IEBH-458: Add audit logs

[vmoshynskyi]

• Add audit logs.

[Copilot]

Pull Request Overview

This PR updates dependencies and adds comprehensive audit logging throughout the authentication service. The changes include upgrading Python to 3.10+, updating critical packages like requests and pilot-platform-common, and implementing structured audit logging for authentication and user management operations.

• Upgraded Python from ^3.9 to >=3.10,<3.11 to align with dependency requirements
• Updated critical dependencies including requests (2.28.0 → 2.32.5) and pilot-platform-common (0.3.0 → 0.8.2)
• Added AuditLog context manager and comprehensive audit logging across user authentication, role management, and invitation flows

Reviewed Changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pyproject.toml	Updated Python version constraint to 3.10 and bumped package version; upgraded requests and pilot-platform-common dependencies
poetry.lock	Regenerated lock file with updated dependencies; removed deprecated aioredis in favor of redis; updated pilot-platform-common dependencies
app/logger.py	Added AuditLog context manager for structured audit logging with automatic success/failure tracking
app/routers/user_account_management.py	Added audit logging for user AD group operations and account enable/disable operations; moved variable declarations outside try blocks
app/routers/ops_user.py	Added audit logging for user authentication, token refresh, and role management operations using AuditLog context manager
app/routers/ops_admin.py	Added audit logging for realm role operations and user realm role retrieval
app/routers/invitation/invitation.py	Added audit logging for invitation creation and acceptance; replaced self._logger with logger

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Coverage Report

File	Stmts	Miss	Cover	Missing
__init__.py	0	8	84%	89–90, 92, 96, 98–101
__main__.py	0	4	0%	7, 9, 11–12
config.py	0	0	100%
logger.py	0	0	100%
commons/notification
__init__.py	0	0	100%
commons/project_services
__init__.py	0	0	100%
commons/psql_services
invitation.py	0	8	65%	18–21, 31–34
ldap_id.py	0	9	40%	16–24
permissions.py	0	124	14%	21–24, 26–28, 33–38, 43–44, 47–52, 57–63, 68–79, 84–89, 94–99, 107–116, 121, 129–134, 136–137, 139–146, 151–158, 163–167, 174–182, 186–193, 197–200, 202–212
user_event.py	0	13	79%	33, 40–43, 64–67, 77, 80–82
components
__init__.py	0	0	100%
exceptions.py	0	13	74%	23, 30, 37, 42, 53, 57, 61, 69, 73, 77, 85, 89, 93
components/identity
__init__.py	0	0	100%
crud.py	0	0	100%
dependencies.py	0	1	83%	17
components/keycloak
__init__.py	0	0	100%
client.py	0	2	97%	33, 96
dependencies.py	0	4	71%	24–25, 33, 35
models.py	0	0	100%
models
api_response.py	0	2	92%	34–35
base_models.py	0	3	86%	33–35
default_roles.py	0	0	100%
events.py	0	3	92%	36, 124, 131
external.py	0	0	100%
invitation.py	0	5	89%	22, 44, 47, 56, 62
ops_admin.py	0	0	100%
ops_user.py	0	0	100%
permissions.py	0	17	75%	46, 63–64, 74–77, 79, 81–82, 94–95, 102–104, 106–107
permissions_schema.py	0	0	100%
sql_events.py	0	0	100%
sql_invitation.py	0	0	100%
sql_ldap_id.py	0	4	77%	21–24
user_account_management.py	0	0	100%
user_create.py	0	0	100%
resources
error_handler.py	0	1	95%	33
resources/keycloak_api
ops_admin.py	0	55	53%	86–88, 146, 154–158, 160, 183, 191–196, 214, 232–233, 241–243, 245, 260–261, 269–272, 289–296, 316, 356–359, 372–374, 388–389, 404, 418, 421–425
ops_user.py	0	11	42%	15–16, 22–24, 27–28, 31–32, 35–36
routers
api_registry.py	0	0	100%
ops_admin.py	0	53	77%	90, 105–107, 161–166, 200–201, 206–208, 237–239, 263–267, 269–274, 276, 295–297, 299–305, 307–311, 313, 388–390, 394, 403–405
ops_user.py	0	26	86%	98–99, 103–104, 144–146, 268–270, 273, 329–331, 401, 406, 408, 410, 432–434, 438, 440, 479–481
user_account_management.py	0	20	85%	82–83, 89–93, 125–127, 157–159, 161–163, 201–203, 235
vm_account_management.py	0	31	62%	108–110, 127, 129–130, 132, 141, 143–144, 152–153, 162, 164, 166–167, 172–174, 183, 185–189, 196, 198, 200, 202–204
routers/api_user_create
api_user_create.py	0	0	100%
routers/event
event.py	0	0	100%
routers/health
health.py	0	21	43%	23–28, 30–42, 52–53
routers/invitation
external.py	0	0	100%
invitation.py	0	22	86%	74, 78–87, 139–140, 147, 195–198, 234–237
invitation_notify.py	0	2	94%	46, 57
routers/permissions
__init__.py	0	0	100%
casbin.py	0	0	100%
default_roles.py	0	6	81%	44–49
dependencies.py	0	4	73%	25–27, 29
permission_metadata.py	0	20	52%	41, 43–46, 51–54, 61–67, 76–77, 83–84
permissions.py	0	17	50%	37, 39–40, 42–48, 50–55, 57
services/data_providers
__init__.py	0	0	100%
freeipa_client.py	0	65	48%	34–37, 40–50, 63–65, 72–73, 104–105, 107, 114–117, 127, 131–135, 169–176, 188–192, 199–206, 209, 213–215, 221–227
identity_client.py	0	0	100%
keycloak_client.py	0	25	68%	16, 20–21, 28–31, 76–77, 82–86, 92–93, 116–117, 144–145, 148–152
ldap_client.py	0	70	42%	22–33, 46–48, 104–106, 108–116, 131–132, 134–136, 138–140, 153–154, 159–167, 188–189, 195–200, 202–206, 216–220, 230–231, 240–241, 262–263
services/notifier_services
email_service.py	0	3	84%	45, 48, 59
TOTAL	2712	672	75%