Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit9379491

Browse files
committed
verify audit log
1 parentb6fdba3 commit9379491

File tree

1 file changed

+50
-2
lines changed

1 file changed

+50
-2
lines changed

‎coderd/workspaceapps/db_test.go

Lines changed: 50 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package workspaceapps_test
33
import (
44
"context"
55
"crypto/rand"
6+
"database/sql"
67
"fmt"
78
"io"
89
"net"
@@ -24,6 +25,7 @@ import (
2425
"github.com/coder/coder/v2/coderd/audit"
2526
"github.com/coder/coder/v2/coderd/coderdtest"
2627
"github.com/coder/coder/v2/coderd/database"
28+
"github.com/coder/coder/v2/coderd/database/dbauthz"
2729
"github.com/coder/coder/v2/coderd/httpmw"
2830
"github.com/coder/coder/v2/coderd/jwtutils"
2931
"github.com/coder/coder/v2/coderd/tracing"
@@ -83,6 +85,9 @@ func Test_ResolveRequest(t *testing.T) {
8385

8486
auditor:=audit.NewMock()
8587
t.Cleanup(func() {
88+
ift.Failed() {
89+
return
90+
}
8691
assert.Len(t,auditor.AuditLogs(),0,"one or more test cases produced unexpected audit logs, did you replace the auditor or forget to call ResetLogs?")
8792
})
8893
client,closer,api:=coderdtest.NewWithAPI(t,&coderdtest.Options{
@@ -220,11 +225,24 @@ func Test_ResolveRequest(t *testing.T) {
220225
for_,agnt:=rangeresource.Agents {
221226
ifagnt.Name==agentName {
222227
agentID=agnt.ID
228+
break
223229
}
224230
}
225231
}
226232
require.NotEqual(t,uuid.Nil,agentID)
227233

234+
//nonlint:gocritic // This is a test, allow dbauthz.AsSystemRestricted.
235+
agent,err:=api.Database.GetWorkspaceAgentByID(dbauthz.AsSystemRestricted(ctx),agentID)
236+
require.NoError(t,err)
237+
238+
//nolint:gocritic // This is a test, allow dbauthz.AsSystemRestricted.
239+
apps,err:=api.Database.GetWorkspaceAppsByAgentID(dbauthz.AsSystemRestricted(ctx),agentID)
240+
require.NoError(t,err)
241+
appsBySlug:=make(map[string]database.WorkspaceApp,len(apps))
242+
for_,app:=rangeapps {
243+
appsBySlug[app.Slug]=app
244+
}
245+
228246
// Reset audit logs so cleanup check can pass.
229247
auditor.ResetLogs()
230248

@@ -268,12 +286,14 @@ func Test_ResolveRequest(t *testing.T) {
268286

269287
auditor:=audit.NewMock()
270288
auditableIP:=randomIPv6(t)
289+
auditableUA:="Tidua"
271290

272291
t.Log("app",app)
273292
rw:=httptest.NewRecorder()
274293
r:=httptest.NewRequest("GET","/app",nil)
275294
r.Header.Set(codersdk.SessionTokenHeader,client.SessionToken())
276295
r=requestWithAuditorAndRemoteAddr(r,auditor,auditableIP)
296+
r.Header.Set("User-Agent",auditableUA)
277297

278298
// Try resolving the request without a token.
279299
token,ok:=workspaceappsResolveRequest(t,rw,r, workspaceapps.ResolveRequestOptions{
@@ -314,7 +334,12 @@ func Test_ResolveRequest(t *testing.T) {
314334

315335
require.True(t,auditor.Contains(t, database.AuditLog{
316336
OrganizationID:workspace.OrganizationID,
337+
Action:database.AuditActionOpen,
338+
ResourceType:audit.ResourceType(appsBySlug[app]),
339+
ResourceID:audit.ResourceID(appsBySlug[app]),
340+
ResourceTarget:audit.ResourceTarget(appsBySlug[app]),
317341
UserID:me.ID,
342+
UserAgent: sql.NullString{Valid:true,String:auditableUA},
318343
Ip:audit.ParseIP(auditableIP),
319344
StatusCode:int32(w.StatusCode),//nolint:gosec
320345
}),"audit log")
@@ -399,6 +424,10 @@ func Test_ResolveRequest(t *testing.T) {
399424

400425
require.True(t,auditor.Contains(t, database.AuditLog{
401426
OrganizationID:workspace.OrganizationID,
427+
Action:database.AuditActionOpen,
428+
ResourceType:audit.ResourceType(appsBySlug[app]),
429+
ResourceID:audit.ResourceID(appsBySlug[app]),
430+
ResourceTarget:audit.ResourceTarget(appsBySlug[app]),
402431
UserID:secondUser.ID,
403432
Ip:audit.ParseIP(auditableIP),
404433
StatusCode:int32(w.StatusCode),//nolint:gosec
@@ -457,6 +486,10 @@ func Test_ResolveRequest(t *testing.T) {
457486

458487
require.True(t,auditor.Contains(t, database.AuditLog{
459488
OrganizationID:workspace.OrganizationID,
489+
ResourceType:audit.ResourceType(appsBySlug[app]),
490+
ResourceID:audit.ResourceID(appsBySlug[app]),
491+
ResourceTarget:audit.ResourceTarget(appsBySlug[app]),
492+
UserID:uuid.Nil,// Nil is not verified by Contains, see below.
460493
Ip:audit.ParseIP(auditableIP),
461494
StatusCode:int32(w.StatusCode),//nolint:gosec
462495
}),"audit log")
@@ -587,6 +620,9 @@ func Test_ResolveRequest(t *testing.T) {
587620
require.Equal(t,token.AgentID,agentID)
588621
require.True(t,auditor.Contains(t, database.AuditLog{
589622
OrganizationID:workspace.OrganizationID,
623+
ResourceType:audit.ResourceType(appsBySlug[token.AppSlugOrPort]),
624+
ResourceID:audit.ResourceID(appsBySlug[token.AppSlugOrPort]),
625+
ResourceTarget:audit.ResourceTarget(appsBySlug[token.AppSlugOrPort]),
590626
UserID:me.ID,
591627
Ip:audit.ParseIP(auditableIP),
592628
StatusCode:int32(w.StatusCode),//nolint:gosec
@@ -677,6 +713,9 @@ func Test_ResolveRequest(t *testing.T) {
677713

678714
require.True(t,auditor.Contains(t, database.AuditLog{
679715
OrganizationID:workspace.OrganizationID,
716+
ResourceType:audit.ResourceType(appsBySlug[token.AppSlugOrPort]),
717+
ResourceID:audit.ResourceID(appsBySlug[token.AppSlugOrPort]),
718+
ResourceTarget:audit.ResourceTarget(appsBySlug[token.AppSlugOrPort]),
680719
UserID:me.ID,
681720
Ip:audit.ParseIP(auditableIP),
682721
StatusCode:int32(w.StatusCode),//nolint:gosec
@@ -759,10 +798,13 @@ func Test_ResolveRequest(t *testing.T) {
759798
require.Equal(t,http.StatusOK,w.StatusCode)
760799
require.True(t,auditor.Contains(t, database.AuditLog{
761800
OrganizationID:workspace.OrganizationID,
801+
ResourceType:audit.ResourceType(agent),
802+
ResourceID:audit.ResourceID(agent),
803+
ResourceTarget:audit.ResourceTarget(agent),
762804
UserID:me.ID,
763805
Ip:audit.ParseIP(auditableIP),
764806
StatusCode:int32(w.StatusCode),//nolint:gosec
765-
}),"audit log")
807+
}),"audit log for agent, not app")
766808
require.Len(t,auditor.AuditLogs(),1,"single audit log")
767809
})
768810

@@ -839,6 +881,9 @@ func Test_ResolveRequest(t *testing.T) {
839881
_=w.Body.Close()
840882
require.True(t,auditor.Contains(t, database.AuditLog{
841883
OrganizationID:workspace.OrganizationID,
884+
ResourceType:audit.ResourceType(appsBySlug[token.AppSlugOrPort]),
885+
ResourceID:audit.ResourceID(appsBySlug[token.AppSlugOrPort]),
886+
ResourceTarget:audit.ResourceTarget(appsBySlug[token.AppSlugOrPort]),
842887
UserID:me.ID,
843888
Ip:audit.ParseIP(auditableIP),
844889
StatusCode:int32(w.StatusCode),//nolint:gosec
@@ -883,10 +928,13 @@ func Test_ResolveRequest(t *testing.T) {
883928
_=w.Body.Close()
884929
require.True(t,auditor.Contains(t, database.AuditLog{
885930
OrganizationID:workspace.OrganizationID,
931+
ResourceType:audit.ResourceType(agent),
932+
ResourceID:audit.ResourceID(agent),
933+
ResourceTarget:audit.ResourceTarget(agent),
886934
UserID:me.ID,
887935
Ip:audit.ParseIP(auditableIP),
888936
StatusCode:int32(w.StatusCode),//nolint:gosec
889-
}),"audit log")
937+
}),"audit log for agent, not app")
890938
require.Len(t,auditor.AuditLogs(),1,"single audit log")
891939
})
892940

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp