-
Notifications
You must be signed in to change notification settings - Fork 601
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Admin action plan #8049
Comments
Do you mean we need to implement it in our current frontend crates.io UI instead of an admin console UI?
I think we should create a separate page on crates.io if we want to add a base to our current frontend. Is that correct? |
BTW, thank you for writing it out! I am also highly interested in assisting with the implementation of the |
looks like a good plan! 👍
I'm not so sure about this part. The log files can easily be pushed to S3 for long-term storage, while the database would have to carry them around forever. I'm currently not seeing the big advantage of logging to the database instead of using our regular logging system.
just to brain dump, IMHO yanking should generally require an explanation, also from regular owners. if a crate/version is yanked, as a user I would like to know if that is due to a security issue in a particular version, or whatever else the reason for it was.
yeah. at least for things that are already exposed in the regular user interface for crate owners this would make things a bit easier. for things like crate deletions we might need custom admin-only UI though.
I guess eventually we'll have to move away from Ember, but it's somewhat hard to decide in which direction we should move forward if we did so. Whatever we go with, we would probably want to keep our frontend test suite, but that is currently coupled to the Ember code base. It might make sense to look into porting at least the higher-level tests to something like https://playwright.dev/. |
I highly recommend checking out |
As much as possible, yes.
My main concern with using the logging system is that — if anything — we want to be retaining our general logs for less time, rather than more. I don't doubt that we could set up some plumbing to filter out only the admin action logs and send them to S3, but that's additional complexity. My secondary concern is accessibility: if the logs are in the database, we could (if necessary) eventually build a dashboard for them, and we can search out of the read-only replica with SQL. Having them in S3 may restrict access further (I certainly don't have access to our S3 setup, and probably shouldn't), and makes it slower to access them if we need to. I don't feel strongly enough about this to call it a blocker — my primary concern is that the logs are persisted somewhere indefinitely, not so much exactly where — but I did have reasons for suggesting the database.
Yeah, I like that, actually. Might hack something together.
On the frontend discussion: I'm on record in the past as being supportive of moving away from Ember. I'm most familiar with React, but I also don't particularly like React (OK, mostly hooks), so I'm open to exploring other options as well. I would advocate pretty strongly for TypeScript in whatever we migrate to, though. #bikeshed |
idk about S3 exporting, but DataDog makes it quite easy to have different retention periods depending on the data contained within the log record.
same for usage within DataDog, and it doesn't need as much custom code :) but yeah, it's a tradeoff... |
cross-linking #3119 here, so that we don't forget about it :) |
During today's meeting, we discussed introducing the yank reason for crates.io UI for regular and admin users. We should also consider supporting it from Cargo's interface using the yank command. Users of Cargo have requested this feature for a long time. See more at rust-lang/cargo#2608 @LawnGnome Please let me know if I can help land it on both crates.io and the Cargo side. I guess we need a RFC or something for it? Or we are going to implement it on the crates.io side first? |
An additional note on the admin action logs -- If we place them only in the database, they're generally going to be mutable. If we use a logging service of sorts or a S3 bucket with suitable restrictions configured, we can make sure they are in an immutable store. |
Previously, on crates.io gaining support for admin actions without needing to run
crates-admin
...Adding support for admin actions in UI has been identified as a priority for a while. Last year, I opened #6811 (among other PRs) to start fleshing that out as a separate admin console using server side rendering. I didn't particularly like the code, it was warty, and (as it turned out) other things came up that demanded a bit more of my attention like artifact signing and malware detection, so it hasn't progressed since then.
More recently, @Turbo87 merged #7852, which provides minimal support for the concept of crates.io admins, and uses it to allow them to yank and unyank crates.
This is a good first step, and I definitely prefer the idea of incorporating admin functionality more directly into crates.io rather than building a new frontend, but is incomplete — there are other actions that we also need to be able to perform, it's probably a little too easy for us to accidentally perform an action right now1, and the logging is arguably too ephemeral at present.
Here's what I'd like to do:
Feedback encouraged, @rust-lang/crates-io!
Footnotes
Of course, yank and unyank actions are trivially reversible, so it's not really that bad in practice when that's all we support. A misclick can be fixed with another click. ↩
This will probably require further thought on implementation, since it's not trivially reversible. @walterhpearce suggested putting it on a timer of a few minutes to allow easy cancellation before the action is taken. ↩
The text was updated successfully, but these errors were encountered: