NotificationsYou must be signed in to change notification settings
Fork907
Star10k

Commit0f27da0

authored

feat: extend request logs with auth & DB info and log long lived connections early (#17422)

1 parent7c4c504 commit0f27da0Copy full SHA for 0f27da0

File tree

19 files changed

+714

-94

lines changed

Makefile
coderd
- coderd.go
- database
  - dbauthz
    - dbauthz.go
  - queries
    - users.sql
  - queries.sql.go
- httpmw
  - apikey.go
  - logger.go
  - loggermw
    - logger.go
    - logger_internal_test.go
    - loggermock
      - loggermock.go
  - workspaceagentparam.go
  - workspaceparam.go
- provisionerjobs.go
- provisionerjobs_internal_test.go
- rbac
  - authz.go
- workspaceagents.go
enterprise
- coderd
  - provisionerdaemons.go
- wsproxy
  - wsproxy.go
tailnet/test/integration
- integration.go

19 files changed

+714

-94

lines changed

`‎Makefile`

Lines changed: 6 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -563,8 +563,8 @@ GEN_FILES := \`
`563`	`563`	`site/e2e/provisionerGenerated.ts\`
`564`	`564`	`examples/examples.gen.json\`
`565`	`565`	`$(TAILNETTEST_MOCKS)\`
`566`		`-coderd/database/pubsub/psmock/psmock.go`
`567`		`-`
	`566`	`+coderd/database/pubsub/psmock/psmock.go\`
	`567`	`+coderd/httpmw/loggermw/loggermock/loggermock.go`
`568`	`568`
`569`	`569`	`# all gen targets should be added here and to gen/mark-fresh`
`570`	`570`	`gen: gen/db$(GEN_FILES)`
`@@ -598,6 +598,7 @@ gen/mark-fresh:`
`598`	`598`	`examples/examples.gen.json\`
`599`	`599`	`$(TAILNETTEST_MOCKS)\`
`600`	`600`	`coderd/database/pubsub/psmock/psmock.go\`
	`601`	`+coderd/httpmw/loggermw/loggermock/loggermock.go\`
`601`	`602`	`"`
`602`	`603`
`603`	`604`	`for file in $$files; do`
`@@ -629,6 +630,9 @@ coderd/database/dbmock/dbmock.go: coderd/database/db.go coderd/database/querier.`
`629`	`630`	`coderd/database/pubsub/psmock/psmock.go: coderd/database/pubsub/pubsub.go`
`630`	`631`	`go generate ./coderd/database/pubsub/psmock`
`631`	`632`
	`633`	`+coderd/httpmw/loggermw/loggermock/loggermock.go: coderd/httpmw/loggermw/logger.go`
	`634`	`+go generate ./coderd/httpmw/loggermw/loggermock/`
	`635`	`+`
`632`	`636`	`$(TAILNETTEST_MOCKS): tailnet/coordinator.go tailnet/service.go`
`633`	`637`	`go generate ./tailnet/tailnettest/`
`634`	`638`

`‎coderd/coderd.go`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,7 @@ import (`
`63`	`63`	`"github.com/coder/coder/v2/coderd/healthcheck/derphealth"`
`64`	`64`	`"github.com/coder/coder/v2/coderd/httpapi"`
`65`	`65`	`"github.com/coder/coder/v2/coderd/httpmw"`
	`66`	`+"github.com/coder/coder/v2/coderd/httpmw/loggermw"`
`66`	`67`	`"github.com/coder/coder/v2/coderd/metricscache"`
`67`	`68`	`"github.com/coder/coder/v2/coderd/notifications"`
`68`	`69`	`"github.com/coder/coder/v2/coderd/portsharing"`
`@@ -787,7 +788,7 @@ func New(options Options) API {`
`787`	`788`	`tracing.Middleware(api.TracerProvider),`
`788`	`789`	`httpmw.AttachRequestID,`
`789`	`790`	`httpmw.ExtractRealIP(api.RealIPConfig),`
`790`		`-httpmw.Logger(api.Logger),`
	`791`	`+loggermw.Logger(api.Logger),`
`791`	`792`	`rolestore.CustomRoleMW,`
`792`	`793`	`prometheusMW,`
`793`	`794`	`// Build-Version is helpful for debugging.`

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 20 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ import (`
`24`	`24`	`"github.com/coder/coder/v2/coderd/database"`
`25`	`25`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
`26`	`26`	`"github.com/coder/coder/v2/coderd/httpapi/httpapiconstraints"`
	`27`	`+"github.com/coder/coder/v2/coderd/httpmw/loggermw"`
`27`	`28`	`"github.com/coder/coder/v2/coderd/rbac"`
`28`	`29`	`"github.com/coder/coder/v2/coderd/util/slice"`
`29`	`30`	`"github.com/coder/coder/v2/provisionersdk"`
`@@ -162,6 +163,7 @@ func ActorFromContext(ctx context.Context) (rbac.Subject, bool) {`
`162`	`163`
`163`	`164`	`var (`
`164`	`165`	`subjectProvisionerd= rbac.Subject{`
	`166`	`+Type:rbac.SubjectTypeProvisionerd,`
`165`	`167`	`FriendlyName:"Provisioner Daemon",`
`166`	`168`	`ID:uuid.Nil.String(),`
`167`	`169`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -193,6 +195,7 @@ var (`
`193`	`195`	`}.WithCachedASTValue()`
`194`	`196`
`195`	`197`	`subjectAutostart= rbac.Subject{`
	`198`	`+Type:rbac.SubjectTypeAutostart,`
`196`	`199`	`FriendlyName:"Autostart",`
`197`	`200`	`ID:uuid.Nil.String(),`
`198`	`201`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -216,6 +219,7 @@ var (`
`216`	`219`
`217`	`220`	`// See unhanger package.`
`218`	`221`	`subjectHangDetector= rbac.Subject{`
	`222`	`+Type:rbac.SubjectTypeHangDetector,`
`219`	`223`	`FriendlyName:"Hang Detector",`
`220`	`224`	`ID:uuid.Nil.String(),`
`221`	`225`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -236,6 +240,7 @@ var (`
`236`	`240`
`237`	`241`	`// See cryptokeys package.`
`238`	`242`	`subjectCryptoKeyRotator= rbac.Subject{`
	`243`	`+Type:rbac.SubjectTypeCryptoKeyRotator,`
`239`	`244`	`FriendlyName:"Crypto Key Rotator",`
`240`	`245`	`ID:uuid.Nil.String(),`
`241`	`246`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -254,6 +259,7 @@ var (`
`254`	`259`
`255`	`260`	`// See cryptokeys package.`
`256`	`261`	`subjectCryptoKeyReader= rbac.Subject{`
	`262`	`+Type:rbac.SubjectTypeCryptoKeyReader,`
`257`	`263`	`FriendlyName:"Crypto Key Reader",`
`258`	`264`	`ID:uuid.Nil.String(),`
`259`	`265`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -271,6 +277,7 @@ var (`
`271`	`277`	`}.WithCachedASTValue()`
`272`	`278`
`273`	`279`	`subjectNotifier= rbac.Subject{`
	`280`	`+Type:rbac.SubjectTypeNotifier,`
`274`	`281`	`FriendlyName:"Notifier",`
`275`	`282`	`ID:uuid.Nil.String(),`
`276`	`283`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -288,6 +295,7 @@ var (`
`288`	`295`	`}.WithCachedASTValue()`
`289`	`296`
`290`	`297`	`subjectSystemRestricted= rbac.Subject{`
	`298`	`+Type:rbac.SubjectTypeSystemRestricted,`
`291`	`299`	`FriendlyName:"System",`
`292`	`300`	`ID:uuid.Nil.String(),`
`293`	`301`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -323,6 +331,7 @@ var (`
`323`	`331`	`}.WithCachedASTValue()`
`324`	`332`
`325`	`333`	`subjectSystemReadProvisionerDaemons= rbac.Subject{`
	`334`	`+Type:rbac.SubjectTypeSystemReadProvisionerDaemons,`
`326`	`335`	`FriendlyName:"Provisioner Daemons Reader",`
`327`	`336`	`ID:uuid.Nil.String(),`
`328`	`337`	`Roles:rbac.Roles([]rbac.Role{`
`@@ -343,47 +352,47 @@ var (`
`343`	`352`	`// AsProvisionerd returns a context with an actor that has permissions required`
`344`	`353`	`// for provisionerd to function.`
`345`	`354`	`funcAsProvisionerd(ctx context.Context) context.Context {`
`346`		`-returncontext.WithValue(ctx,authContextKey{},subjectProvisionerd)`
	`355`	`+returnAs(ctx,subjectProvisionerd)`
`347`	`356`	`}`
`348`	`357`
`349`	`358`	`// AsAutostart returns a context with an actor that has permissions required`
`350`	`359`	`// for autostart to function.`
`351`	`360`	`funcAsAutostart(ctx context.Context) context.Context {`
`352`		`-returncontext.WithValue(ctx,authContextKey{},subjectAutostart)`
	`361`	`+returnAs(ctx,subjectAutostart)`
`353`	`362`	`}`
`354`	`363`
`355`	`364`	`// AsHangDetector returns a context with an actor that has permissions required`
`356`	`365`	`// for unhanger.Detector to function.`
`357`	`366`	`funcAsHangDetector(ctx context.Context) context.Context {`
`358`		`-returncontext.WithValue(ctx,authContextKey{},subjectHangDetector)`
	`367`	`+returnAs(ctx,subjectHangDetector)`
`359`	`368`	`}`
`360`	`369`
`361`	`370`	`// AsKeyRotator returns a context with an actor that has permissions required for rotating crypto keys.`
`362`	`371`	`funcAsKeyRotator(ctx context.Context) context.Context {`
`363`		`-returncontext.WithValue(ctx,authContextKey{},subjectCryptoKeyRotator)`
	`372`	`+returnAs(ctx,subjectCryptoKeyRotator)`
`364`	`373`	`}`
`365`	`374`
`366`	`375`	`// AsKeyReader returns a context with an actor that has permissions required for reading crypto keys.`
`367`	`376`	`funcAsKeyReader(ctx context.Context) context.Context {`
`368`		`-returncontext.WithValue(ctx,authContextKey{},subjectCryptoKeyReader)`
	`377`	`+returnAs(ctx,subjectCryptoKeyReader)`
`369`	`378`	`}`
`370`	`379`
`371`	`380`	`// AsNotifier returns a context with an actor that has permissions required for`
`372`	`381`	`// creating/reading/updating/deleting notifications.`
`373`	`382`	`funcAsNotifier(ctx context.Context) context.Context {`
`374`		`-returncontext.WithValue(ctx,authContextKey{},subjectNotifier)`
	`383`	`+returnAs(ctx,subjectNotifier)`
`375`	`384`	`}`
`376`	`385`
`377`	`386`	`// AsSystemRestricted returns a context with an actor that has permissions`
`378`	`387`	`// required for various system operations (login, logout, metrics cache).`
`379`	`388`	`funcAsSystemRestricted(ctx context.Context) context.Context {`
`380`		`-returncontext.WithValue(ctx,authContextKey{},subjectSystemRestricted)`
	`389`	`+returnAs(ctx,subjectSystemRestricted)`
`381`	`390`	`}`
`382`	`391`
`383`	`392`	`// AsSystemReadProvisionerDaemons returns a context with an actor that has permissions`
`384`	`393`	`// to read provisioner daemons.`
`385`	`394`	`funcAsSystemReadProvisionerDaemons(ctx context.Context) context.Context {`
`386`		`-returncontext.WithValue(ctx,authContextKey{},subjectSystemReadProvisionerDaemons)`
	`395`	`+returnAs(ctx,subjectSystemReadProvisionerDaemons)`
`387`	`396`	`}`
`388`	`397`
`389`	`398`	`varAsRemoveActor= rbac.Subject{`
`@@ -401,6 +410,9 @@ func As(ctx context.Context, actor rbac.Subject) context.Context {`
`401`	`410`	`// should be removed from the context.`
`402`	`411`	`returncontext.WithValue(ctx,authContextKey{},nil)`
`403`	`412`	`}`
	`413`	`+ifrlogger:=loggermw.RequestLoggerFromContext(ctx);rlogger!=nil {`
	`414`	`+rlogger.WithAuthContext(actor)`
	`415`	`+}`
`404`	`416`	`returncontext.WithValue(ctx,authContextKey{},actor)`
`405`	`417`	`}`
`406`	`418`

`‎coderd/database/queries.sql.go`

Lines changed: 4 additions & 2 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries/users.sql`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -244,10 +244,10 @@ WHERE`
`244`	`244`	`-- This function returns roles for authorization purposes. Implied member roles`
`245`	`245`	`-- are included.`
`246`	`246`	`SELECT`
`247`		`--- usernameis returned just to help for logging purposes`
	`247`	`+-- usernameand email are returned just to help for logging purposes`
`248`	`248`	`-- status is used to enforce 'suspended' users, as all roles are ignored`
`249`	`249`	`--when suspended.`
`250`		`-id, username, status,`
	`250`	`+id, username, status, email,`
`251`	`251`	`-- All user roles, including their org roles.`
`252`	`252`	`array_cat(`
`253`	`253`	`-- All users are members`

`‎coderd/httpmw/apikey.go`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -465,7 +465,9 @@ func UserRBACSubject(ctx context.Context, db database.Store, userID uuid.UUID, s`
`465`	`465`	`}`
`466`	`466`
`467`	`467`	`actor:= rbac.Subject{`
	`468`	`+Type:rbac.SubjectTypeUser,`
`468`	`469`	`FriendlyName:roles.Username,`
	`470`	`+Email:roles.Email,`
`469`	`471`	`ID:userID.String(),`
`470`	`472`	`Roles:rbacRoles,`
`471`	`473`	`Groups:roles.Groups,`

`‎coderd/httpmw/logger.go`

Lines changed: 0 additions & 76 deletions

This file was deleted.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0f27da0

File tree

19 files changed

19 files changed

`‎Makefile`

`‎coderd/coderd.go`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/queries.sql.go`

`‎coderd/database/queries/users.sql`

`‎coderd/httpmw/apikey.go`

`‎coderd/httpmw/logger.go`

0 commit comments