Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit0d65143

Browse files
authored
chore: implement audit log for custom role edits (#13494)
* chore: implement audit log for custom role edits
1 parent056a697 commit0d65143

File tree

21 files changed

+122
-16
lines changed

21 files changed

+122
-16
lines changed

‎coderd/apidoc/docs.go‎

Lines changed: 4 additions & 2 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/apidoc/swagger.json‎

Lines changed: 4 additions & 2 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/audit/diff.go‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,8 @@ type Auditable interface {
2121
database.AuditOAuthConvertState|
2222
database.HealthSettings|
2323
database.OAuth2ProviderApp|
24-
database.OAuth2ProviderAppSecret
24+
database.OAuth2ProviderAppSecret|
25+
database.CustomRole
2526
}
2627

2728
// Map is a map of changed fields in an audited resource. It maps field names to

‎coderd/audit/request.go‎

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,8 @@ func ResourceTarget[T Auditable](tgt T) string {
103103
returntyped.Name
104104
case database.OAuth2ProviderAppSecret:
105105
returntyped.DisplaySecret
106+
case database.CustomRole:
107+
returntyped.Name
106108
default:
107109
panic(fmt.Sprintf("unknown resource %T for ResourceTarget",tgt))
108110
}
@@ -140,6 +142,8 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {
140142
returntyped.ID
141143
case database.OAuth2ProviderAppSecret:
142144
returntyped.ID
145+
case database.CustomRole:
146+
returntyped.ID
143147
default:
144148
panic(fmt.Sprintf("unknown resource %T for ResourceID",tgt))
145149
}
@@ -175,6 +179,8 @@ func ResourceType[T Auditable](tgt T) database.ResourceType {
175179
returndatabase.ResourceTypeOauth2ProviderApp
176180
case database.OAuth2ProviderAppSecret:
177181
returndatabase.ResourceTypeOauth2ProviderAppSecret
182+
case database.CustomRole:
183+
returndatabase.ResourceTypeCustomRole
178184
default:
179185
panic(fmt.Sprintf("unknown resource %T for ResourceType",typed))
180186
}
@@ -211,6 +217,8 @@ func ResourceRequiresOrgID[T Auditable]() bool {
211217
returnfalse
212218
case database.OAuth2ProviderAppSecret:
213219
returnfalse
220+
case database.CustomRole:
221+
returntrue
214222
default:
215223
panic(fmt.Sprintf("unknown resource %T for ResourceRequiresOrgID",tgt))
216224
}

‎coderd/coderdtest/coderdtest.go‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -758,6 +758,8 @@ func createAnotherUserRetry(t testing.TB, client *codersdk.Client, organizationI
758758
roleName,_,err=rbac.RoleSplit(roleName)
759759
require.NoError(t,err,"split org role name")
760760
ifok {
761+
roleName,_,err=rbac.RoleSplit(roleName)
762+
require.NoError(t,err,"split rolename")
761763
orgRoles[orgID]=append(orgRoles[orgID],roleName)
762764
}else {
763765
siteRoles=append(siteRoles,roleName)

‎coderd/database/dbauthz/customroles_test.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -244,7 +244,7 @@ func TestUpsertCustomRoles(t *testing.T) {
244244
}else {
245245
require.NoError(t,err)
246246

247-
// Verifywe can fetchtherole
247+
// Verifythe role is fetched withthelookup filter.
248248
roles,err:=az.CustomRoles(ctx, database.CustomRolesParams{
249249
LookupRoles: []database.NameOrganizationPair{
250250
{

‎coderd/database/dbmem/dbmem.go‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8415,6 +8415,7 @@ func (q *FakeQuerier) UpsertCustomRole(_ context.Context, arg database.UpsertCus
84158415
}
84168416

84178417
role:= database.CustomRole{
8418+
ID:uuid.New(),
84188419
Name:arg.Name,
84198420
DisplayName:arg.DisplayName,
84208421
OrganizationID:arg.OrganizationID,

‎coderd/database/dump.sql‎

Lines changed: 8 additions & 2 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
DROPINDEX idx_custom_roles_id;
2+
ALTERTABLE custom_roles DROP COLUMN id;
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
-- (name) is the primary key, this column is almost exclusively for auditing.
2+
-- Audit logs require a uuid as the unique identifier for a resource.
3+
ALTERTABLE custom_roles ADD COLUMN id uuid DEFAULT gen_random_uuid()NOT NULL;
4+
COMMENT ON COLUMN custom_roles.id IS'Custom roles ID is used purely for auditing purposes. Name is a better unique identifier.';
5+
6+
-- Ensure unique uuids.
7+
CREATEINDEXidx_custom_roles_idON custom_roles (id);
8+
ALTERTYPE resource_type ADD VALUE IF NOT EXISTS'custom_role';

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp