dmchen/self-audit-git-29

[cadem]

Description

Issue(s)

• Close/close/Fix/fix/Resolve/resolve: Issue Link

Checklist

Please check the items in the checklist if applicable.

• Is the user manual updated?
• Are the test cases passed and automated?
• Is there no significant decrease in test coverage?

[gemini-code-assist]

Summary of Changes

Hello @cadem, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the system's auditing capabilities by integrating a 'self-audit' feature. This allows audit logs to be stored directly within the database, providing a more cohesive and robust internal logging mechanism. The changes encompass new configuration options, updated data structures for message passing, and a complete pipeline for processing and persisting audit records into a newly defined internal super table. This ensures that critical system activities are reliably recorded and accessible within the database environment itself.

Highlights

• Self-Audit Feature Implementation: Introduced a new 'self-audit' capability, allowing audit logs to be stored directly within the database system itself, controlled by the auditSaveInSelf configuration parameter. This provides an integrated solution for capturing operational events.
• Dedicated Audit Super Table: Defined a specific super table named operations for audit records. This table includes columns for essential audit information such as timestamp, operation details, user, operation type, affected database and resource, client address, duration, and affected rows, with cluster_id serving as a tag.
• Audit Record Processing Pipeline: Implemented new message types (TDMT_VND_AUDIT_RECORD, SVAuditRecordReq) and processing logic within the vnode and mnode components. This pipeline handles the deserialization of audit records, auto-creation of child tables (e.g., t_operations_<cluster_id>), and efficient insertion of audit data into the internal audit table.
• Configuration and Error Handling Enhancements: Added tsAuditSaveInSelf as a global and configurable boolean flag. Updated SStatusReq, SStatusRsp, and SAudit structures to include audit-related endpoint set (auditEpSet) and vgroup ID (auditVgId) for better management. A new error code (TSDB_CODE_AUDIT_DB_NOT_MULTI_VGROUP) was introduced to enforce that audit databases, when self-auditing, must be configured with a single vgroup.
• Comprehensive Test Coverage: A new Python test script (test_com_taosd_self_audit.py) was added to thoroughly validate the self-audit feature. This test covers various database operations like user creation, table creation, data insertion, selection, and deletion, verifying that corresponding audit entries are correctly generated and stored.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• docs/en/14-reference/09-error-code.md
  • Added new error code 0x80006108 for audit databases not allowing multiple vgroups.
  • Corrected typo 'param,eter' to 'parameter' in multiple error descriptions.
• docs/zh/14-reference/09-error-code.md
  • Added Chinese translation for the new error code 0x80006108.
• include/common/tglobal.h
  • Declared extern bool tsAuditSaveInSelf; to control the self-audit feature.
• include/common/tmsg.h
  • Extended SStatusReq and SStatusRsp structs with SEpSet auditEpSet and int32_t auditVgId.
  • Defined new SVAuditRecordReq struct and its serialization/deserialization functions for audit messages.
• include/common/tmsgcb.h
  • Added AUDIT_QUEUE to the EQueueType enum for audit message routing.
• include/common/tmsgdef.h
  • Defined TDMT_VND_AUDIT_RECORD message type for vnode audit records.
• include/libs/audit/audit.h
  • Added mndGetDnodeEpsetByIdFn function pointer type.
  • Minor formatting adjustments to SAuditRecord and audit function declarations.
• include/util/taoserror.h
  • Defined TSDB_CODE_AUDIT_DB_NOT_MULTI_VGROUP error code.
• include/util/tdef.h
  • Defined AUDIT_STABLE_NAME macro as 'operations' for the audit super table.
• include/util/tjson.h
  • Added tjsonGetStringPointer function for efficient string access in JSON objects.
  • Improved null-pointer safety in tjsonGetStringValue2.
• source/common/src/msg/tmsg.c
  • Implemented serialization and deserialization logic for auditEpSet and auditVgId in SStatusReq and SStatusRsp.
  • Implemented serialization and deserialization for SVAuditRecordReq.
• source/common/src/tglobal.c
  • Initialized tsAuditSaveInSelf to false.
  • Added auditSaveInSelf to the dynamic configuration options.
• source/dnode/mgmt/mgmt_dnode/src/dmHandle.c
  • Modified setAuditDbNameToken to accept SEpSet *ep and int32_t auditVgId.
  • Added getAuditEpSet function.
  • Updated dmProcessStatusRsp and dmSendStatusReq to handle new audit-related endpoint and vgroup information.
• source/dnode/mgmt/mgmt_mnode/inc/mmInt.h
  • Added auditWorker to the SMnodeMgmt struct.
  • Declared mmPutMsgToAuditQueue function.
• source/dnode/mgmt/mgmt_mnode/src/mmHandle.c
  • Configured message handling for TDMT_VND_AUDIT_RECORD_RSP to route to mmPutMsgToAuditQueue.
• source/dnode/mgmt/mgmt_mnode/src/mmWorker.c
  • Implemented mmPutMsgToAuditQueue.
  • Integrated the mnode-audit worker initialization and cleanup.
• source/dnode/mgmt/mgmt_vnode/src/vmHandle.c
  • Configured message handling for TDMT_VND_AUDIT_RECORD to route to the vnode write queue.
• source/dnode/mnode/impl/inc/mndStb.h
  • Declared mndCreateAuditStb function.
• source/dnode/mnode/impl/src/mndDb.c
  • Added a check to restrict audit databases to a single vgroup if isAudit is true.
  • Integrated mndCreateAuditStb call during audit database creation when tsAuditSaveInSelf is enabled.
• source/dnode/mnode/impl/src/mndDnode.c
  • Refactored error handling with TAOS_CHECK_GOTO and lino for improved debugging.
  • Updated mndProcessStatusReq to manage auditEpSet, auditVgId, and auditToken based on configuration.
• source/dnode/mnode/impl/src/mndIndex.c
  • Added an mInfo log message for index creation commit logs.
• source/dnode/mnode/impl/src/mndStb.c
  • Implemented mndProcessAuditRecordRsp (currently a no-op with logging).
  • Implemented mndBuildAuditStb to define the schema for the operations audit super table.
  • Implemented mndSetCreateAuditStbRedoActions and mndCreateAuditStb for audit super table management.
  • Added mInfo log messages for various STB-related transaction actions.
• source/dnode/mnode/impl/src/mndTrans.c
  • Changed log level from mInfo to mDebug for transaction hash size logging.
• source/dnode/mnode/impl/src/mndUser.c
  • Included mndDnode.h and mndVgroup.h.
  • Minor formatting adjustment for auditRecord call.
• source/dnode/vnode/src/vnd/vnodeSvr.c
  • Added vnodeProcessAuditRecordReq function declaration and implementation.
  • Integrated TDMT_VND_AUDIT_RECORD into vnodePreProcessWriteMsg and vnodeProcessWriteMsg.
  • Implemented helper functions (vnodeDecodeAuditRecord, vnodeBuildCreateTbReq, vnodePrepareCreateTb, vnodePrepareRow, vnodePrepareSubmitTb) for audit record processing and storage.
• source/libs/audit/inc/auditInt.h
  • Added SEpSet auditEpSet and int32_t auditVgId to the internal SAudit structure.
• source/util/src/terror.c
  • Added the error string for TSDB_CODE_AUDIT_DB_NOT_MULTI_VGROUP.
• source/util/src/tjson.c
  • Implemented tjsonGetStringPointer.
  • Added null check for pVal in tjsonGetStringValue2.
• test/cases/80-Components/01-Taosd/test_com_taosd_audit.py
  • Changed print statements to tdLog.info.
  • Corrected a comment regarding vgroups for audit database creation.
  • Enforced vgroups 1 in the create database audit SQL statement.
• test/cases/80-Components/01-Taosd/test_com_taosd_self_audit.py
  • Added a new test file to validate the self-audit feature.
  • Configured auditSaveInSelf to 1 for testing.
  • Includes tests for creating audit database, user, super table, child table, inserting/selecting/deleting data, and verifying audit logs.
• test/ci/cases.task
  • Added the new test_com_taosd_self_audit.py to the CI task list.

