Introduce disable audit

[johnsimons]

Background

In v4 we changed the audit feature so that it can be configured via the registry, this has the advantage of centralized administration of audit queue via group policy.

However this has also introduced a lot of friction to turn off audit per endpoint.

At the moment if the config file does not have ForwardReceivedMessagesTo attribute we then check the registry HKEY_LOCAL_MACHINE\SOFTWARE\ParticularSoftware\ServiceBus\[AuditQueue] and only then we disable the audit feature.

So the above workflow has a few disadvantages:

• User needs to check registry and delete keys to turn off audit;
• Not possible to have EndpointA with centralized audit managed by registry and EndpointB with audit turned off;
• In a dev box with registry key, audit works but once user migrated to PROD machine audit may not work if user does not have reg key set!

Proposed Solution

• Make Audit a feature
• Introduce an explicit code only API to turn off audit on the endpoint, eg:
  .Configure.Features.Disable<Audit>();
• Throw an exception (so that endpoint terminates) at initialization if ForwardReceivedMessagesTo attribute missing and no registry key set.
  The exception text should explain that they either have to call .Configure.Features.Disable<Audit>(); or use Set-NServiceBusLocalMachineSettings cmdlet.
• Log a warning in debug mode only if ForwardReceivedMessagesTo attribute missing but registry key is set, here is a start:

Endpoint audit is configured using the registry, please ensure that you run Set-NServiceBusLocalMachineSettings cmdlet on the target deployment machine.

[indualagarsamy]

@johnsimons - why

Configure.Endpoint.Advanced(s => e.DisableAudit()); 

and why not

Configure.Features.Disable<Audit>()

[johnsimons]

I think you mean:

.Configure.Features.Disable<Audit>();

I like it 👍
But this means that we would need to make the Audit a feature.

@andreasohlund thoughts?

[andreasohlund]

I like it

Sent from my iPhone

On 18 jul 2013, at 06:49, John Simons notifications@github.com wrote:

I think you mean:

.Configure.Features.Disable();
I like it
But this means that we would need to make the Audit a feature.

@andreasohlund thoughts?

—
Reply to this email directly or view it on GitHub.

[indualagarsamy]

About this: "Throw an exception (so that endpoint terminates) at initialization if ForwardReceivedMessagesTo attribute missing and no registry key set. The exception text should explain that they either have to call .Configure.Features.Disable<Audit>(); or use Set-NServiceBusLocalMachineSettings cmdlet.

Current behavior: Auditing is off when the registry keys are not present & the forward attributes in the UnicastBusConfig is not present. While the nuget packages now add the config section, the admin can turn off auditing by removing the attribute in the config and clearing entries in registry.

With the proposed change, is a breaking change: This means that in turning auditing off is no longer the administrator concern but the programmer's. As we now need .Configure.Features.Disable<Audit>(); in the initialization code. Is this right?

cc @udidahan @andreasohlund

[andreasohlund]

I think audit on/off should be in the hands of the admins so I'd vote to turn it off if no config is present. Ie the same behaviour as in 4.0

Sent from my iPhone

On 6 aug 2013, at 21:59, Indu Alagarsamy notifications@github.com wrote:

About this: "Throw an exception (so that endpoint terminates) at initialization if ForwardReceivedMessagesTo attribute missing and no registry key set. The exception text should explain that they either have to call .Configure.Features.Disable(); or use Set-NServiceBusLocalMachineSettings cmdlet.

Current behavior: Auditing is off when the registry keys are not present & the forward attributes in the UnicastBusConfig is not present. While the nuget packages now add the config section, the admin can turn off auditing by removing the attribute in the config and clearing entries in registry.

With the proposed change, is a breaking change: This means that in turning auditing off is no longer the administrator concern but the programmer's. As we now need .Configure.Features.Disable(); in the initialization code. Is this right?

cc @udidahan @andreasohlund

—
Reply to this email directly or view it on GitHub.

[udidahan]

We don’t want to people to accidentally disable auditing – it’s not an admin-only consideration.

[andreasohlund]

I see your point Udi, lets go ahead as planned Indu

On Tue, Aug 6, 2013 at 10:38 PM, Udi Dahan notifications@github.com wrote:

We don’t want to people to accidentally disable auditing – it’s not an
admin-only consideration.

From: Andreas Öhlund [mailto:notifications@github.com]
Sent: Tuesday, August 06, 2013 11:24 PM
To: NServiceBus/NServiceBus
Cc: Udi Dahan
Subject: Re: [NServiceBus] Introduce disable audit (#1309)

I think audit on/off should be in the hands of the admins so I'd vote to
turn it off if no config is present. Ie the same behaviour as in 4.0

Sent from my iPhone

On 6 aug 2013, at 21:59, Indu Alagarsamy notifications@github.com
wrote:

About this: "Throw an exception (so that endpoint terminates) at
initialization if ForwardReceivedMessagesTo attribute missing and no
registry key set. The exception text should explain that they either have
to call .Configure.Features.Disable(); or use
Set-NServiceBusLocalMachineSettings cmdlet.

Current behavior: Auditing is off when the registry keys are not present
& the forward attributes in the UnicastBusConfig is not present. While the
nuget packages now add the config section, the admin can turn off auditing
by removing the attribute in the config and clearing entries in registry.

With the proposed change, is a breaking change: This means that in
turning auditing off is no longer the administrator concern but the
programmer's. As we now need .Configure.Features.Disable(); in the
initialization code. Is this right?

cc @udidahan @andreasohlund

—
Reply to this email directly or view it on GitHub.

—
Reply to this email directly or view it on GitHub <
https://github.com/NServiceBus/NServiceBus/issues/1309#issuecomment-22208297>
.Image removed by sender.

---

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2013.0.3392 / Virus Database: 3209/6545 - Release Date: 08/02/13

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/1309#issuecomment-22209377
.

http://andreasohlund.net
http://twitter.com/andreasohlund