NotificationsYou must be signed in to change notification settings
Fork911
Star10k

Commitfc8454b

authored

feat: extend request logs with auth & DB info (#17498)

1 parent550b81f commitfc8454bCopy full SHA for fc8454b

File tree

19 files changed

+716

-94

lines changed

Makefile
coderd
- coderd.go
- database
  - dbauthz
    - dbauthz.go
  - queries
    - users.sql
  - queries.sql.go
- httpmw
  - apikey.go
  - logger.go
  - loggermw
    - logger.go
    - logger_internal_test.go
    - loggermock
      - loggermock.go
  - workspaceagentparam.go
  - workspaceparam.go
- provisionerjobs.go
- provisionerjobs_internal_test.go
- rbac
  - authz.go
- workspaceagents.go
enterprise
- coderd
  - provisionerdaemons.go
- wsproxy
  - wsproxy.go
tailnet/test/integration
- integration.go

19 files changed

+716

-94

lines changed

`‎Makefile`

Lines changed: 6 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -564,7 +564,8 @@ GEN_FILES := \`
`564`	`564`	`examples/examples.gen.json\`
`565`	`565`	`$(TAILNETTEST_MOCKS)\`
`566`	`566`	`coderd/database/pubsub/psmock/psmock.go\`
`567`		`-agent/agentcontainers/acmock/acmock.go`
	`567`	`+agent/agentcontainers/acmock/acmock.go\`
	`568`	`+coderd/httpmw/loggermw/loggermock/loggermock.go`
`568`	`569`
`569`	`570`
`570`	`571`	`# all gen targets should be added here and to gen/mark-fresh`
`@@ -600,6 +601,7 @@ gen/mark-fresh:`
`600`	`601`	`$(TAILNETTEST_MOCKS)\`
`601`	`602`	`coderd/database/pubsub/psmock/psmock.go\`
`602`	`603`	`agent/agentcontainers/acmock/acmock.go\`
	`604`	`+coderd/httpmw/loggermw/loggermock/loggermock.go`
`603`	`605`	`"`
`604`	`606`
`605`	`607`	`for file in $$files; do`
`@@ -634,6 +636,9 @@ coderd/database/pubsub/psmock/psmock.go: coderd/database/pubsub/pubsub.go`
`634`	`636`	`agent/agentcontainers/acmock/acmock.go: agent/agentcontainers/containers.go`
`635`	`637`	`go generate ./agent/agentcontainers/acmock/`
`636`	`638`
	`639`	`+coderd/httpmw/loggermw/loggermock/loggermock.go: coderd/httpmw/loggermw/logger.go`
	`640`	`+go generate ./coderd/httpmw/loggermw/loggermock/`
	`641`	`+`
`637`	`642`	`$(TAILNETTEST_MOCKS): tailnet/coordinator.go tailnet/service.go`
`638`	`643`	`go generate ./tailnet/tailnettest/`
`639`	`644`

`‎coderd/coderd.go`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,7 @@ import (`
`63`	`63`	`"github.com/coder/coder/v2/coderd/healthcheck/derphealth"`
`64`	`64`	`"github.com/coder/coder/v2/coderd/httpapi"`
`65`	`65`	`"github.com/coder/coder/v2/coderd/httpmw"`
	`66`	`+"github.com/coder/coder/v2/coderd/httpmw/loggermw"`
`66`	`67`	`"github.com/coder/coder/v2/coderd/metricscache"`
`67`	`68`	`"github.com/coder/coder/v2/coderd/notifications"`
`68`	`69`	`"github.com/coder/coder/v2/coderd/portsharing"`
`@@ -788,7 +789,7 @@ func New(options Options) API {`
`788`	`789`	`tracing.Middleware(api.TracerProvider),`
`789`	`790`	`httpmw.AttachRequestID,`
`790`	`791`	`httpmw.ExtractRealIP(api.RealIPConfig),`
`791`		`-httpmw.Logger(api.Logger),`
	`792`	`+loggermw.Logger(api.Logger),`
`792`	`793`	`singleSlashMW,`
`793`	`794`	`rolestore.CustomRoleMW,`
`794`	`795`	`prometheusMW,`

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 22 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ import (`
`24`	`24`	`"github.com/coder/coder/v2/coderd/database"`
`25`	`25`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
`26`	`26`	`"github.com/coder/coder/v2/coderd/httpapi/httpapiconstraints"`
	`27`	`+"github.com/coder/coder/v2/coderd/httpmw/loggermw"`
`27`	`28`	`"github.com/coder/coder/v2/coderd/rbac"`
`28`	`29`	`"github.com/coder/coder/v2/coderd/util/slice"`
`29`	`30`	`"github.com/coder/coder/v2/provisionersdk"`
`@@ -162,6 +163,7 @@ func ActorFromContext(ctx context.Context) (rbac.Subject, bool) {`
`162`	`163`
`163`	`164`	`var (`
`164`	`165`	`subjectProvisionerd= rbac.Subject{`
	`166`	`+Type:rbac.SubjectTypeProvisionerd,`
`165`	`167`	`FriendlyName:"Provisioner Daemon",`
`166`	`168`	`ID:uuid.Nil.String(),`
`167`	`169`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -195,6 +197,7 @@ var (`
`195`	`197`	`}.WithCachedASTValue()`
`196`	`198`
`197`	`199`	`subjectAutostart= rbac.Subject{`
	`200`	`+Type:rbac.SubjectTypeAutostart,`
`198`	`201`	`FriendlyName:"Autostart",`
`199`	`202`	`ID:uuid.Nil.String(),`
`200`	`203`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -218,6 +221,7 @@ var (`
`218`	`221`
`219`	`222`	`// See unhanger package.`
`220`	`223`	`subjectHangDetector= rbac.Subject{`
	`224`	`+Type:rbac.SubjectTypeHangDetector,`
`221`	`225`	`FriendlyName:"Hang Detector",`
`222`	`226`	`ID:uuid.Nil.String(),`
`223`	`227`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -238,6 +242,7 @@ var (`
`238`	`242`
`239`	`243`	`// See cryptokeys package.`
`240`	`244`	`subjectCryptoKeyRotator= rbac.Subject{`
	`245`	`+Type:rbac.SubjectTypeCryptoKeyRotator,`
`241`	`246`	`FriendlyName:"Crypto Key Rotator",`
`242`	`247`	`ID:uuid.Nil.String(),`
`243`	`248`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -256,6 +261,7 @@ var (`
`256`	`261`
`257`	`262`	`// See cryptokeys package.`
`258`	`263`	`subjectCryptoKeyReader= rbac.Subject{`
	`264`	`+Type:rbac.SubjectTypeCryptoKeyReader,`
`259`	`265`	`FriendlyName:"Crypto Key Reader",`
`260`	`266`	`ID:uuid.Nil.String(),`
`261`	`267`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -273,6 +279,7 @@ var (`
`273`	`279`	`}.WithCachedASTValue()`
`274`	`280`
`275`	`281`	`subjectNotifier= rbac.Subject{`
	`282`	`+Type:rbac.SubjectTypeNotifier,`
`276`	`283`	`FriendlyName:"Notifier",`
`277`	`284`	`ID:uuid.Nil.String(),`
`278`	`285`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -290,6 +297,7 @@ var (`
`290`	`297`	`}.WithCachedASTValue()`
`291`	`298`
`292`	`299`	`subjectResourceMonitor= rbac.Subject{`
	`300`	`+Type:rbac.SubjectTypeResourceMonitor,`
`293`	`301`	`FriendlyName:"Resource Monitor",`
`294`	`302`	`ID:uuid.Nil.String(),`
`295`	`303`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -308,6 +316,7 @@ var (`
`308`	`316`	`}.WithCachedASTValue()`
`309`	`317`
`310`	`318`	`subjectSystemRestricted= rbac.Subject{`
	`319`	`+Type:rbac.SubjectTypeSystemRestricted,`
`311`	`320`	`FriendlyName:"System",`
`312`	`321`	`ID:uuid.Nil.String(),`
`313`	`322`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -342,6 +351,7 @@ var (`
`342`	`351`	`}.WithCachedASTValue()`
`343`	`352`
`344`	`353`	`subjectSystemReadProvisionerDaemons= rbac.Subject{`
	`354`	`+Type:rbac.SubjectTypeSystemReadProvisionerDaemons,`
`345`	`355`	`FriendlyName:"Provisioner Daemons Reader",`
`346`	`356`	`ID:uuid.Nil.String(),`
`347`	`357`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -362,53 +372,53 @@ var (`
`362`	`372`	`// AsProvisionerd returns a context with an actor that has permissions required`
`363`	`373`	`// for provisionerd to function.`
`364`	`374`	`funcAsProvisionerd(ctx context.Context) context.Context {`
`365`		`-returncontext.WithValue(ctx,authContextKey{},subjectProvisionerd)`
	`375`	`+returnAs(ctx,subjectProvisionerd)`
`366`	`376`	`}`
`367`	`377`
`368`	`378`	`// AsAutostart returns a context with an actor that has permissions required`
`369`	`379`	`// for autostart to function.`
`370`	`380`	`funcAsAutostart(ctx context.Context) context.Context {`
`371`		`-returncontext.WithValue(ctx,authContextKey{},subjectAutostart)`
	`381`	`+returnAs(ctx,subjectAutostart)`
`372`	`382`	`}`
`373`	`383`
`374`	`384`	`// AsHangDetector returns a context with an actor that has permissions required`
`375`	`385`	`// for unhanger.Detector to function.`
`376`	`386`	`funcAsHangDetector(ctx context.Context) context.Context {`
`377`		`-returncontext.WithValue(ctx,authContextKey{},subjectHangDetector)`
	`387`	`+returnAs(ctx,subjectHangDetector)`
`378`	`388`	`}`
`379`	`389`
`380`	`390`	`// AsKeyRotator returns a context with an actor that has permissions required for rotating crypto keys.`
`381`	`391`	`funcAsKeyRotator(ctx context.Context) context.Context {`
`382`		`-returncontext.WithValue(ctx,authContextKey{},subjectCryptoKeyRotator)`
	`392`	`+returnAs(ctx,subjectCryptoKeyRotator)`
`383`	`393`	`}`
`384`	`394`
`385`	`395`	`// AsKeyReader returns a context with an actor that has permissions required for reading crypto keys.`
`386`	`396`	`funcAsKeyReader(ctx context.Context) context.Context {`
`387`		`-returncontext.WithValue(ctx,authContextKey{},subjectCryptoKeyReader)`
	`397`	`+returnAs(ctx,subjectCryptoKeyReader)`
`388`	`398`	`}`
`389`	`399`
`390`	`400`	`// AsNotifier returns a context with an actor that has permissions required for`
`391`	`401`	`// creating/reading/updating/deleting notifications.`
`392`	`402`	`funcAsNotifier(ctx context.Context) context.Context {`
`393`		`-returncontext.WithValue(ctx,authContextKey{},subjectNotifier)`
	`403`	`+returnAs(ctx,subjectNotifier)`
`394`	`404`	`}`
`395`	`405`
`396`	`406`	`// AsResourceMonitor returns a context with an actor that has permissions required for`
`397`	`407`	`// updating resource monitors.`
`398`	`408`	`funcAsResourceMonitor(ctx context.Context) context.Context {`
`399`		`-returncontext.WithValue(ctx,authContextKey{},subjectResourceMonitor)`
	`409`	`+returnAs(ctx,subjectResourceMonitor)`
`400`	`410`	`}`
`401`	`411`
`402`	`412`	`// AsSystemRestricted returns a context with an actor that has permissions`
`403`	`413`	`// required for various system operations (login, logout, metrics cache).`
`404`	`414`	`funcAsSystemRestricted(ctx context.Context) context.Context {`
`405`		`-returncontext.WithValue(ctx,authContextKey{},subjectSystemRestricted)`
	`415`	`+returnAs(ctx,subjectSystemRestricted)`
`406`	`416`	`}`
`407`	`417`
`408`	`418`	`// AsSystemReadProvisionerDaemons returns a context with an actor that has permissions`
`409`	`419`	`// to read provisioner daemons.`
`410`	`420`	`funcAsSystemReadProvisionerDaemons(ctx context.Context) context.Context {`
`411`		`-returncontext.WithValue(ctx,authContextKey{},subjectSystemReadProvisionerDaemons)`
	`421`	`+returnAs(ctx,subjectSystemReadProvisionerDaemons)`
`412`	`422`	`}`
`413`	`423`
`414`	`424`	`varAsRemoveActor= rbac.Subject{`
`@@ -426,6 +436,9 @@ func As(ctx context.Context, actor rbac.Subject) context.Context {`
`426`	`436`	`// should be removed from the context.`
`427`	`437`	`returncontext.WithValue(ctx,authContextKey{},nil)`
`428`	`438`	`}`
	`439`	`+ifrlogger:=loggermw.RequestLoggerFromContext(ctx);rlogger!=nil {`
	`440`	`+rlogger.WithAuthContext(actor)`
	`441`	`+}`
`429`	`442`	`returncontext.WithValue(ctx,authContextKey{},actor)`
`430`	`443`	`}`
`431`	`444`

