enterprise: add full audit log [AUTH-458]

[BeryJu]

Details

Audit logging that shows which fields were changed

needs:

• Testing
• more sanitization
• potentially replacing deepdiff with a simpler diff
• Some way to ignore certain model fields being changed (last_login and password on user for example since they have dedicated events (login and password_set))

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)
• The translation files have been updated (make i18n-extract)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[notion-workspace]

Full audit logging

[netlify]

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	a3a2f4c
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/65b014f80794740007b85a23

[codecov]

Codecov Report

Attention: 7 lines in your changes are missing coverage. Please review.

Comparison is base (862aece) 92.32% compared to head (a3a2f4c) 92.31%.
Report is 5 commits behind head on main.

Files	Patch %	Lines
authentik/enterprise/audit/middleware.py	92.59%	6 Missing ⚠️
authentik/root/settings.py	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8177      +/-   ##
==========================================
- Coverage   92.32%   92.31%   -0.01%     
==========================================
  Files         625      626       +1     
  Lines       30832    30916      +84     
==========================================
+ Hits        28465    28541      +76     
- Misses       2367     2375       +8     

Flag	Coverage Δ
e2e	50.63% <88.78%> (+0.09%)	⬆️
integration	26.16% <4.67%> (-0.07%)	⬇️
unit	89.59% <92.52%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[netlify]

✅ Deploy Preview for authentik ready!

Name	Link
🔨 Latest commit	ba4fc73
🔍 Latest deploy log	https://app.netlify.com/sites/authentik/deploys/65afe593b614bd00088485de
😎 Deploy Preview	https://deploy-preview-8177--authentik.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-enterprise-events-audit-log-1706040553-a3a2f4c
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-enterprise-events-audit-log-1706040553-a3a2f4c-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-enterprise-events-audit-log-1706040553-a3a2f4c

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-enterprise-events-audit-log-1706040553-a3a2f4c-arm64

Afterwards, run the upgrade commands from the latest release notes.