
Relevant files
Documentation
get-audit-logs.api.mdx
Add non-admin access limitations documentation                     

docs/api-reference/get-audit-logs.api.mdx

  • Added comprehensive note about non-admin user access limitations to
    the API description
  • Documented that non-admin users can only pass identifier or entity
    parameters
  • Clarified that non-admin users cannot view audit logs of deleted
    entities
  • Updated both the frontmatter description and the main content section
 +10/-4   
apispec.yaml
Update OpenAPI spec with access limitations                           

static/apispec.yaml

  • Updated the OpenAPI specification description for the get audit logs
    endpoint
  • Added the same non-admin user access limitation note to the API spec
  • Reformatted description to single-line format for YAML compliance
 +1/-8     

@qodo-merge-pro
Copy link
Contributor

qodo-merge-pro bot commented Nov 6, 2025

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
Documentation Only: The PR updates documentation text and OpenAPI descriptions without adding or modifying
runtime logging code, so we cannot verify that critical actions are logged with required
context.

Referred Code 
This route allows you to fetch audit logs from your Port account. Your audit logs can also be viewed via [Port's UI](https://app.getport.io/settings/AuditLog).<br/><br/>This route will perform a logical `AND` between all query parameters below, and return all logs that match the criteria.

**Note:** Non-admin users have limited access to the audit logs API. They may:<br/>
- Pass an `identifier` to access a specific audit log.
- Pass an `entity` to retrieve audit logs of entities they have access to.

Non-admin users **cannot** view audit logs of deleted entities.
Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status:
No Code Changes: The changes only modify descriptive text in documentation and API spec; there are no new
identifiers or code elements to assess for naming quality.

Referred Code 
summary: Get audit logs
tags:
  - Audit
description: "This route allows you to fetch audit logs from your Port account. Your audit logs can also be viewed via [Port's UI](https://app.getport.io/settings/AuditLog).<br/><br/>This route will perform a logical `AND` between all query parameters below, and return all logs that match the criteria.<br/><br/>**Note:** Non-admin users have limited access to the audit logs API. They may:<br/>- Pass an `identifier` to access a specific audit log.<br/>- Pass an `entity` to retrieve audit logs of entities they have access to.<br/>Non-admin users **cannot** view audit logs of deleted entities.<br/><br/>:::warning Beta integration value<br/>The `integration` value in the `resources` parameter is **experimental**. Its behavior may change in future versions of the API.<br/>:::"
parameters:
Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
Not Applicable Here: The PR only updates documentation content and does not introduce executable logic where
error handling or edge cases could be evaluated.

Referred Code 
This route allows you to fetch audit logs from your Port account. Your audit logs can also be viewed via [Port's UI](https://app.getport.io/settings/AuditLog).<br/><br/>This route will perform a logical `AND` between all query parameters below, and return all logs that match the criteria.

**Note:** Non-admin users have limited access to the audit logs API. They may:<br/>
- Pass an `identifier` to access a specific audit log.
- Pass an `entity` to retrieve audit logs of entities they have access to.

Non-admin users **cannot** view audit logs of deleted entities.

:::warning Beta integration value
The `integration` value in the `resources` parameter is **experimental**. Its behavior may change in future versions of the API.
:::
Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status:
No User Errors: Only descriptive fields were changed in the spec and docs; there are no user-facing error
messages added to assess for sensitive information leakage.

Referred Code 
summary: Get audit logs
tags:
  - Audit
description: "This route allows you to fetch audit logs from your Port account. Your audit logs can also be viewed via [Port's UI](https://app.getport.io/settings/AuditLog).<br/><br/>This route will perform a logical `AND` between all query parameters below, and return all logs that match the criteria.<br/><br/>**Note:** Non-admin users have limited access to the audit logs API. They may:<br/>- Pass an `identifier` to access a specific audit log.<br/>- Pass an `entity` to retrieve audit logs of entities they have access to.<br/>Non-admin users **cannot** view audit logs of deleted entities.<br/><br/>:::warning Beta integration value<br/>The `integration` value in the `resources` parameter is **experimental**. Its behavior may change in future versions of the API.<br/>:::"
parameters:
Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status:
Logging Not Altered: The PR modifies audit log endpoint descriptions but does not change logging behavior or
content, so we cannot assess whether sensitive data is excluded from logs.

Referred Code 
description: "This route allows you to fetch audit logs from your Port account. Your audit logs can also be viewed via [Port's UI](https://app.getport.io/settings/AuditLog).<br/><br/>This route will perform a logical `AND` between all query parameters below, and return all logs that match the criteria.<br/><br/>**Note:** Non-admin users have limited access to the audit logs API. They may:<br/>- Pass an `identifier` to access a specific audit log.<br/>- Pass an `entity` to retrieve audit logs of entities they have access to.<br/>Non-admin users **cannot** view audit logs of deleted entities.<br/><br/>:::warning Beta integration value<br/>The `integration` value in the `resources` parameter is **experimental**. Its behavior may change in future versions of the API.<br/>:::"
Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
No Input Handling: Changes are limited to documentation text and do not include input parsing or validation
logic to evaluate for security controls.

Referred Code 
**Note:** Non-admin users have limited access to the audit logs API. They may:<br/>
- Pass an `identifier` to access a specific audit log.
- Pass an `entity` to retrieve audit logs of entities they have access to.

Non-admin users **cannot** view audit logs of deleted entities.
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-merge-pro
Copy link
Contributor

qodo-merge-pro bot commented Nov 6, 2025

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Organization
best practice
Use descriptive link text

Replace the generic link text with descriptive wording to clarify the
destination while keeping the full URL.

static/apispec.yaml [28215]

-description: "This route allows you to fetch audit logs from your Port account. Your audit logs can also be viewed via [Port's UI](https://app.getport.io/settings/AuditLog).<br/><br/>This route will perform a logical `AND` between all query parameters below, and return all logs that match the criteria.<br/><br/>**Note:** Non-admin users have limited access to the audit logs API. They may:<br/>- Pass an `identifier` to access a specific audit log.<br/>- Pass an `entity` to retrieve audit logs of entities they have access to.<br/>Non-admin users **cannot** view audit logs of deleted entities.<br/><br/>:::warning Beta integration value<br/>The `integration` value in the `resources` parameter is **experimental**. Its behavior may change in future versions of the API.<br/>:::"
+description: "This route allows you to fetch audit logs from your Port account. You can also view them in the [Port Audit Log settings](https://app.getport.io/settings/AuditLog).<br/><br/>This route will perform a logical `AND` between all query parameters below, and return all logs that match the criteria.<br/><br/>**Note:** Non-admin users have limited access to the audit logs API. They may:<br/>- Pass an `identifier` to access a specific audit log.<br/>- Pass an `entity` to retrieve audit logs of entities they have access to.<br/>Non-admin users **cannot** view audit logs of deleted entities.<br/><br/>:::warning Beta integration value<br/>The `integration` value in the `resources` parameter is **experimental**. Its behavior may change in future versions of the API.<br/>:::"

[To ensure code accuracy, apply this suggestion manually]

Suggestion importance[1-10]: 6

__

Why:
Relevant best practice - Pattern 12: Use descriptive link text and full paths consistently; avoid generic link phrasing.

Low
  • More

@sivanel97 sivanel97 added the waiting for prod Approved and waiting for feature to be deployed label Nov 6, 2025
@aws-amplify-eu-west-1
Copy link

aws-amplify-eu-west-1 bot commented Nov 6, 2025

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-2994.d2ngvl90zqbob8.amplifyapp.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Review effort 1/5 waiting for prod Approved and waiting for feature to be deployed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sivanel97