Activity

• The pull request introduces a new 'self-audit' feature, enabling the database to store its own audit logs.
• New data structures and message types were defined to facilitate the internal transfer and processing of audit-related information.
• Core logic for processing audit records, including schema definition for an 'operations' super table and auto-creation of child tables, was integrated into the vnode and mnode components.
• A new configuration option, auditSaveInSelf, was added to control the activation of this feature.
• A dedicated Python test suite was developed and added to the CI pipeline to ensure the correct functionality and reliability of the self-audit mechanism.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a self-audit feature, allowing audit logs to be stored within the TDengine cluster itself. The implementation is comprehensive, covering configuration, messaging, metadata management, and data processing. A new test suite is also included to validate this new functionality. The overall code quality is good, with robust error handling. I have identified a couple of areas for improvement related to const-correctness and maintainability, which are detailed in the specific comments.

[gemini-code-assist]

Casting away const from the pointer returned by tjsonGetStringPointer is unsafe and violates const-correctness. The tjsonGetStringPointer function returns a const char* which points to an internal buffer that should not be modified. Assigning it to a char* (the type of record->detail) can lead to accidental modifications and undefined behavior.

Please consider one of the following fixes:

1. Change the type of the detail field in the local SAuditRecord struct to const char*.
2. If the string needs to be modified (which doesn't seem to be the case here), use tjsonDupStringValue to get a mutable copy of the string, and remember to free it later.

[gemini-code-assist]

The logic for mapping audit record fields to table columns relies on hardcoded column IDs (1-9). This creates a fragile dependency on the audit table schema defined in source/dnode/mnode/impl/src/mndStb.c. If the column order or IDs in the schema definition change in the future, this code will break in a non-obvious way, potentially leading to incorrect data being written.

For better maintainability, please consider adding a comment here to warn developers about this tight coupling and the need to keep this mapping synchronized with the schema in mndStb.c.

[Copilot]

Pull request overview

This PR adds support for saving audit records “in self” (inside the audit database itself) by introducing new status fields to distribute the audit vnode endpoint set/vgId, auto-creating the audit operations super table on audit DB creation, and adding a new vnode write message path for ingesting audit records. It also updates/extends CI test coverage for the new self-audit behavior.

Changes:

• Add auditSaveInSelf server config + propagate audit vnode SEpSet/vgId via status req/rsp.
• Auto-create the audit operations super table when creating an audit database (when auditSaveInSelf is enabled), and implement vnode-side handling to persist audit records.
• Add a new CI test case for taosd self-audit and adjust existing audit test and docs/error codes.

Reviewed changes

Copilot reviewed 31 out of 31 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
test/ci/cases.task	Adds new self-audit pytest to CI task list.
test/cases/80-Components/01-Taosd/test_com_taosd_self_audit.py	New test validating audit records are stored in the audit DB itself.
test/cases/80-Components/01-Taosd/test_com_taosd_audit.py	Adjusts audit test DB creation params and replaces a debug print with tdLog logging.
source/util/src/tjson.c	Adds string-pointer accessor and tweaks string copy behavior.
include/util/tjson.h	Declares tjsonGetStringPointer API + lifetime documentation.
include/util/tdef.h	Adds AUDIT_STABLE_NAME constant.
source/util/src/terror.c	Adds new audit error message string.
include/util/taoserror.h	Adds new audit error code definition.
docs/zh/14-reference/09-error-code.md	Documents new audit error code (zh).
docs/en/14-reference/09-error-code.md	Fixes “param,eter” typo and documents new audit error code (en).
source/libs/audit/inc/auditInt.h	Extends audit internal state with epSet/vgId.
include/libs/audit/audit.h	Minor formatting + adds typedef for epset callback (unused here).
source/dnode/vnode/src/vnd/vnodeSvr.c	Adds TDMT_VND_AUDIT_RECORD processing and JSON→row insertion path into audit tables.
source/dnode/mnode/impl/src/mndDb.c	Enforces single-vgroup audit DB and triggers audit stb creation when saving-in-self.
source/dnode/mnode/impl/src/mndStb.c	Implements audit super table creation + registers audit record response handler.
source/dnode/mnode/impl/inc/mndStb.h	Exposes mndCreateAuditStb declaration.
source/dnode/mnode/impl/src/mndUser.c	Adds includes and minor whitespace.
source/dnode/mnode/impl/src/mndIndex.c	Adds a commit-log info line.
source/dnode/mnode/impl/src/mndTrans.c	Lowers log level from info→debug.
source/dnode/mgmt/mgmt_vnode/src/vmHandle.c	Routes new audit-record vnode msg to write queue.
include/common/tmsgdef.h	Adds TDMT_VND_AUDIT_RECORD message type definition (request only).
include/common/tmsg.h	Extends status req/rsp with auditEpSet/auditVgId and adds SVAuditRecordReq wire struct.
source/common/src/msg/tmsg.c	Serializes/deserializes new status fields and adds SVAuditRecordReq codec.
include/common/tmsgcb.h	Adds AUDIT_QUEUE enum value.
source/dnode/mgmt/mgmt_mnode/inc/mmInt.h	Adds audit worker + queue API declaration.
source/dnode/mgmt/mgmt_mnode/src/mmWorker.c	Implements audit worker/queue wiring and cleanup.
source/dnode/mgmt/mgmt_mnode/src/mmHandle.c	Registers handler to route audit record responses to audit queue.
source/dnode/mgmt/mgmt_dnode/src/dmHandle.c	Extends audit status propagation functions to include epSet/vgId.
source/common/src/tglobal.c	Adds auditSaveInSelf config handling and dynamic option registration.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Insert statistics are updated as “success” regardless of whether code is non-zero. In particular, nInsertSuccess (and potentially other success counters) should only be incremented on success; otherwise failures can be misreported/overcounted.

