Surface detached status of audit records in diagnostic output.

2026-05-29 10:30:24 +00:00 · 2026-05-03 12:01:33 +00:00
parent 5808e90e5a
commit edae862551
2 changed files with 29 additions and 9 deletions
--- a/src/audit.go
+++ b/src/audit.go
@@ -132,6 +132,14 @@ func (record *AuditRecord) DescribeResource() string {
 	return desc
 }

+func (record *AuditRecord) IsDetachable() bool {
+	return record.GetEvent() == AuditEvent_CommitManifest
+}
+
+func (record *AuditRecord) IsDetached() bool {
+	return record.IsDetachable() && record.Manifest == nil
+}
+
 type AuditRecordScope int

 const (
--- a/src/main.go
+++ b/src/main.go
@@ -506,13 +506,19 @@ func Main(versionInfo string) {
 		})

 		for _, record := range records {
-			fmt.Fprintf(color.Output, "%s %s %s %s %s\n",
+			parts := []string{
 				record.GetAuditID().String(),
 				color.HiWhiteString(record.GetTimestamp().AsTime().UTC().Format(time.RFC3339)),
 				color.HiMagentaString(record.DescribePrincipal()),
 				color.HiGreenString(record.DescribeResource()),
-				record.GetEvent(),
-			)
+				fmt.Sprint(record.GetEvent()),
+			}
+			if record.IsDetached() {
+				parts = append(parts,
+					color.HiYellowString("(detached)"),
+				)
+			}
+			fmt.Println(color.Output, strings.Join(parts, " "))
 		}

 	case *auditRead != "":
@@ -578,17 +584,23 @@ func Main(versionInfo string) {
 				logc.Fatalln(ctx, err)
 			}
 			if record.GetDomain() == domain && (project == "*" || record.GetProject() == project) {
-				logc.Printf(ctx, "detaching audit record %s\n", record.GetAuditID())
-				err = backend.DetachAuditRecord(ctx, record.GetAuditID())
-				if err != nil {
-					logc.Fatalln(ctx, err)
+				if !record.IsDetachable() {
+					continue
+				} else if !record.IsDetached() {
+					logc.Printf(ctx, "detaching audit record %s\n", record.GetAuditID())
+					err = backend.DetachAuditRecord(ctx, record.GetAuditID())
+					if err != nil {
+						logc.Fatalln(ctx, err)
+					}
+					count++
+				} else {
+					logc.Printf(ctx, "audit record %s already detached\n", record.GetAuditID())
 				}
-				count++
 			}
 		}

 		if count == 0 {
-			logc.Printf(ctx, "no audit records found for %s/%s", domain, project)
+			logc.Printf(ctx, "no detachable audit records found for %s/%s", domain, project)
 		}

 	case *auditServer != "":