I’d like to audit actions through an API that is not tied one-to-one to a model, how is that done? The actions are performed using a personal access token, which is important to note as well. Any suggestions?
I believe, this should not make a difference.
I suspect you’re going to have a hard time doing this, as the audit gem we use relied on active record. foreman_snapshot_management piggybacks the host object to store the audit comment there.
I hope, this helps a bit.
We do have the audit logger (turned off by default for security reasons - although we do filter out passwords automatically). That could be an option.
I had a proposal to ditch audit in RDBMS creating logger with custom log rotation and expiration (e.g. storing it for much longer than just 2 weeks), but one of the main reasons to store audits into RDBM were relations.
If you don’t have relations, audit log might be a good choice - we already have few places where we send some audits there (e.g. puppet report). And all our ActiveRecord audits also go into audit log automatically.