Suggested change

	(void)atomic_add_fetch_64(&pVnode->statis.nInsertSuccess, pSubmitRsp->affectedRows);
	(void)atomic_add_fetch_64(&pVnode->statis.nBatchInsert, 1);
	if (code == 0) {
	(void)atomic_add_fetch_64(&pVnode->statis.nBatchInsert, 1);
	if (code == 0) {
	(void)atomic_add_fetch_64(&pVnode->statis.nInsertSuccess, pSubmitRsp->affectedRows);

[Copilot]

Write metrics are updated even when code != 0. If the write fails (or partially fails), this can inflate total_requests/total_rows. Gate these metrics updates on success (or update dedicated failure metrics instead).

[Copilot]

tdLog.info uses stdlib logging-style % formatting; passing updatecfgDict as a second positional arg without a %s placeholder will raise a formatting TypeError during logging. Convert this to a single formatted string (e.g., f-string) or add an explicit %s placeholder in the message.

Suggested change

	tdLog.info("===================: ", updatecfgDict)
	tdLog.info("===================: %s", updatecfgDict)

[Copilot]

TDMT_VND_AUDIT_RECORD_RSP is referenced here but does not appear to be defined anywhere in the repo (only usages found). This will fail to compile; add the corresponding message type definition (and serialization if needed) or switch to an existing response message type.

Suggested change

	// mndSetMsgHandle(pMnode, TDMT_VND_DROP_INDEX_RSP, mndTransProcessRsp);
	mndSetMsgHandle(pMnode, TDMT_VND_AUDIT_RECORD_RSP, mndProcessAuditRecordRsp);
	// mndSetMsgHandle(pMnode, TDMT_VND_DROP_INDEX_RSP, mndTransProcessRsp);
	#ifdef TDMT_VND_AUDIT_RECORD_RSP
	mndSetMsgHandle(pMnode, TDMT_VND_AUDIT_RECORD_RSP, mndProcessAuditRecordRsp);
	#endif

[Copilot]

mndProcessAuditRecordRsp dereferences pRsp (via pRsp->info.node) before checking whether pRsp is NULL. Move the NULL check to the top of the function before any dereference to avoid a crash.

Suggested change

	SMnode *pMnode = pRsp->info.node;
	SSdb *pSdb = pMnode->pSdb;
	(void)pMnode; // currently unused, kept for potential future use
	(void)pSdb; // currently unused, kept for potential future use
	if (pRsp == NULL) {
	mError("audit record rsp, null response message");
	return -1;
	}
	if (pRsp == NULL) {
	mError("audit record rsp, null response message");
	return -1;
	}
	SMnode *pMnode = pRsp->info.node;
	SSdb *pSdb = pMnode->pSdb;
	(void)pMnode; // currently unused, kept for potential future use
	(void)pSdb; // currently unused, kept for potential future use

[Copilot]

TDMT_VND_AUDIT_RECORD_RSP is used here but does not appear to be defined anywhere (only usages found). This will fail to compile; define the message type (and handler mapping) or use an existing message type.

Suggested change

if (dmSetMgmtHandle(pArray, TDMT_VND_AUDIT_RECORD_RSP, mmPutMsgToAuditQueue, 0) == NULL) goto _OVER;

[Copilot]

Only TDMT_VND_AUDIT_RECORD is added here, but the code also references TDMT_VND_AUDIT_RECORD_RSP. Add the missing *_RSP message definition (and keep request/response pairs consistent) to avoid undefined-symbol compile errors.

Suggested change

	TD_DEF_MSG_TYPE(TDMT_VND_AUDIT_RECORD, "vnode-audit-record", NULL, NULL)
	TD_DEF_MSG_TYPE(TDMT_VND_AUDIT_RECORD, "vnode-audit-record", NULL, NULL)
	TD_DEF_MSG_TYPE(TDMT_VND_AUDIT_RECORD_RSP, "vnode-audit-record-rsp", NULL, NULL)

[Copilot]

vnodeDecodeAuditRecord expects the JSON key client_add, but this key only appears here in the repo. If the producer uses a different key (e.g., client_address), decoding will fail with TSDB_CODE_INVALID_JSON_FORMAT. Align this field name with the JSON producer or accept both keys for backward compatibility.

Suggested change

	code = tjsonGetStringValue2(pJson, "client_add", record->clientAddress, 50);
	if (code < 0) return TSDB_CODE_INVALID_JSON_FORMAT;
	code = tjsonGetStringValue2(pJson, "client_address", record->clientAddress, 50);
	if (code < 0) {
	code = tjsonGetStringValue2(pJson, "client_add", record->clientAddress, 50);
	if (code < 0) return TSDB_CODE_INVALID_JSON_FORMAT;
	}