2

i'm trying to interact with github api v4, i want to query audit log events based on schemas available in the api. I can found a documentary about the github api here and I can see the schemas available here but there are no working examples of how to query the different schemas.

If there is someone here experience with this API, specially with the audit log schemas, I need a working example to start interacting with the audit log schemas...

for example i want to query all organization add member to team events, suppose to be in the schema TeamAddMemberAuditEntry, or remove member from org OrgRemoveMemberAuditEntry

So far I've tried to query it with node.js:

require('isomorphic-fetch');

fetch('https://api.github.com/graphql', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json',
             'Authorization': 'bearer <token>',
             'Accept': 'application/vnd.github.audit-log- preview+json'},
  body: JSON.stringify({ query: '{ TeamAddMemberAuditEntry }' }),
})
  .then(res => res.json())
  .then(res => console.log(res.data));
GevAlter
  • 99
  • 10

2 Answers2

2

If someone here will look for solution, after viewing the public schema this is how the query looks for getting audit-log objects, this is without the headers and the query prefix of course.

The auditLog is a union type, you can get multiple audit events by adding another "...on" block. for example here i'm getting all the orginvitemembers events 

{
  organization(login:"<your-org>") {
    auditLog(first:2) {
      edges {
        node {
          __typename
          ... on OrgInviteMemberAuditEntry {
            action
            actorIp
            actorLogin
            createdAt
            userLogin
            actorLocation{
              country
              city
            }
          }
        }       
      }
    }
  }
}
GevAlter
  • 99
  • 10
0

I was after the same thing. I think your query statement is like the issue.

I came across this documentation in the GitHub blog.

https://github.blog/2019-06-21-the-github-enterprise-audit-log-api-for-graphql-beginners/

I was able to adapt the example query and come up with the following...

{
  organization(login: "xyz-corp") {
    auditLog(last: 10
    , query: "action:org.remove_member") {
      edges {
        node {
          ... on AuditEntry {
            action
            actorLogin
            userLogin
            createdAt
            user{
              name
              email
            }                
          }
        }
      }
    }
  }
}

I was able to substitute the query with the following just as I would via the UI to get adds and updates.

  • action:org.add_member
  • action:org.update_member

Other audit log query items are described here

https://docs.github.com/en/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization

Dave Bennett
  • 10,996
  • 3
  • 30
  • 41