feat: add CRL health aggregation logic and audit events (PR 5 of 6)
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 5s
CI Pipeline / Clippy Lints (push) Successful in 52s
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
CI Pipeline / Security Audit (push) Successful in 5s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 16s
CI Pipeline / Build .deb & Release (push) Has been skipped
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 5s
CI Pipeline / Clippy Lints (push) Successful in 52s
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
CI Pipeline / Security Audit (push) Successful in 5s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 16s
CI Pipeline / Build .deb & Release (push) Has been skipped
* feat: add CRL health aggregation logic and audit events (PR 5 of 6) * style: fix cargo fmt in health_poller.rs --------- Co-authored-by: Draco Lunaris <331325+Draco-Lunaris@users.noreply.github.com>
This commit is contained in:
Draco-Lunaris-Echo
committed by
GitHub
GitHub
parent
ea8337b944
commit
5ab3532833
@ -161,6 +161,33 @@ Fleet status response includes CRL counts:
|
||||
| `crl_invalid` | `integer` | Hosts with CRL status `invalid` (security event) |
|
||||
| `crl_not_reporting` | `integer` | Hosts not reporting CRL status (older agents) |
|
||||
|
||||
### CRL Audit Events
|
||||
|
||||
The health poller logs the following system-initiated audit events when a host's CRL status changes:
|
||||
|
||||
| Audit Action | Trigger | Details Fields |
|
||||
|---|---|---|
|
||||
| `crl_status_changed` | Any CRL status transition | `host_id`, `old_crl_status`, `new_crl_status`, `crl_age_seconds` |
|
||||
| `crl_stale_detected` | CRL status becomes `expired` | `host_id`, `old_crl_status`, `new_crl_status`, `crl_age_seconds` |
|
||||
| `crl_invalid` | CRL status becomes `invalid` | `host_id`, `old_crl_status`, `new_crl_status`, `crl_age_seconds` |
|
||||
|
||||
All CRL audit events use `target_type = "host"` and `target_id = <host_id>`. Actor fields (`actor_user_id`, `actor_username`) are `null` because these are system-initiated events.
|
||||
|
||||
### CRL Health Aggregation Rules
|
||||
|
||||
The health poller applies the following rules to determine a host's effective health status based on CRL state:
|
||||
|
||||
| CRL Status | Condition | Effective Health Status |
|
||||
|---|---|---|
|
||||
| `invalid` | Always | `unreachable` (security event) |
|
||||
| `expired` | If natural status is `healthy` | `degraded` |
|
||||
| `missing` | Registered > 24h ago AND natural status is `healthy` | `degraded` |
|
||||
| `missing` | Registered ≤ 24h ago | Natural status (new agent enrollment) |
|
||||
| `valid` | Any | Natural status (no override) |
|
||||
| `null` | Any | Natural status (older agent, not reporting CRL) |
|
||||
|
||||
When CRL status transitions from `invalid`/`expired`/`missing` back to `valid`, the next health poll cycle restores the host to its natural health status based on the agent's health response.
|
||||
|
||||
## 14. Real-Time Updates (WebSocket)
|
||||
| Method | Endpoint | Description |
|
||||
|--------|----------|-------------|
|
||||
|
||||
Reference in New Issue
Block a user