Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat: extend request logs with auth & DB info and log long lived connections early#17422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletionsMakefile
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -563,8 +563,8 @@ GEN_FILES := \
site/e2e/provisionerGenerated.ts \
examples/examples.gen.json \
$(TAILNETTEST_MOCKS) \
coderd/database/pubsub/psmock/psmock.go

coderd/database/pubsub/psmock/psmock.go \
coderd/httpmw/loggermw/loggermock/loggermock.go

# all gen targets should be added here and to gen/mark-fresh
gen: gen/db $(GEN_FILES)
Expand DownExpand Up@@ -598,6 +598,7 @@ gen/mark-fresh:
examples/examples.gen.json \
$(TAILNETTEST_MOCKS) \
coderd/database/pubsub/psmock/psmock.go \
coderd/httpmw/loggermw/loggermock/loggermock.go \
"

for file in $$files; do
Expand DownExpand Up@@ -629,6 +630,9 @@ coderd/database/dbmock/dbmock.go: coderd/database/db.go coderd/database/querier.
coderd/database/pubsub/psmock/psmock.go: coderd/database/pubsub/pubsub.go
go generate ./coderd/database/pubsub/psmock

coderd/httpmw/loggermw/loggermock/loggermock.go: coderd/httpmw/loggermw/logger.go
go generate ./coderd/httpmw/loggermw/loggermock/

$(TAILNETTEST_MOCKS): tailnet/coordinator.go tailnet/service.go
go generate ./tailnet/tailnettest/

Expand Down
3 changes: 2 additions & 1 deletioncoderd/coderd.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -63,6 +63,7 @@ import (
"github.com/coder/coder/v2/coderd/healthcheck/derphealth"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/httpmw"
"github.com/coder/coder/v2/coderd/httpmw/loggermw"
"github.com/coder/coder/v2/coderd/metricscache"
"github.com/coder/coder/v2/coderd/notifications"
"github.com/coder/coder/v2/coderd/portsharing"
Expand DownExpand Up@@ -787,7 +788,7 @@ func New(options *Options) *API {
tracing.Middleware(api.TracerProvider),
httpmw.AttachRequestID,
httpmw.ExtractRealIP(api.RealIPConfig),
httpmw.Logger(api.Logger),
loggermw.Logger(api.Logger),
rolestore.CustomRoleMW,
prometheusMW,
// Build-Version is helpful for debugging.
Expand Down
28 changes: 20 additions & 8 deletionscoderd/database/dbauthz/dbauthz.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -24,6 +24,7 @@ import (
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/database/dbtime"
"github.com/coder/coder/v2/coderd/httpapi/httpapiconstraints"
"github.com/coder/coder/v2/coderd/httpmw/loggermw"
"github.com/coder/coder/v2/coderd/rbac"
"github.com/coder/coder/v2/coderd/util/slice"
"github.com/coder/coder/v2/provisionersdk"
Expand DownExpand Up@@ -162,6 +163,7 @@ func ActorFromContext(ctx context.Context) (rbac.Subject, bool) {

var (
subjectProvisionerd= rbac.Subject{
Type:rbac.SubjectTypeProvisionerd,
FriendlyName:"Provisioner Daemon",
ID:uuid.Nil.String(),
Roles:rbac.Roles([]rbac.Role{
Expand DownExpand Up@@ -193,6 +195,7 @@ var (
}.WithCachedASTValue()

subjectAutostart= rbac.Subject{
Type:rbac.SubjectTypeAutostart,
FriendlyName:"Autostart",
ID:uuid.Nil.String(),
Roles:rbac.Roles([]rbac.Role{
Expand All@@ -216,6 +219,7 @@ var (

// See unhanger package.
subjectHangDetector= rbac.Subject{
Type:rbac.SubjectTypeHangDetector,
FriendlyName:"Hang Detector",
ID:uuid.Nil.String(),
Roles:rbac.Roles([]rbac.Role{
Expand All@@ -236,6 +240,7 @@ var (

// See cryptokeys package.
subjectCryptoKeyRotator= rbac.Subject{
Type:rbac.SubjectTypeCryptoKeyRotator,
FriendlyName:"Crypto Key Rotator",
ID:uuid.Nil.String(),
Roles:rbac.Roles([]rbac.Role{
Expand All@@ -254,6 +259,7 @@ var (

// See cryptokeys package.
subjectCryptoKeyReader= rbac.Subject{
Type:rbac.SubjectTypeCryptoKeyReader,
FriendlyName:"Crypto Key Reader",
ID:uuid.Nil.String(),
Roles:rbac.Roles([]rbac.Role{
Expand All@@ -271,6 +277,7 @@ var (
}.WithCachedASTValue()

subjectNotifier= rbac.Subject{
Type:rbac.SubjectTypeNotifier,
FriendlyName:"Notifier",
ID:uuid.Nil.String(),
Roles:rbac.Roles([]rbac.Role{
Expand All@@ -288,6 +295,7 @@ var (
}.WithCachedASTValue()

subjectSystemRestricted= rbac.Subject{
Type:rbac.SubjectTypeSystemRestricted,
FriendlyName:"System",
ID:uuid.Nil.String(),
Roles:rbac.Roles([]rbac.Role{
Expand DownExpand Up@@ -323,6 +331,7 @@ var (
}.WithCachedASTValue()

subjectSystemReadProvisionerDaemons= rbac.Subject{
Type:rbac.SubjectTypeSystemReadProvisionerDaemons,
FriendlyName:"Provisioner Daemons Reader",
ID:uuid.Nil.String(),
Roles:rbac.Roles([]rbac.Role{
Expand All@@ -343,47 +352,47 @@ var (
// AsProvisionerd returns a context with an actor that has permissions required
// for provisionerd to function.
funcAsProvisionerd(ctx context.Context) context.Context {
returncontext.WithValue(ctx,authContextKey{},subjectProvisionerd)
returnAs(ctx,subjectProvisionerd)
}

// AsAutostart returns a context with an actor that has permissions required
// for autostart to function.
funcAsAutostart(ctx context.Context) context.Context {
returncontext.WithValue(ctx,authContextKey{},subjectAutostart)
returnAs(ctx,subjectAutostart)
}

// AsHangDetector returns a context with an actor that has permissions required
// for unhanger.Detector to function.
funcAsHangDetector(ctx context.Context) context.Context {
returncontext.WithValue(ctx,authContextKey{},subjectHangDetector)
returnAs(ctx,subjectHangDetector)
}

// AsKeyRotator returns a context with an actor that has permissions required for rotating crypto keys.
funcAsKeyRotator(ctx context.Context) context.Context {
returncontext.WithValue(ctx,authContextKey{},subjectCryptoKeyRotator)
returnAs(ctx,subjectCryptoKeyRotator)
}

// AsKeyReader returns a context with an actor that has permissions required for reading crypto keys.
funcAsKeyReader(ctx context.Context) context.Context {
returncontext.WithValue(ctx,authContextKey{},subjectCryptoKeyReader)
returnAs(ctx,subjectCryptoKeyReader)
}

// AsNotifier returns a context with an actor that has permissions required for
// creating/reading/updating/deleting notifications.
funcAsNotifier(ctx context.Context) context.Context {
returncontext.WithValue(ctx,authContextKey{},subjectNotifier)
returnAs(ctx,subjectNotifier)
}

// AsSystemRestricted returns a context with an actor that has permissions
// required for various system operations (login, logout, metrics cache).
funcAsSystemRestricted(ctx context.Context) context.Context {
returncontext.WithValue(ctx,authContextKey{},subjectSystemRestricted)
returnAs(ctx,subjectSystemRestricted)
}

// AsSystemReadProvisionerDaemons returns a context with an actor that has permissions
// to read provisioner daemons.
funcAsSystemReadProvisionerDaemons(ctx context.Context) context.Context {
returncontext.WithValue(ctx,authContextKey{},subjectSystemReadProvisionerDaemons)
returnAs(ctx,subjectSystemReadProvisionerDaemons)
}

varAsRemoveActor= rbac.Subject{
Expand All@@ -401,6 +410,9 @@ func As(ctx context.Context, actor rbac.Subject) context.Context {
// should be removed from the context.
returncontext.WithValue(ctx,authContextKey{},nil)
}
ifrlogger:=loggermw.RequestLoggerFromContext(ctx);rlogger!=nil {
rlogger.WithAuthContext(actor)
}
returncontext.WithValue(ctx,authContextKey{},actor)
}

Expand Down
6 changes: 4 additions & 2 deletionscoderd/database/queries.sql.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more abouthow customized files appear on GitHub.

4 changes: 2 additions & 2 deletionscoderd/database/queries/users.sql
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -244,10 +244,10 @@ WHERE
-- This function returns roles for authorization purposes. Implied member roles
-- are included.
SELECT
-- usernameis returned just to help for logging purposes
-- usernameand email are returned just to help for logging purposes
-- status is used to enforce 'suspended' users, as all roles are ignored
--when suspended.
id, username, status,
id, username, status, email,
-- All user roles, including their org roles.
array_cat(
-- All users are members
Expand Down
2 changes: 2 additions & 0 deletionscoderd/httpmw/apikey.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -465,7 +465,9 @@ func UserRBACSubject(ctx context.Context, db database.Store, userID uuid.UUID, s
}

actor:= rbac.Subject{
Type:rbac.SubjectTypeUser,
FriendlyName:roles.Username,
Email:roles.Email,
ID:userID.String(),
Roles:rbacRoles,
Groups:roles.Groups,
Expand Down
76 changes: 0 additions & 76 deletionscoderd/httpmw/logger.go
View file
Open in desktop

This file was deleted.

Loading
Loading
[8]ページ先頭
©2009-2025 Movatter.jp