NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commita27ac30

authored

chore: add sql filter to fetching audit logs (#14070)

* chore: add sql filter to fetching audit logs* use sqlc.embed for audit logs* fix sql query matcher

1 parentd23670a commita27ac30Copy full SHA for a27ac30

File tree

16 files changed

+562

-245

lines changed

coderd
- audit.go
- audit_internal_test.go
- audit_test.go
- database
  - dbauthz
    - dbauthz.go
    - dbauthz_test.go
  - dbgen
    - dbgen.go
  - dbmem
    - dbmem.go
  - dbmetrics
    - dbmetrics.go
  - dbmock
    - dbmock.go
  - modelmethods.go
  - modelqueries.go
  - querier_test.go
  - queries
    - auditlogs.sql
  - queries.sql.go
- rbac/regosql
  - configs.go
enterprise/audit/backends
- postgres_test.go

16 files changed

+562

-245

lines changed

`‎coderd/audit.go`

Lines changed: 43 additions & 43 deletions

Original file line number	Diff line number	Diff line change
`@@ -182,17 +182,17 @@ func (api *API) convertAuditLogs(ctx context.Context, dblogs []database.GetAudit`
`182`	`182`	`}`
`183`	`183`
`184`	`184`	`func (api*API)convertAuditLog(ctx context.Context,dblog database.GetAuditLogsOffsetRow) codersdk.AuditLog {`
`185`		`-ip,_:=netip.AddrFromSlice(dblog.Ip.IPNet.IP)`
	`185`	`+ip,_:=netip.AddrFromSlice(dblog.AuditLog.Ip.IPNet.IP)`
`186`	`186`
`187`	`187`	`diff:= codersdk.AuditDiff{}`
`188`		`-_=json.Unmarshal(dblog.Diff,&diff)`
	`188`	`+_=json.Unmarshal(dblog.AuditLog.Diff,&diff)`
`189`	`189`
`190`	`190`	`varuser*codersdk.User`
`191`	`191`	`ifdblog.UserUsername.Valid {`
`192`	`192`	`// Leaving the organization IDs blank for now; not sure they are useful for`
`193`	`193`	`// the audit query anyway?`
`194`	`194`	`sdkUser:=db2sdk.User(database.User{`
`195`		`-ID:dblog.UserID,`
	`195`	`+ID:dblog.AuditLog.UserID,`
`196`	`196`	`Email:dblog.UserEmail.String,`
`197`	`197`	`Username:dblog.UserUsername.String,`
`198`	`198`	`CreatedAt:dblog.UserCreatedAt.Time,`
`@@ -211,7 +211,7 @@ func (api *API) convertAuditLog(ctx context.Context, dblog database.GetAuditLogs`
`211`	`211`	`}`
`212`	`212`
`213`	`213`	`var (`
`214`		`-additionalFieldsBytes= []byte(dblog.AdditionalFields)`
	`214`	`+additionalFieldsBytes= []byte(dblog.AuditLog.AdditionalFields)`
`215`	`215`	`additionalFields audit.AdditionalFields`
`216`	`216`	`err=json.Unmarshal(additionalFieldsBytes,&additionalFields)`
`217`	`217`	`)`
`@@ -224,7 +224,7 @@ func (api *API) convertAuditLog(ctx context.Context, dblog database.GetAuditLogs`
`224`	`224`	`WorkspaceOwner:"unknown",`
`225`	`225`	`}`
`226`	`226`
`227`		`-dblog.AdditionalFields,err=json.Marshal(resourceInfo)`
	`227`	`+dblog.AuditLog.AdditionalFields,err=json.Marshal(resourceInfo)`
`228`	`228`	`api.Logger.Error(ctx,"marshal additional fields",slog.Error(err))`
`229`	`229`	`}`
`230`	`230`
`@@ -239,30 +239,30 @@ func (api *API) convertAuditLog(ctx context.Context, dblog database.GetAuditLogs`
`239`	`239`	`}`
`240`	`240`
`241`	`241`	`alog:= codersdk.AuditLog{`
`242`		`-ID:dblog.ID,`
`243`		`-RequestID:dblog.RequestID,`
`244`		`-Time:dblog.Time,`
	`242`	`+ID:dblog.AuditLog.ID,`
	`243`	`+RequestID:dblog.AuditLog.RequestID,`
	`244`	`+Time:dblog.AuditLog.Time,`
`245`	`245`	`// OrganizationID is deprecated.`
`246`		`-OrganizationID:dblog.OrganizationID,`
	`246`	`+OrganizationID:dblog.AuditLog.OrganizationID,`
`247`	`247`	`IP:ip,`
`248`		`-UserAgent:dblog.UserAgent.String,`
`249`		`-ResourceType:codersdk.ResourceType(dblog.ResourceType),`
`250`		`-ResourceID:dblog.ResourceID,`
`251`		`-ResourceTarget:dblog.ResourceTarget,`
`252`		`-ResourceIcon:dblog.ResourceIcon,`
`253`		`-Action:codersdk.AuditAction(dblog.Action),`
	`248`	`+UserAgent:dblog.AuditLog.UserAgent.String,`
	`249`	`+ResourceType:codersdk.ResourceType(dblog.AuditLog.ResourceType),`
	`250`	`+ResourceID:dblog.AuditLog.ResourceID,`
	`251`	`+ResourceTarget:dblog.AuditLog.ResourceTarget,`
	`252`	`+ResourceIcon:dblog.AuditLog.ResourceIcon,`
	`253`	`+Action:codersdk.AuditAction(dblog.AuditLog.Action),`
`254`	`254`	`Diff:diff,`
`255`		`-StatusCode:dblog.StatusCode,`
`256`		`-AdditionalFields:dblog.AdditionalFields,`
	`255`	`+StatusCode:dblog.AuditLog.StatusCode,`
	`256`	`+AdditionalFields:dblog.AuditLog.AdditionalFields,`
`257`	`257`	`User:user,`
`258`	`258`	`Description:auditLogDescription(dblog),`
`259`	`259`	`ResourceLink:resourceLink,`
`260`	`260`	`IsDeleted:isDeleted,`
`261`	`261`	`}`
`262`	`262`
`263`		`-ifdblog.OrganizationID!=uuid.Nil {`
	`263`	`+ifdblog.AuditLog.OrganizationID!=uuid.Nil {`
`264`	`264`	`alog.Organization=&codersdk.MinimalOrganization{`
`265`		`-ID:dblog.OrganizationID,`
	`265`	`+ID:dblog.AuditLog.OrganizationID,`
`266`	`266`	`Name:dblog.OrganizationName,`
`267`	`267`	`DisplayName:dblog.OrganizationDisplayName,`
`268`	`268`	`Icon:dblog.OrganizationIcon,`
`@@ -276,32 +276,32 @@ func auditLogDescription(alog database.GetAuditLogsOffsetRow) string {`
`276`	`276`	`b:= strings.Builder{}`
`277`	`277`	`// NOTE: WriteString always returns a nil error, so we never check it`
`278`	`278`	`_,_=b.WriteString("{user} ")`
`279`		`-ifalog.StatusCode>=400 {`
	`279`	`+ifalog.AuditLog.StatusCode>=400 {`
`280`	`280`	`_,_=b.WriteString("unsuccessfully attempted to ")`
`281`		`-_,_=b.WriteString(string(alog.Action))`
	`281`	`+_,_=b.WriteString(string(alog.AuditLog.Action))`
`282`	`282`	`}else {`
`283`		`-_,_=b.WriteString(codersdk.AuditAction(alog.Action).Friendly())`
	`283`	`+_,_=b.WriteString(codersdk.AuditAction(alog.AuditLog.Action).Friendly())`
`284`	`284`	`}`
`285`	`285`
`286`	`286`	`// API Key resources (used for authentication) do not have targets and follow the below format:`
`287`	`287`	`// "User {logged in \| logged out \| registered}"`
`288`		`-ifalog.ResourceType==database.ResourceTypeApiKey&&`
`289`		`-(alog.Action==database.AuditActionLogin\|\|alog.Action==database.AuditActionLogout\|\|alog.Action==database.AuditActionRegister) {`
	`288`	`+ifalog.AuditLog.ResourceType==database.ResourceTypeApiKey&&`
	`289`	`+(alog.AuditLog.Action==database.AuditActionLogin\|\|alog.AuditLog.Action==database.AuditActionLogout\|\|alog.AuditLog.Action==database.AuditActionRegister) {`
`290`	`290`	`returnb.String()`
`291`	`291`	`}`
`292`	`292`
`293`	`293`	`// We don't display the name (target) for git ssh keys. It's fairly long and doesn't`
`294`	`294`	`// make too much sense to display.`
`295`		`-ifalog.ResourceType==database.ResourceTypeGitSshKey {`
	`295`	`+ifalog.AuditLog.ResourceType==database.ResourceTypeGitSshKey {`
`296`	`296`	`_,_=b.WriteString(" the ")`
`297`		`-_,_=b.WriteString(codersdk.ResourceType(alog.ResourceType).FriendlyString())`
	`297`	`+_,_=b.WriteString(codersdk.ResourceType(alog.AuditLog.ResourceType).FriendlyString())`
`298`	`298`	`returnb.String()`
`299`	`299`	`}`
`300`	`300`
`301`	`301`	`_,_=b.WriteString(" ")`
`302`		`-_,_=b.WriteString(codersdk.ResourceType(alog.ResourceType).FriendlyString())`
	`302`	`+_,_=b.WriteString(codersdk.ResourceType(alog.AuditLog.ResourceType).FriendlyString())`
`303`	`303`
`304`		`-ifalog.ResourceType==database.ResourceTypeConvertLogin {`
	`304`	`+ifalog.AuditLog.ResourceType==database.ResourceTypeConvertLogin {`
`305`	`305`	`_,_=b.WriteString(" to")`
`306`	`306`	`}`
`307`	`307`
`@@ -311,9 +311,9 @@ func auditLogDescription(alog database.GetAuditLogsOffsetRow) string {`
`311`	`311`	`}`
`312`	`312`
`313`	`313`	`func (api*API)auditLogIsResourceDeleted(ctx context.Context,alog database.GetAuditLogsOffsetRow)bool {`
`314`		`-switchalog.ResourceType {`
	`314`	`+switchalog.AuditLog.ResourceType {`
`315`	`315`	`casedatabase.ResourceTypeTemplate:`
`316`		`-template,err:=api.Database.GetTemplateByID(ctx,alog.ResourceID)`
	`316`	`+template,err:=api.Database.GetTemplateByID(ctx,alog.AuditLog.ResourceID)`
`317`	`317`	`iferr!=nil {`
`318`	`318`	`ifxerrors.Is(err,sql.ErrNoRows) {`
`319`	`319`	`returntrue`
`@@ -322,7 +322,7 @@ func (api *API) auditLogIsResourceDeleted(ctx context.Context, alog database.Get`
`322`	`322`	`}`
`323`	`323`	`returntemplate.Deleted`
`324`	`324`	`casedatabase.ResourceTypeUser:`
`325`		`-user,err:=api.Database.GetUserByID(ctx,alog.ResourceID)`
	`325`	`+user,err:=api.Database.GetUserByID(ctx,alog.AuditLog.ResourceID)`
`326`	`326`	`iferr!=nil {`
`327`	`327`	`ifxerrors.Is(err,sql.ErrNoRows) {`
`328`	`328`	`returntrue`
`@@ -331,7 +331,7 @@ func (api *API) auditLogIsResourceDeleted(ctx context.Context, alog database.Get`
`331`	`331`	`}`
`332`	`332`	`returnuser.Deleted`
`333`	`333`	`casedatabase.ResourceTypeWorkspace:`
`334`		`-workspace,err:=api.Database.GetWorkspaceByID(ctx,alog.ResourceID)`
	`334`	`+workspace,err:=api.Database.GetWorkspaceByID(ctx,alog.AuditLog.ResourceID)`
`335`	`335`	`iferr!=nil {`
`336`	`336`	`ifxerrors.Is(err,sql.ErrNoRows) {`
`337`	`337`	`returntrue`
`@@ -340,7 +340,7 @@ func (api *API) auditLogIsResourceDeleted(ctx context.Context, alog database.Get`
`340`	`340`	`}`
`341`	`341`	`returnworkspace.Deleted`
`342`	`342`	`casedatabase.ResourceTypeWorkspaceBuild:`
`343`		`-workspaceBuild,err:=api.Database.GetWorkspaceBuildByID(ctx,alog.ResourceID)`
	`343`	`+workspaceBuild,err:=api.Database.GetWorkspaceBuildByID(ctx,alog.AuditLog.ResourceID)`
`344`	`344`	`iferr!=nil {`
`345`	`345`	`ifxerrors.Is(err,sql.ErrNoRows) {`
`346`	`346`	`returntrue`
`@@ -357,15 +357,15 @@ func (api *API) auditLogIsResourceDeleted(ctx context.Context, alog database.Get`
`357`	`357`	`}`
`358`	`358`	`returnworkspace.Deleted`
`359`	`359`	`casedatabase.ResourceTypeOauth2ProviderApp:`
`360`		`-_,err:=api.Database.GetOAuth2ProviderAppByID(ctx,alog.ResourceID)`
	`360`	`+_,err:=api.Database.GetOAuth2ProviderAppByID(ctx,alog.AuditLog.ResourceID)`
`361`	`361`	`ifxerrors.Is(err,sql.ErrNoRows) {`
`362`	`362`	`returntrue`
`363`	`363`	`}elseiferr!=nil {`
`364`	`364`	`api.Logger.Error(ctx,"unable to fetch oauth2 app",slog.Error(err))`
`365`	`365`	`}`
`366`	`366`	`returnfalse`
`367`	`367`	`casedatabase.ResourceTypeOauth2ProviderAppSecret:`
`368`		`-_,err:=api.Database.GetOAuth2ProviderAppSecretByID(ctx,alog.ResourceID)`
	`368`	`+_,err:=api.Database.GetOAuth2ProviderAppSecretByID(ctx,alog.AuditLog.ResourceID)`
`369`	`369`	`ifxerrors.Is(err,sql.ErrNoRows) {`
`370`	`370`	`returntrue`
`371`	`371`	`}elseiferr!=nil {`
`@@ -378,17 +378,17 @@ func (api *API) auditLogIsResourceDeleted(ctx context.Context, alog database.Get`
