Failed to unmarshal audit log entry

[peter-aglen]

Using v57 of the package, we have a problem reading the audit log using Organizations.GetAuditLog.

The AuditEntry struct has a field Permission *string, but we have found a scenario in which the API returns a bool in the permission field (see example below). This naturally leads to the error cannot unmarshal bool into Go struct field AuditEntry.permission of type string, which basically blocks us from reading the audit log.

{
  "@timestamp": 1701766234196,
  "_document_id": "abc",
  "action": "org.update_member_repository_creation_permission",
  "actor": "ole-olsen",
  "actor_id": 123456789,
  "actor_location": {
    "country_code": "NO"
  },
  "business": "business",
  "business_id": 123456,
  "created_at": 1701766234196,
  "external_identity_nameid": "ole.olsen@a.com",
  "external_identity_username": "ole.olsen@a.com",
  "operation_type": "modify",
  "org": "myorg",
  "org_id": 123456789,
  "permission": true,
  "user_agent": "Mozilla/5.0 ...",
  "visibility": "public_internal"
}

[gmlewis]

Looking at this endpoint documentation: https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/orgs?apiVersion=2022-11-28#get-the-audit-log-for-an-organization
I'm not seeing "permission" in the response schema at all, and "permission": true doesn't make any sense to me, so I'm really confused as to why you are getting that back in the response at all.

To get to the bottom of this, would you mind contacting the GitHub Tech Support team and ask them how this field should be treated? Feel free to point them to this issue. Then, we would appreciate it if you could please report back here what your findings are and how we should handle this field. Thank you!

[peter-aglen]

Will do!

And just in case it's unclear; the above entry is the result of updating the Member privileges -> Repository creation setting in an enterprise organization. In this particular case we changed the setting from no privileges to Private.

The json string is copy-paste from the response to https://api.github.com/orgs/{org}/audit-log (via Postman).

[WillAbides]

There are a lot of inconsistencies between fields in audit log entries for different actions. IMO go-github shouldn't try to unmarshal any fields that aren't in the API definition because of inconsistencies like this.

[peter-aglen]

Current response from tech support:

Thank you for reaching out. I agree this field is particularly confusing and I am also not sure about this boolean value. I have asked our engineers to take a second look and provide a definitive answer. Once I get further confirmation as to what this field is supposed to be, I will reach out to you.

[peter-aglen]

New reply from tech support:

The field is supposed to represent whether members can create repositories with any visibility at the time the event was written.

So, not really a reply at all.

This is a major issue on our side. Do you by any chance have an ETA for the fix?

[gmlewis]

This is a major issue on our side. Do you by any chance have an ETA for the fix?

You could speed the process along by reviewing the proposed fix: #3017.
I need a second LGTM+Approval in order to merge.