- Notifications
You must be signed in to change notification settings - Fork912
feat: add agentapi endpoint to report connections for audit#16507
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Overall this makes sense to me.
To me it just comes down to usingworkspace_id
or theagent_id
as the audit log's resource id.
I really think usingworkspace_id
makes the most sense, as if you search for a workspace, we should showall audit logs related to said workspace.
Saying that though, thecorrect thing is the agent id....
Random thought. We haveAdditionalFields
. Could we just add a custom query option toGetAuditLogsOffset
that searches audit logs by their json body payload for the workspace id? Would that be too slow? Should we just add another column and allow aworkspace_id
for audit logs?
Uh oh!
There was an error while loading.Please reload this page.
8128b7e
tode017dc
Compare841b6ca
to724efff
Comparede017dc
to640a0c3
Compareac60d34
to761ba0a
Comparedcdf3bd
to88c0862
Comparedebcf9c
to58f1d2a
Comparecc57f22
to3edbd1a
Comparea9b4adf
to88f22b7
Compare3edbd1a
toab51fea
CompareUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
88f22b7
to469e2cd
Compareccfd326
tof9c6b31
Comparemafredri commentedFeb 13, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
@spikecurtis thanks for the shoutout. I thought about this yesterday and I think there is value in bumping the version on Edit: Well as I posted that, I just realized that if they're cherry-picked out of order that's no good 😅 |
We should bump on |
Uh oh!
There was an error while loading.Please reload this page.
google.protobuf.Timestamp timestamp = 4; | ||
string ip = 5; | ||
int32 status_code = 6; | ||
optional string reason = 7; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I'm unclear on what goes in this field in practice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
What change would you like to see? It's a free-text reason as to why this event happened. Typically it will be used on disconnect to report why the connection ended, if we know. It could also be reported on connect if e.g. file transfer is blocked (i.e. failed connect, although it could be argued that it should be a connect+immediate disconnect). I can rename it to disconnect reason if you prefer it more explicit, should be fine even if more restrictive.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
This change adds a new `ReportConnection` endpoint to the `agentapi` andbumps the protocol version.This allows the agent to report connection events, for example when theuser connects to the workspace via SSH or VS Code.Updates#15139
f9c6b31
to632bf98
CompareThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Changes LGTM as these are going in with OOM/OOD resource monitors stuff.
} | ||
// Fetch contextual data for this audit event. | ||
workspaceAgent, err := a.AgentFn(ctx) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
suggestion: check thatAgentFn
is not nil; this could panic otherwise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
It's a good point, but one that should be solved for the entire package. Each sub-API onagentapi.API
has this same potential edge-case. The assumption seems to be thatNew
will correctly assign it, otherwise it's a developer error.
Testing for that in a future proof way is of course an issue. As is allowing Coder to start at all if it's missing.
workspace, err := a.Database.GetWorkspaceByAgentID(ctx, workspaceAgent.ID) | ||
if err != nil { | ||
return nil, xerrors.Errorf("get workspace by agent id: %w", err) | ||
} | ||
build, err := a.Database.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspace.ID) | ||
if err != nil { | ||
return nil, xerrors.Errorf("get latest workspace build by workspace id: %w", err) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
non-blocking: It's unfortunate thatGetWorkspaceByAgentID
ends up doing a join onworkspace_builds
but disregarding the related row! I had a quick check and didn't see any other places that would benefit from returning this additional information though.
@@ -43,6 +43,8 @@ import ( | |||
// - Shipped in Coder v2.{{placeholder}} // TODO Vincent: Replace with the correct version |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
b07b33e
intomainUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
This change adds a new
ReportConnection
endpoint to theagentapi
andbumps the protocol version.
This allows the agent to report connection events, for example when the
user connects to the workspace via SSH or VS Code.
Updates#15139
Depends on#16493