More ignored audit trail elements (#490)

* More ignored audit trail elements

* Display package.xml content in logs when backup failed

* ignore scratch orgs actions

* Exclude 2FA stuff

* exclude more user actions

* cspell

* [Mega-Linter] Apply linters fixes

---------

Co-authored-by: nvuillam <nvuillam@users.noreply.github.com>

.github/linters/.cspell.json

@@ -156,6 +156,7 @@
     "accordionsources",
     "accordiontarget",
     "accordionuse",
+    "activateduser",
     "activateinvalid",
     "administratif",
     "allowfullscreen",
@@ -190,7 +191,18 @@
     "canmodify",
     "caseentitlement",
     "certaines",
+    "changedcommunitynickname",
+    "changedinteractionuseroffon",
+    "changedinteractionuseronoff",
+    "changedmarketinguseroffon",
+    "changedmarketinguseronoff",
     "changedpassword",
+    "changedprofileforuser",
+    "changedprofileforusercusttostd",
+    "changedprofileforuserstdtocust",
+    "changedroleforuser",
+    "changedroleforuserfromnone",
+    "changedroleforusertonone",
     "changemgmt",
     "checkcoverage",
     "checkcoverage) -- endArgs.indexOf(\"--checkcoverage\"",
@@ -437,6 +449,7 @@
     "lcov",
     "legacyapi",
     "legetz",
+    "lightningloginenroll",
     "liste",
     "listview",
     "listviewmine",

CHANGELOG.md

@@ -5,8 +5,10 @@
 Note: Can be used with `sfdx plugins:install sfdx-hardis@beta` and docker image `hardisgroupcom/sfdx-hardis@beta`
 
 - Monitoring
+  - Display package.xml content in logs when backup failed
   - Update default **package-skip-items.xml**
   - Call **hardis:lint:access** by default
+  - Handle empty sections
 - **hardis:org:diagnose:audittrail** enhancements:
   - Add PerSetUnassign in not suspect monitored actions in Setup Audit Trail
   - Allow to append more allowed Setup Audit Trail sections & actions using `.sfdx-hardis.yml` property **monitoringAllowedSectionsActions**

defaults/monitoring/manifest/package-skip-items.xml

@@ -73,10 +73,12 @@
     </types>
     -->
 
+    <!-- Uncomment if you have too many metadatas
     <types>
         <members>*</members>
         <name>ReportType</name>
     </types>
+    -->
 
     <!-- Uncomment if you have too many metadatas
     <types>

src/commands/hardis/org/diagnose/audittrail.ts

@@ -28,17 +28,41 @@ export default class DiagnoseAuditTrail extends SfdxCommand {
 
 Regular setup actions performed in major orgs are filtered.
 
+- ""
+  - createScratchOrg
+  - deleteScratchOrg
 - Certificate and Key Management
   - insertCertificate
 - Groups
   - groupMembership
 - Manage Users
+  - activateduser
   - createduser
+  - changedcommunitynickname
   - changedpassword
+  - changedinteractionuseroffon
+  - changedinteractionuseronoff
+  - changedmarketinguseroffon
+  - changedmarketinguseronoff
+  - changedprofileforuser
+  - changedprofileforusercusttostd
+  - changedprofileforuserstdtocust
+  - changedroleforusertonone
+  - changedroleforuser
+  - changedroleforuserfromnone
   - changedUserEmailVerifiedStatusVerified
   - deactivateduser
+  - deleteAuthenticatorPairing
+  - deleteTwoFactorInfo2
+  - deleteTwoFactorTempCode
+  - insertAuthenticatorPairing
+  - insertTwoFactorInfo2
+  - insertTwoFactorTempCode
+  - lightningloginenroll
   - PermSetAssign
+  - PermSetLicenseAssign
   - PermSetUnassign
+  - PermSetLicenseUnassign
   - resetpassword
   - suOrgAdminLogin
   - suOrgAdminLogout
@@ -148,15 +172,37 @@ monitoringAllowedSectionsActions:
     }
 
     this.allowedSectionsActions = {
+      "": ["createScratchOrg", "deleteScratchOrg"],
       "Certificate and Key Management": ["insertCertificate"],
       Groups: ["groupMembership"],
       "Manage Users": [
+        "activateduser",
         "createduser",
+        "changedcommunitynickname",
+        "changedinteractionuseroffon",
+        "changedinteractionuseronoff",
+        "changedmarketinguseroffon",
+        "changedmarketinguseronoff",
+        "changedprofileforuser",
+        "changedprofileforusercusttostd",
+        "changedprofileforuserstdtocust",
+        "changedroleforusertonone",
+        "changedroleforuser",
+        "changedroleforuserfromnone",
         "changedpassword",
         "changedUserEmailVerifiedStatusVerified",
         "deactivateduser",
+        "deleteAuthenticatorPairing",
+        "deleteTwoFactorInfo2",
+        "deleteTwoFactorTempCode",
+        "insertAuthenticatorPairing",
+        "insertTwoFactorInfo2",
+        "insertTwoFactorTempCode",
+        "lightningloginenroll",
         "PermSetAssign",
+        "PermSetLicenseAssign",
         "PermSetUnassign",
+        "PermSetLicenseUnassign",
         "resetpassword",
         "suOrgAdminLogin",
         "suOrgAdminLogout",
@@ -200,17 +246,18 @@ monitoringAllowedSectionsActions:
     let suspectUsers = [];
     let suspectActions = [];
     const auditTrailRecords = queryRes.records.map((record) => {
+      const section = record?.Section || "";
       record.Suspect = false;
       // Unallowed actions
       if (
-        (this.allowedSectionsActions[record.Section] && !this.allowedSectionsActions[record.Section].includes(record.Action)) ||
-        !this.allowedSectionsActions[record.Section]
+        (this.allowedSectionsActions[section] && !this.allowedSectionsActions[section].includes(record.Action)) ||
+        !this.allowedSectionsActions[section]
       ) {
         record.Suspect = true;
-        record.SuspectReason = `Manual config in unallowed section ${record.Section} with action ${record.Action}`;
+        record.SuspectReason = `Manual config in unallowed section ${section} with action ${record.Action}`;
         suspectRecords.push(record);
         suspectUsers.push(record["CreatedBy.Username"]);
-        suspectActions.push(`${record.Section} - ${record.Action}`);
+        suspectActions.push(`${section} - ${record.Action}`);
         return record;
       }
       return record;

src/commands/hardis/org/monitor/backup.ts

@@ -103,7 +103,12 @@ export default class MonitorBackup extends SfdxCommand {
         debug: this.debugMode,
       });
     } catch (e) {
-      uxLog(this, c.yellow("Crash during backup. You may exclude more items by customizing file manifest/package-skip-items.xml"));
+      const failedPackageXmlContent = await fs.readFile(packageXmlBackUpItemsFile, "utf8");
+      uxLog(this, c.yellow("BackUp package.xml that failed to be retrieved:\n" + c.grey(failedPackageXmlContent)));
+      uxLog(
+        this,
+        c.red("Crash during backup. You may exclude more metadata types by updating file manifest/package-skip-items.xml then commit and push it"),
+      );
       throw e;
     }