`378`	`378`	`}`
`379`	`379`
`380`	`380`	`func (api*API)auditLogResourceLink(ctx context.Context,alog database.GetAuditLogsOffsetRow,additionalFields audit.AdditionalFields)string {`
`381`		`-switchalog.ResourceType {`
	`381`	`+switchalog.AuditLog.ResourceType {`
`382`	`382`	`casedatabase.ResourceTypeTemplate:`
`383`	`383`	`returnfmt.Sprintf("/templates/%s",`
`384`		`-alog.ResourceTarget)`
	`384`	`+alog.AuditLog.ResourceTarget)`
`385`	`385`
`386`	`386`	`casedatabase.ResourceTypeUser:`
`387`	`387`	`returnfmt.Sprintf("/users?filter=%s",`
`388`		`-alog.ResourceTarget)`
	`388`	`+alog.AuditLog.ResourceTarget)`
`389`	`389`
`390`	`390`	`casedatabase.ResourceTypeWorkspace:`
`391`		`-workspace,getWorkspaceErr:=api.Database.GetWorkspaceByID(ctx,alog.ResourceID)`
	`391`	`+workspace,getWorkspaceErr:=api.Database.GetWorkspaceByID(ctx,alog.AuditLog.ResourceID)`
`392`	`392`	`ifgetWorkspaceErr!=nil {`
`393`	`393`	`return""`
`394`	`394`	`}`
`@@ -397,13 +397,13 @@ func (api *API) auditLogResourceLink(ctx context.Context, alog database.GetAudit`
`397`	`397`	`return""`
`398`	`398`	`}`
`399`	`399`	`returnfmt.Sprintf("/@%s/%s",`
`400`		`-workspaceOwner.Username,alog.ResourceTarget)`
	`400`	`+workspaceOwner.Username,alog.AuditLog.ResourceTarget)`
`401`	`401`
`402`	`402`	`casedatabase.ResourceTypeWorkspaceBuild:`
`403`	`403`	`iflen(additionalFields.WorkspaceName)==0\|\|len(additionalFields.BuildNumber)==0 {`
`404`	`404`	`return""`
`405`	`405`	`}`
`406`		`-workspaceBuild,getWorkspaceBuildErr:=api.Database.GetWorkspaceBuildByID(ctx,alog.ResourceID)`
	`406`	`+workspaceBuild,getWorkspaceBuildErr:=api.Database.GetWorkspaceBuildByID(ctx,alog.AuditLog.ResourceID)`
`407`	`407`	`ifgetWorkspaceBuildErr!=nil {`
`408`	`408`	`return""`
`409`	`409`	`}`
`@@ -419,10 +419,10 @@ func (api *API) auditLogResourceLink(ctx context.Context, alog database.GetAudit`
`419`	`419`	`workspaceOwner.Username,additionalFields.WorkspaceName,additionalFields.BuildNumber)`
`420`	`420`
`421`	`421`	`casedatabase.ResourceTypeOauth2ProviderApp:`
`422`		`-returnfmt.Sprintf("/deployment/oauth2-provider/apps/%s",alog.ResourceID)`
	`422`	`+returnfmt.Sprintf("/deployment/oauth2-provider/apps/%s",alog.AuditLog.ResourceID)`
`423`	`423`
`424`	`424`	`casedatabase.ResourceTypeOauth2ProviderAppSecret:`
`425`		`-secret,err:=api.Database.GetOAuth2ProviderAppSecretByID(ctx,alog.ResourceID)`
	`425`	`+secret,err:=api.Database.GetOAuth2ProviderAppSecretByID(ctx,alog.AuditLog.ResourceID)`
`426`	`426`	`iferr!=nil {`
`427`	`427`	`return""`
`428`	`428`	`}`

`‎coderd/audit_internal_test.go`

Lines changed: 25 additions & 15 deletions

Original file line number	Diff line number	Diff line change
`@@ -18,45 +18,55 @@ func TestAuditLogDescription(t *testing.T) {`
`18`	`18`	`{`
`19`	`19`	`name:"mainline",`
`20`	`20`	`alog: database.GetAuditLogsOffsetRow{`
`21`		`-Action:database.AuditActionCreate,`
`22`		`-StatusCode:200,`
`23`		`-ResourceType:database.ResourceTypeWorkspace,`
	`21`	`+AuditLog: database.AuditLog{`
	`22`	`+Action:database.AuditActionCreate,`
	`23`	`+StatusCode:200,`
	`24`	`+ResourceType:database.ResourceTypeWorkspace,`
	`25`	`+},`
`24`	`26`	`},`
`25`	`27`	`want:"{user} created workspace {target}",`
`26`	`28`	`},`
`27`	`29`	`{`
`28`	`30`	`name:"unsuccessful",`
`29`	`31`	`alog: database.GetAuditLogsOffsetRow{`
`30`		`-Action:database.AuditActionCreate,`
`31`		`-StatusCode:400,`
`32`		`-ResourceType:database.ResourceTypeWorkspace,`
	`32`	`+AuditLog: database.AuditLog{`
	`33`	`+Action:database.AuditActionCreate,`
	`34`	`+StatusCode:400,`
	`35`	`+ResourceType:database.ResourceTypeWorkspace,`
	`36`	`+},`
`33`	`37`	`},`
`34`	`38`	`want:"{user} unsuccessfully attempted to create workspace {target}",`
`35`	`39`	`},`
`36`	`40`	`{`
`37`	`41`	`name:"login",`
`38`	`42`	`alog: database.GetAuditLogsOffsetRow{`
`39`		`-Action:database.AuditActionLogin,`
`40`		`-StatusCode:200,`
`41`		`-ResourceType:database.ResourceTypeApiKey,`
	`43`	`+AuditLog: database.AuditLog{`
	`44`	`+Action:database.AuditActionLogin,`
	`45`	`+StatusCode:200,`
	`46`	`+ResourceType:database.ResourceTypeApiKey,`
	`47`	`+},`
`42`	`48`	`},`
`43`	`49`	`want:"{user} logged in",`
`44`	`50`	`},`
`45`	`51`	`{`
`46`	`52`	`name:"unsuccessful_login",`
`47`	`53`	`alog: database.GetAuditLogsOffsetRow{`
`48`		`-Action:database.AuditActionLogin,`
`49`		`-StatusCode:401,`
`50`		`-ResourceType:database.ResourceTypeApiKey,`
	`54`	`+AuditLog: database.AuditLog{`
	`55`	`+Action:database.AuditActionLogin,`
	`56`	`+StatusCode:401,`
	`57`	`+ResourceType:database.ResourceTypeApiKey,`
	`58`	`+},`
`51`	`59`	`},`
`52`	`60`	`want:"{user} unsuccessfully attempted to login",`
`53`	`61`	`},`
`54`	`62`	`{`
`55`	`63`	`name:"gitsshkey",`
`56`	`64`	`alog: database.GetAuditLogsOffsetRow{`
`57`		`-Action:database.AuditActionDelete,`
`58`		`-StatusCode:200,`
`59`		`-ResourceType:database.ResourceTypeGitSshKey,`
	`65`	`+AuditLog: database.AuditLog{`
	`66`	`+Action:database.AuditActionDelete,`
	`67`	`+StatusCode:200,`
	`68`	`+ResourceType:database.ResourceTypeGitSshKey,`
	`69`	`+},`
`60`	`70`	`},`
`61`	`71`	`want:"{user} deleted the git ssh key",`
`62`	`72`	`},`

`‎coderd/audit_test.go`

Lines changed: 6 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,6 @@ import (`
`4`	`4`	`"context"`
`5`	`5`	`"encoding/json"`
`6`	`6`	`"fmt"`
`7`		`-"net/http"`
`8`	`7`	`"strconv"`
`9`	`8`	`"testing"`
`10`	`9`	`"time"`
`@@ -163,19 +162,18 @@ func TestAuditLogs(t *testing.T) {`
`163`	`162`	`})`
`164`	`163`	`require.NoError(t,err)`
`165`	`164`
`166`		`-// Fetching audit logs without an organization selector should fail`
`167`		`-_,err=orgAdmin.AuditLogs(ctx, codersdk.AuditLogsRequest{`
	`165`	`+// Fetching audit logs without an organization selector should only`
	`166`	`+// return organization audit logs the org admin is an admin of.`
	`167`	`+alogs,err:=orgAdmin.AuditLogs(ctx, codersdk.AuditLogsRequest{`
`168`	`168`	`Pagination: codersdk.Pagination{`
`169`	`169`	`Limit:5,`
`170`	`170`	`},`
`171`	`171`	`})`
`172`		`-varsdkError*codersdk.Error`
`173`		`-require.Error(t,err)`
`174`		`-require.ErrorAsf(t,err,&sdkError,"error should be of type *codersdk.Error")`
`175`		`-require.Equal(t,http.StatusForbidden,sdkError.StatusCode())`
	`172`	`+require.NoError(t,err)`
	`173`	`+require.Len(t,alogs.AuditLogs,1)`
`176`	`174`
`177`	`175`	`// Using the organization selector allows the org admin to fetch audit logs`
`178`		`-alogs,err:=orgAdmin.AuditLogs(ctx, codersdk.AuditLogsRequest{`
	`176`	`+alogs,err=orgAdmin.AuditLogs(ctx, codersdk.AuditLogsRequest{`
`179`	`177`	`SearchQuery:fmt.Sprintf("organization:%s",owner.OrganizationID.String()),`
`180`	`178`	`Pagination: codersdk.Pagination{`
`181`	`179`	`Limit:5,`

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 8 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -1248,22 +1248,12 @@ func (q *querier) GetApplicationName(ctx context.Context) (string, error) {`
`1248`	`1248`	`}`
`1249`	`1249`
`1250`	`1250`	`func (q*querier)GetAuditLogsOffset(ctx context.Context,arg database.GetAuditLogsOffsetParams) ([]database.GetAuditLogsOffsetRow,error) {`
`1251`		`-// To optimize the authz checks for audit logs, do not run an authorize`
`1252`		`-// check on each individual audit log row. In practice, audit logs are either`
`1253`		`-// fetched from a global or an organization scope.`
`1254`		`-// Applying a SQL filter would slow down the query for no benefit on how this query is`
`1255`		`-// actually used.`
`1256`		`-`
`1257`		`-object:=rbac.ResourceAuditLog`
`1258`		`-ifarg.OrganizationID!=uuid.Nil {`
`1259`		`-object=object.InOrg(arg.OrganizationID)`
`1260`		`-}`
`1261`		`-`
`1262`		`-iferr:=q.authorizeContext(ctx,policy.ActionRead,object);err!=nil {`
`1263`		`-returnnil,err`
	`1251`	`+prep,err:=prepareSQLFilter(ctx,q.auth,policy.ActionRead,rbac.ResourceAuditLog.Type)`
	`1252`	`+iferr!=nil {`
	`1253`	`+returnnil,xerrors.Errorf("(dev error) prepare sql filter: %w",err)`
`1264`	`1254`	`}`
`1265`	`1255`
`1266`		`-returnq.db.GetAuditLogsOffset(ctx,arg)`
	`1256`	`+returnq.db.GetAuthorizedAuditLogsOffset(ctx,arg,prep)`
`1267`	`1257`	`}`
`1268`	`1258`
`1269`	`1259`	`func (q*querier)GetAuthorizationUserRoles(ctx context.Context,userID uuid.UUID) (database.GetAuthorizationUserRolesRow,error) {`
`@@ -3852,3 +3842,7 @@ func (q *querier) GetAuthorizedUsers(ctx context.Context, arg database.GetUsersP`
`3852`	`3842`	`// GetUsers is authenticated.`
`3853`	`3843`	`returnq.GetUsers(ctx,arg)`
`3854`	`3844`	`}`
	`3845`	`+`
	`3846`	`+func (q*querier)GetAuthorizedAuditLogsOffset(ctx context.Context,arg database.GetAuditLogsOffsetParams,_ rbac.PreparedAuthorized) ([]database.GetAuditLogsOffsetRow,error) {`
	`3847`	`+returnq.GetAuditLogsOffset(ctx,arg)`
	`3848`	`+}`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 8 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -266,7 +266,14 @@ func (s *MethodTestSuite) TestAuditLogs() {`
`266`	`266`	`_=dbgen.AuditLog(s.T(),db, database.AuditLog{})`
`267`	`267`	`check.Args(database.GetAuditLogsOffsetParams{`
`268`	`268`	`LimitOpt:10,`
`269`		`-}).Asserts(rbac.ResourceAuditLog,policy.ActionRead)`
	`269`	`+}).Asserts()`
	`270`	`+}))`
	`271`	`+s.Run("GetAuthorizedAuditLogsOffset",s.Subtest(func(db database.Store,check*expects) {`
	`272`	`+_=dbgen.AuditLog(s.T(),db, database.AuditLog{})`
	`273`	`+_=dbgen.AuditLog(s.T(),db, database.AuditLog{})`
	`274`	`+check.Args(database.GetAuditLogsOffsetParams{`
	`275`	`+LimitOpt:10,`
	`276`	`+},emptyPreparedAuthorized{}).Asserts()`
`270`	`277`	`}))`
`271`	`278`	`}`
`272`	`279`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita27ac30

File tree

16 files changed

16 files changed

`‎coderd/audit.go`

`‎coderd/audit_internal_test.go`

`‎coderd/audit_test.go`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

0 commit comments