Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit08e17a0

Browse files
chore!: route connection logs to new table (#18340)
### Breaking Change (changelog note):> User connections to workspaces, and the opening of workspace apps or ports will no longer create entries in the audit log. Those events will now be included in the 'Connection Log'.Please see the 'Connection Log' page in the dashboard, and the Connection Log [documentation](https://coder.com/docs/admin/monitoring/connection-logs) for details. Those with permission to view the Audit Log will also be able to view the Connection Log. The new Connection Log has the same licensing restrictions as the Audit Log, and requires a Premium Coder deployment.### ContextThis is the first PR of a few for moving connection events out of the audit log, and into a new database table and web UI page called the 'Connection Log'.This PR:- Creates the new table- Adds and tests queries for inserting and reading, including reading with an RBAC filter.- Implements the corresponding RBAC changes, such that anyone who can view the audit log can read from the table- Implements, under the enterprise package, a `ConnectionLogger` abstraction to replace the `Auditor` abstraction for these logs. (No-op'd in AGPL, like the `Auditor`)- Routes SSH connection and Workspace App events into the new `ConnectionLogger`- Updates all existing tests to check the values of the `ConnectionLogger` instead of the `Auditor`.Future PRs:- Add filtering to the query- Add an enterprise endpoint to query the new table- Write a query to delete old events from the audit log, call it from dbpurge.- Implement a table in the Web UI for viewing connection logs.> [!NOTE]> The PRs in this stack obviously won't be (completely) atomic. Whilst they'll each pass CI, the stack is designed to be merged all at once. I'm splitting them up for the sake of those reviewing, and so changes can be reviewed as early as possible. Despite this, it's really hard to make this PR any smaller than it already is. I'll be keeping it in draft until it's actually ready to merge.
1 parent43b0bb7 commit08e17a0

File tree

54 files changed

+2200
-494
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

54 files changed

+2200
-494
lines changed

‎coderd/agentapi/api.go

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ import (
1919
agentproto"github.com/coder/coder/v2/agent/proto"
2020
"github.com/coder/coder/v2/coderd/agentapi/resourcesmonitor"
2121
"github.com/coder/coder/v2/coderd/appearance"
22-
"github.com/coder/coder/v2/coderd/audit"
22+
"github.com/coder/coder/v2/coderd/connectionlog"
2323
"github.com/coder/coder/v2/coderd/database"
2424
"github.com/coder/coder/v2/coderd/database/pubsub"
2525
"github.com/coder/coder/v2/coderd/externalauth"
@@ -50,7 +50,7 @@ type API struct {
5050
*ResourcesMonitoringAPI
5151
*LogsAPI
5252
*ScriptsAPI
53-
*AuditAPI
53+
*ConnLogAPI
5454
*SubAgentAPI
5555
*tailnet.DRPCService
5656

@@ -71,7 +71,7 @@ type Options struct {
7171
Database database.Store
7272
NotificationsEnqueuer notifications.Enqueuer
7373
Pubsub pubsub.Pubsub
74-
Auditor*atomic.Pointer[audit.Auditor]
74+
ConnectionLogger*atomic.Pointer[connectionlog.ConnectionLogger]
7575
DerpMapFnfunc()*tailcfg.DERPMap
7676
TailnetCoordinator*atomic.Pointer[tailnet.Coordinator]
7777
StatsReporter*workspacestats.Reporter
@@ -180,11 +180,11 @@ func New(opts Options) *API {
180180
Database:opts.Database,
181181
}
182182

183-
api.AuditAPI=&AuditAPI{
184-
AgentFn:api.agent,
185-
Auditor:opts.Auditor,
186-
Database:opts.Database,
187-
Log:opts.Log,
183+
api.ConnLogAPI=&ConnLogAPI{
184+
AgentFn:api.agent,
185+
ConnectionLogger:opts.ConnectionLogger,
186+
Database:opts.Database,
187+
Log:opts.Log,
188188
}
189189

190190
api.DRPCService=&tailnet.DRPCService{

‎coderd/agentapi/audit.go

Lines changed: 0 additions & 105 deletions
This file was deleted.

‎coderd/agentapi/connectionlog.go

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,106 @@
1+
package agentapi
2+
3+
import (
4+
"context"
5+
"database/sql"
6+
"sync/atomic"
7+
8+
"github.com/google/uuid"
9+
"golang.org/x/xerrors"
10+
"google.golang.org/protobuf/types/known/emptypb"
11+
12+
"cdr.dev/slog"
13+
agentproto"github.com/coder/coder/v2/agent/proto"
14+
"github.com/coder/coder/v2/coderd/connectionlog"
15+
"github.com/coder/coder/v2/coderd/database"
16+
"github.com/coder/coder/v2/coderd/database/db2sdk"
17+
)
18+
19+
typeConnLogAPIstruct {
20+
AgentFnfunc(context.Context) (database.WorkspaceAgent,error)
21+
ConnectionLogger*atomic.Pointer[connectionlog.ConnectionLogger]
22+
Database database.Store
23+
Log slog.Logger
24+
}
25+
26+
func (a*ConnLogAPI)ReportConnection(ctx context.Context,req*agentproto.ReportConnectionRequest) (*emptypb.Empty,error) {
27+
// We use the connection ID to identify which connection log event to mark
28+
// as closed, when we receive a close action for that ID.
29+
connectionID,err:=uuid.FromBytes(req.GetConnection().GetId())
30+
iferr!=nil {
31+
returnnil,xerrors.Errorf("connection id from bytes: %w",err)
32+
}
33+
34+
ifconnectionID==uuid.Nil {
35+
returnnil,xerrors.New("connection ID cannot be nil")
36+
}
37+
action,err:=db2sdk.ConnectionLogStatusFromAgentProtoConnectionAction(req.GetConnection().GetAction())
38+
iferr!=nil {
39+
returnnil,err
40+
}
41+
connectionType,err:=db2sdk.ConnectionLogConnectionTypeFromAgentProtoConnectionType(req.GetConnection().GetType())
42+
iferr!=nil {
43+
returnnil,err
44+
}
45+
46+
varcode sql.NullInt32
47+
ifaction==database.ConnectionStatusDisconnected {
48+
code= sql.NullInt32{
49+
Int32:req.GetConnection().GetStatusCode(),
50+
Valid:true,
51+
}
52+
}
53+
54+
// Fetch contextual data for this connection log event.
55+
workspaceAgent,err:=a.AgentFn(ctx)
56+
iferr!=nil {
57+
returnnil,xerrors.Errorf("get agent: %w",err)
58+
}
59+
workspace,err:=a.Database.GetWorkspaceByAgentID(ctx,workspaceAgent.ID)
60+
iferr!=nil {
61+
returnnil,xerrors.Errorf("get workspace by agent id: %w",err)
62+
}
63+
64+
reason:=req.GetConnection().GetReason()
65+
connLogger:=*a.ConnectionLogger.Load()
66+
err=connLogger.Upsert(ctx, database.UpsertConnectionLogParams{
67+
ID:uuid.New(),
68+
Time:req.GetConnection().GetTimestamp().AsTime(),
69+
OrganizationID:workspace.OrganizationID,
70+
WorkspaceOwnerID:workspace.OwnerID,
71+
WorkspaceID:workspace.ID,
72+
WorkspaceName:workspace.Name,
73+
AgentName:workspaceAgent.Name,
74+
Type:connectionType,
75+
Code:code,
76+
Ip:database.ParseIP(req.GetConnection().GetIp()),
77+
ConnectionID: uuid.NullUUID{
78+
UUID:connectionID,
79+
Valid:true,
80+
},
81+
DisconnectReason: sql.NullString{
82+
String:reason,
83+
Valid:reason!="",
84+
},
85+
// We supply the action:
86+
// - So the DB can handle duplicate connections or disconnections properly.
87+
// - To make it clear whether this is a connection or disconnection
88+
// prior to it's insertion into the DB (logs)
89+
ConnectionStatus:action,
90+
91+
// It's not possible to tell which user connected. Once we have
92+
// the capability, this may be reported by the agent.
93+
UserID: uuid.NullUUID{
94+
Valid:false,
95+
},
96+
// N/A
97+
UserAgent: sql.NullString{},
98+
// N/A
99+
SlugOrPort: sql.NullString{},
100+
})
101+
iferr!=nil {
102+
returnnil,xerrors.Errorf("export connection log: %w",err)
103+
}
104+
105+
return&emptypb.Empty{},nil
106+
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp