- Notifications
You must be signed in to change notification settings - Fork913
feat: add agentapi endpoint to report connections for audit#16507
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Overall this makes sense to me.
To me it just comes down to usingworkspace_id or theagent_id as the audit log's resource id.
I really think usingworkspace_id makes the most sense, as if you search for a workspace, we should showall audit logs related to said workspace.
Saying that though, thecorrect thing is the agent id....
Random thought. We haveAdditionalFields. Could we just add a custom query option toGetAuditLogsOffset that searches audit logs by their json body payload for the workspace id? Would that be too slow? Should we just add another column and allow aworkspace_id for audit logs?
Uh oh!
There was an error while loading.Please reload this page.
8128b7e tode017dcCompare841b6ca to724efffComparede017dc to640a0c3Compareac60d34 to761ba0aComparedcdf3bd to88c0862Comparedebcf9c to58f1d2aComparecc57f22 to3edbd1aComparea9b4adf to88f22b7Compare3edbd1a toab51feaCompareUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
88f22b7 to469e2cdCompareccfd326 tof9c6b31Comparemafredri commentedFeb 13, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
@spikecurtis thanks for the shoutout. I thought about this yesterday and I think there is value in bumping the version on Edit: Well as I posted that, I just realized that if they're cherry-picked out of order that's no good 😅 |
We should bump on |
Uh oh!
There was an error while loading.Please reload this page.
| google.protobuf.Timestamp timestamp = 4; | ||
| string ip = 5; | ||
| int32 status_code = 6; | ||
| optional string reason = 7; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I'm unclear on what goes in this field in practice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
What change would you like to see? It's a free-text reason as to why this event happened. Typically it will be used on disconnect to report why the connection ended, if we know. It could also be reported on connect if e.g. file transfer is blocked (i.e. failed connect, although it could be argued that it should be a connect+immediate disconnect). I can rename it to disconnect reason if you prefer it more explicit, should be fine even if more restrictive.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
This change adds a new `ReportConnection` endpoint to the `agentapi` andbumps the protocol version.This allows the agent to report connection events, for example when theuser connects to the workspace via SSH or VS Code.Updates#15139
f9c6b31 to632bf98CompareThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Changes LGTM as these are going in with OOM/OOD resource monitors stuff.
| } | ||
| // Fetch contextual data for this audit event. | ||
| workspaceAgent, err := a.AgentFn(ctx) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
suggestion: check thatAgentFn is not nil; this could panic otherwise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
It's a good point, but one that should be solved for the entire package. Each sub-API onagentapi.API has this same potential edge-case. The assumption seems to be thatNew will correctly assign it, otherwise it's a developer error.
Testing for that in a future proof way is of course an issue. As is allowing Coder to start at all if it's missing.
| workspace, err := a.Database.GetWorkspaceByAgentID(ctx, workspaceAgent.ID) | ||
| if err != nil { | ||
| return nil, xerrors.Errorf("get workspace by agent id: %w", err) | ||
| } | ||
| build, err := a.Database.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspace.ID) | ||
| if err != nil { | ||
| return nil, xerrors.Errorf("get latest workspace build by workspace id: %w", err) | ||
| } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
non-blocking: It's unfortunate thatGetWorkspaceByAgentID ends up doing a join onworkspace_builds but disregarding the related row! I had a quick check and didn't see any other places that would benefit from returning this additional information though.
| @@ -43,6 +43,8 @@ import ( | |||
| // - Shipped in Coder v2.{{placeholder}} // TODO Vincent: Replace with the correct version | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
b07b33e intomainUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
This change adds a new
ReportConnectionendpoint to theagentapiandbumps the protocol version.
This allows the agent to report connection events, for example when the
user connects to the workspace via SSH or VS Code.
Updates#15139
Depends on#16493