`‎coderd/database/queries.sql.go`

Lines changed: 4 additions & 2 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries/users.sql`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -244,10 +244,10 @@ WHERE`
`244`	`244`	`-- This function returns roles for authorization purposes. Implied member roles`
`245`	`245`	`-- are included.`
`246`	`246`	`SELECT`
`247`		`--- usernameis returned just to help for logging purposes`
	`247`	`+-- usernameand email are returned just to help for logging purposes`
`248`	`248`	`-- status is used to enforce 'suspended' users, as all roles are ignored`
`249`	`249`	`--when suspended.`
`250`		`-id, username, status,`
	`250`	`+id, username, status, email,`
`251`	`251`	`-- All user roles, including their org roles.`
`252`	`252`	`array_cat(`
`253`	`253`	`-- All users are members`

`‎coderd/httpmw/apikey.go`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -465,7 +465,9 @@ func UserRBACSubject(ctx context.Context, db database.Store, userID uuid.UUID, s`
`465`	`465`	`}`
`466`	`466`
`467`	`467`	`actor:= rbac.Subject{`
	`468`	`+Type:rbac.SubjectTypeUser,`
`468`	`469`	`FriendlyName:roles.Username,`
	`470`	`+Email:roles.Email,`
`469`	`471`	`ID:userID.String(),`
`470`	`472`	`Roles:rbacRoles,`
`471`	`473`	`Groups:roles.Groups,`

`‎coderd/httpmw/logger.go`

Lines changed: 0 additions & 76 deletions

This file was deleted.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitfc8454b

File tree

19 files changed

19 files changed

`‎Makefile`

`‎coderd/coderd.go`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/queries.sql.go`

`‎coderd/database/queries/users.sql`

`‎coderd/httpmw/apikey.go`

`‎coderd/httpmw/logger.go`

0 commit comments