Skip to content

feat(coderd/database/dbpurge): add retention for audit logs #21025

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mafredri merged 5 commits into from
Dec 2, 2025
Merged

feat(coderd/database/dbpurge): add retention for audit logs #21025

mafredri merged 5 commits into from
Dec 2, 2025
+296 −0

Conversation

@mafredri
Copy link
Member

@mafredri mafredri commented Dec 1, 2025
edited by dannykopping
Loading

Add configurable retention policy for audit logs. The DeleteOldAuditLogs
query excludes deprecated connection events (connect, disconnect, open,
close) which are handled separately by DeleteOldAuditLogConnectionEvents.

Disabled (0) by default.

Depends on #21021
Updates #20743

PR Stack

PR Title
#21021 feat(coderd): add retention policy configuration
#21022 feat(coderd/database/dbpurge): add retention for connection logs
👉 #21025 feat(coderd/database/dbpurge): add retention for audit logs
#21037 feat(coderd/database/dbpurge): make API keys retention configurable
#21038 docs: add data retention documentation
#21039 feat: add retention config for workspace_agent_logs

This was referenced Dec 1, 2025
Merged
Merged
Merged
Merged
@mafredri mafredri force-pushed the mafredri/feat-coderd-db-retention-policy-3 branch 2 times, most recently from 07ae594 to 9ca58c3 Compare December 1, 2025 18:07
@mafredri mafredri mentioned this pull request Dec 1, 2025
Merged
@mafredri mafredri marked this pull request as ready for review December 1, 2025 18:18
@mafredri mafredri force-pushed the mafredri/feat-coderd-db-retention-policy-2 branch from 782f1f7 to 039afdb Compare December 2, 2025 09:59
@mafredri mafredri force-pushed the mafredri/feat-coderd-db-retention-policy-3 branch from 9ca58c3 to a21395a Compare December 2, 2025 10:02
dannykopping
dannykopping approved these changes Dec 2, 2025
View reviewed changes
Copy link
Contributor

@dannykopping dannykopping left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, except for batch size; I won't need to re-review.

@mafredri mafredri force-pushed the mafredri/feat-coderd-db-retention-policy-3 branch from a21395a to 82f1c2b Compare December 2, 2025 11:37
Emyrk
Emyrk approved these changes Dec 2, 2025
View reviewed changes
Copy link
Member

@Emyrk Emyrk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Agree 1k is low

@mafredri mafredri force-pushed the mafredri/feat-coderd-db-retention-policy-3 branch from 82f1c2b to 2ce8f62 Compare December 2, 2025 12:56
@mafredri
Copy link
Member Author

mafredri commented Dec 2, 2025

@dannykopping @Emyrk I've bumped to 10k for both audit and connection logs 👍🏻

@mafredri mafredri force-pushed the mafredri/feat-coderd-db-retention-policy-2 branch from 6433def to d456497 Compare December 2, 2025 14:05
@mafredri mafredri force-pushed the mafredri/feat-coderd-db-retention-policy-3 branch from 2ce8f62 to 8cb020d Compare December 2, 2025 14:13
Base automatically changed from mafredri/feat-coderd-db-retention-policy-2 to main December 2, 2025 14:17
@mafredri
feat(coderd/database/dbpurge): add retention for audit logs
b7b586f 
Add configurable retention policy for audit logs. The DeleteOldAuditLogs
query excludes deprecated connection events (connect, disconnect, open,
close) which are handled separately by DeleteOldAuditLogConnectionEvents.

Falls back to global retention if audit logs retention is unset.
Disabled (0) by default.

Depends on #21021
Updates #20743
@mafredri
fix: add DeleteOldAuditLogs to dbauthz test suite
a0ed042
@mafredri
test(coderd/database/dbpurge): convert audit logs tests to table-driven
6cc2ea9
@mafredri
chore: remove global retention fallback for audit logs
a30940e 
Audit logs retention is now explicit - it's enabled when
--audit-logs-retention is set to a non-zero duration, and
disabled when set to 0. No fallback to global retention.
@mafredri
refactor: optimize DeleteOldAuditLogs to use :execrows
2a45adb 
Use :execrows instead of :one to simplify the query by removing the
extra CTE wrapper. This lets PostgreSQL return the row count directly
via RowsAffected() instead of requiring an explicit COUNT(*) scan.
@mafredri mafredri force-pushed the mafredri/feat-coderd-db-retention-policy-3 branch from 8cb020d to 2a45adb Compare December 2, 2025 14:18
@mafredri mafredri merged commit c85d79b into main Dec 2, 2025
30 checks passed
@mafredri mafredri deleted the mafredri/feat-coderd-db-retention-policy-3 branch December 2, 2025 14:50
@github-actions github-actions bot locked and limited conversation to collaborators Dec 2, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dannykopping dannykopping dannykopping approved these changes

@Emyrk Emyrk Emyrk approved these changes

Assignees

@mafredri mafredri

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mafredri @dannykopping @Emyrk