Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

adding workspace_build resource#4636

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
Kira-Pilot merged 13 commits intomainfromaudit-on-build/kira-pilot
Oct 25, 2022
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
Show all changes
13 commits
Select commitHold shift + click to select a range
1f9ccfa
adding workspace_build resource
Kira-PilotOct 18, 2022
13159ba
added migration
Kira-PilotOct 19, 2022
f1de717
added migration for audit_actions
Kira-PilotOct 19, 2022
17aaa38
fix keyword
Kira-PilotOct 19, 2022
e17abf1
got rid oof diffs for workspace builds
Kira-PilotOct 20, 2022
69cdf39
adding workspace name to string
Kira-PilotOct 21, 2022
cb4b5ee
Merge remote-tracking branch 'origin/main' into audit-on-build/kira-p…
Kira-PilotOct 21, 2022
2a3ce9d
renamed migrations
Kira-PilotOct 21, 2022
2caba31
fixed lint
Kira-PilotOct 21, 2022
00c073f
pass throough AdditionalFields and fix tests
Kira-PilotOct 21, 2022
850735e
Merge remote-tracking branch 'origin/main' into audit-on-build/kira-p…
Kira-PilotOct 24, 2022
8eab0d0
no need to pass through each handler
Kira-PilotOct 24, 2022
bdf48bb
cleaned up migrations
Kira-PilotOct 24, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletionscoderd/audit.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -219,12 +219,26 @@ func convertAuditLog(dblog database.GetAuditLogsOffsetRow) codersdk.AuditLog {
}
}

type WorkspaceResourceInfo struct {
WorkspaceName string
}

func auditLogDescription(alog database.GetAuditLogsOffsetRow) string {
str := fmt.Sprintf("{user} %s %s",
codersdk.AuditAction(alog.Action).FriendlyString(),
codersdk.ResourceType(alog.ResourceType).FriendlyString(),
)

// Strings for build updates follow the below format:
// "{user} started workspace build for workspace {target}"
// where target is a workspace instead of the workspace build
if alog.ResourceType == database.ResourceTypeWorkspaceBuild {
workspaceBytes := []byte(alog.AdditionalFields)
var workspaceResourceInfo WorkspaceResourceInfo
_ = json.Unmarshal(workspaceBytes, &workspaceResourceInfo)
str += " for workspace " + workspaceResourceInfo.WorkspaceName
Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I would prefer not to add this here and instead to use theResourceTarget function.

}

// We don't display the name for git ssh keys. It's fairly long and doesn't
// make too much sense to display.
if alog.ResourceType != database.ResourceTypeGitSshKey {
Expand DownExpand Up@@ -288,6 +302,8 @@ func resourceTypeFromString(resourceTypeString string) string {
return resourceTypeString
case codersdk.ResourceTypeWorkspace:
return resourceTypeString
case codersdk.ResourceTypeWorkspaceBuild:
return resourceTypeString
case codersdk.ResourceTypeGitSSHKey:
return resourceTypeString
case codersdk.ResourceTypeAPIKey:
Expand Down
1 change: 1 addition & 0 deletionscoderd/audit/diff.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -15,6 +15,7 @@ type Auditable interface {
database.TemplateVersion |
database.User |
database.Workspace |
database.WorkspaceBuild |
database.GitSSHKey |
database.Group
}
Expand Down
18 changes: 15 additions & 3 deletionscoderd/audit/request.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -20,8 +20,9 @@ type RequestParams struct {
Audit Auditor
Log slog.Logger

Request *http.Request
Action database.AuditAction
Request *http.Request
Action database.AuditAction
AdditionalFields json.RawMessage
}

type Request[T Auditable] struct {
Expand All@@ -43,6 +44,9 @@ func ResourceTarget[T Auditable](tgt T) string {
return typed.Username
case database.Workspace:
return typed.Name
case database.WorkspaceBuild:
// this isn't used
return string(typed.BuildNumber)
Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Ug tell me there's a better way.

case database.GitSSHKey:
return typed.PublicKey
case database.Group:
Expand All@@ -64,6 +68,8 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {
return typed.ID
case database.Workspace:
return typed.ID
case database.WorkspaceBuild:
return typed.ID
case database.GitSSHKey:
return typed.UserID
case database.Group:
Expand All@@ -85,6 +91,8 @@ func ResourceType[T Auditable](tgt T) database.ResourceType {
return database.ResourceTypeUser
case database.Workspace:
return database.ResourceTypeWorkspace
case database.WorkspaceBuild:
return database.ResourceTypeWorkspaceBuild
case database.GitSSHKey:
return database.ResourceTypeGitSshKey
case database.Group:
Expand DownExpand Up@@ -129,6 +137,10 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
}
}

if p.AdditionalFields == nil {
p.AdditionalFields = json.RawMessage("{}")
}

ip := parseIP(p.Request.RemoteAddr)
err := p.Audit.Export(ctx, database.AuditLog{
ID: uuid.New(),
Expand All@@ -143,7 +155,7 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
Diff: diffRaw,
StatusCode: int32(sw.Status),
RequestID: httpmw.RequestID(p.Request),
AdditionalFields:json.RawMessage("{}"),
AdditionalFields:p.AdditionalFields,
})
if err != nil {
p.Log.Error(logCtx, "export audit log", slog.Error(err))
Expand Down
7 changes: 5 additions & 2 deletionscoderd/database/dump.sql
View file
Open in desktop

Some generated files are not rendered by default. Learn more abouthow customized files appear on GitHub.

View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
-- It's not possible to drop enum values from enum types, so the UP has "IF NOT
-- EXISTS".
4 changes: 4 additions & 0 deletionscoderd/database/migrations/000064_add_audit_enums.up.sql
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
ALTER TYPE audit_action ADD VALUE IF NOT EXISTS 'start';
ALTER TYPE audit_action ADD VALUE IF NOT EXISTS 'stop';

ALTER TYPE resource_type ADD VALUE IF NOT EXISTS 'workspace_build';
3 changes: 3 additions & 0 deletionscoderd/database/models.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more abouthow customized files appear on GitHub.

57 changes: 44 additions & 13 deletionscoderd/workspacebuilds.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -278,28 +278,59 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) {
return
}

// we only want to create audit logs for delete builds right now
auditor := api.Auditor.Load()

// if user deletes a workspace, audit the workspace
if action == rbac.ActionDelete {
var (
auditor = api.Auditor.Load()
aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
Audit: *auditor,
Log: api.Logger,
Request: r,
Action: database.AuditActionDelete,
})
)
aReq, commitAudit := audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
Audit: *auditor,
Log: api.Logger,
Request: r,
Action: database.AuditActionDelete,
})

defer commitAudit()
aReq.Old = workspace
}

latestBuild, latestBuildErr := api.Database.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspace.ID)

// if a user starts/stops a workspace, audit the workspace build
if action == rbac.ActionUpdate {
var auditAction database.AuditAction
if createBuild.Transition == codersdk.WorkspaceTransitionStart {
auditAction = database.AuditActionStart
} else if createBuild.Transition == codersdk.WorkspaceTransitionStop {
auditAction = database.AuditActionStop
} else {
auditAction = database.AuditActionWrite
}

// We pass the workspace name to the Auditor so that it
// can form a friendly string for the user.
workspaceResourceInfo := map[string]string{
"workspaceName": workspace.Name,
}

wriBytes, _ := json.Marshal(workspaceResourceInfo)

aReq, commitAudit := audit.InitRequest[database.WorkspaceBuild](rw, &audit.RequestParams{
Audit: *auditor,
Log: api.Logger,
Request: r,
Action: auditAction,
AdditionalFields: wriBytes,
})

defer commitAudit()
aReq.Old = latestBuild
}

if createBuild.TemplateVersionID == uuid.Nil {
latestBuild, err := api.Database.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspace.ID)
if err != nil {
if latestBuildErr != nil {
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
Message: "Internal error fetching the latest workspace build.",
Detail:err.Error(),
Detail:latestBuildErr.Error(),
})
return
}
Expand Down
4 changes: 2 additions & 2 deletionscoderd/workspacebuilds_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -579,6 +579,6 @@ func TestWorkspaceBuildStatus(t *testing.T) {
require.EqualValues(t, codersdk.WorkspaceStatusDeleted, workspace.LatestBuild.Status)

// assert an audit log has been created for deletion
require.Len(t, auditor.AuditLogs,5)
assert.Equal(t, database.AuditActionDelete, auditor.AuditLogs[4].Action)
require.Len(t, auditor.AuditLogs,7)
assert.Equal(t, database.AuditActionDelete, auditor.AuditLogs[6].Action)
}
9 changes: 9 additions & 0 deletionscodersdk/audit.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -19,6 +19,7 @@ const (
ResourceTypeTemplateVersion ResourceType = "template_version"
ResourceTypeUser ResourceType = "user"
ResourceTypeWorkspace ResourceType = "workspace"
ResourceTypeWorkspaceBuild ResourceType = "workspace_build"
ResourceTypeGitSSHKey ResourceType = "git_ssh_key"
ResourceTypeAPIKey ResourceType = "api_key"
ResourceTypeGroup ResourceType = "group"
Expand All@@ -36,6 +37,8 @@ func (r ResourceType) FriendlyString() string {
return "user"
case ResourceTypeWorkspace:
return "workspace"
case ResourceTypeWorkspaceBuild:
return "workspace build"
case ResourceTypeGitSSHKey:
return "git ssh key"
case ResourceTypeAPIKey:
Expand All@@ -53,6 +56,8 @@ const (
AuditActionCreate AuditAction = "create"
AuditActionWrite AuditAction = "write"
AuditActionDelete AuditAction = "delete"
AuditActionStart AuditAction = "start"
AuditActionStop AuditAction = "stop"
)

func (a AuditAction) FriendlyString() string {
Expand All@@ -63,6 +68,10 @@ func (a AuditAction) FriendlyString() string {
return "updated"
case AuditActionDelete:
return "deleted"
case AuditActionStart:
return "started"
case AuditActionStop:
return "stopped"
default:
return "unknown"
}
Expand Down
15 changes: 15 additions & 0 deletionsenterprise/audit/table.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -103,6 +103,21 @@ var AuditableResources = auditMap(map[any]map[string]Action{
"ttl": ActionTrack,
"last_used_at": ActionIgnore,
},
// We don't show any diff for the WorkspaceBuild resource
&database.WorkspaceBuild{}: {
"id": ActionIgnore,
"created_at": ActionIgnore,
"updated_at": ActionIgnore,
"workspace_id": ActionIgnore,
"template_version_id": ActionIgnore,
"build_number": ActionIgnore,
"transition": ActionIgnore,
"initiator_id": ActionIgnore,
"provisioner_state": ActionIgnore,
"job_id": ActionIgnore,
"deadline": ActionIgnore,
"reason": ActionIgnore,
},
&database.Group{}: {
"id": ActionTrack,
"name": ActionTrack,
Expand Down
3 changes: 2 additions & 1 deletionsite/src/api/typesGenerated.ts
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -842,7 +842,7 @@ export interface WorkspacesRequest extends Pagination {
export type APIKeyScope = "all" | "application_connect"

// From codersdk/audit.go
export type AuditAction = "create" | "delete" | "write"
export type AuditAction = "create" | "delete" | "start" | "stop" | "write"

// From codersdk/workspacebuilds.go
export type BuildReason = "autostart" | "autostop" | "initiator"
Expand DownExpand Up@@ -902,6 +902,7 @@ export type ResourceType =
| "template_version"
| "user"
| "workspace"
| "workspace_build"

// From codersdk/sse.go
export type ServerSentEventType = "data" | "error" | "ping"
Expand Down
18 changes: 8 additions & 10 deletionssite/src/components/AuditLogRow/AuditLogRow.tsx
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -130,13 +130,11 @@ export const AuditLogRow: React.FC<AuditLogRowProps> = ({
</Stack>
</Stack>

<div
className={
shouldDisplayDiff ? undefined : styles.disabledDropdownIcon
}
>
{isDiffOpen ? <CloseDropdown /> : <OpenDropdown />}
</div>
{shouldDisplayDiff ? (
<div> {isDiffOpen ? <CloseDropdown /> : <OpenDropdown />}</div>
) : (
<div className={styles.columnWithoutDiff}></div>
)}
</Stack>

{shouldDisplayDiff && (
Expand DownExpand Up@@ -190,8 +188,8 @@ const useStyles = makeStyles((theme) => ({
color: theme.palette.text.secondary,
whiteSpace: "nowrap",
},

disabledDropdownIcon: {
opacity: 0.5,
// offset the absence of the arrow icon on diff-less logs
columnWithoutDiff: {
marginLeft: "24px",
},
}))
[8]ページ先頭
©2009-2025 Movatter.jp