Skip to content

Commit 088f219

Browse files
coadlercoadler
authored
feat: add audit logs for dormancy events (#15298)
1 parent 1456561 commit 088f219

File tree

26 files changed

+340
-105
lines changed

26 files changed

+340
-105
lines changed

cli/server_createadminuser.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -197,6 +197,7 @@ func (r *RootCmd) newCreateAdminUserCommand() *serpent.Command {
197197
UpdatedAt: dbtime.Now(),
198198
RBACRoles: []string{rbac.RoleOwner().String()},
199199
LoginType: database.LoginTypePassword,
200+
Status: "",
200201
})
201202
if err != nil {
202203
return xerrors.Errorf("insert user: %w", err)

coderd/apidoc/docs.go

Lines changed: 8 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

Lines changed: 8 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/audit/fields.go

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
package audit
2+
3+
import (
4+
"context"
5+
"encoding/json"
6+
7+
"cdr.dev/slog"
8+
)
9+
10+
type BackgroundSubsystem string
11+
12+
const (
13+
BackgroundSubsystemDormancy BackgroundSubsystem = "dormancy"
14+
)
15+
16+
func BackgroundTaskFields(subsystem BackgroundSubsystem) map[string]string {
17+
return map[string]string{
18+
"automatic_actor": "coder",
19+
"automatic_subsystem": string(subsystem),
20+
}
21+
}
22+
23+
func BackgroundTaskFieldsBytes(ctx context.Context, logger slog.Logger, subsystem BackgroundSubsystem) []byte {
24+
af := BackgroundTaskFields(subsystem)
25+
26+
wriBytes, err := json.Marshal(af)
27+
if err != nil {
28+
logger.Error(ctx, "marshal additional fields for dormancy audit", slog.Error(err))
29+
return []byte("{}")
30+
}
31+
32+
return wriBytes
33+
}

coderd/audit/request.go

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -62,12 +62,13 @@ type BackgroundAuditParams[T Auditable] struct {
6262
Audit Auditor
6363
Log slog.Logger
6464

65-
UserID uuid.UUID
66-
RequestID uuid.UUID
67-
Status int
68-
Action database.AuditAction
69-
OrganizationID uuid.UUID
70-
IP string
65+
UserID uuid.UUID
66+
RequestID uuid.UUID
67+
Status int
68+
Action database.AuditAction
69+
OrganizationID uuid.UUID
70+
IP string
71+
// todo: this should automatically marshal an interface{} instead of accepting a raw message.
7172
AdditionalFields json.RawMessage
7273

7374
New T

coderd/coderd.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -702,6 +702,7 @@ func New(options *Options) *API {
702702

703703
apiKeyMiddleware := httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{
704704
DB: options.Database,
705+
ActivateDormantUser: ActivateDormantUser(options.Logger, &api.Auditor, options.Database),
705706
OAuth2Configs: oauthConfigs,
706707
RedirectToLogin: false,
707708
DisableSessionExpiryRefresh: options.DeploymentValues.Sessions.DisableExpiryRefresh.Value(),

coderd/coderdtest/coderdtest.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -719,6 +719,9 @@ func createAnotherUserRetry(t testing.TB, client *codersdk.Client, organizationI
719719
Name: RandomName(t),
720720
Password: "SomeSecurePassword!",
721721
OrganizationIDs: organizationIDs,
722+
// Always create users as active in tests to ignore an extra audit log
723+
// when logging in.
724+
UserStatus: ptr.Ref(codersdk.UserStatusActive),
722725
}
723726
for _, m := range mutators {
724727
m(&req)

coderd/database/dbgen/dbgen.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -342,6 +342,7 @@ func User(t testing.TB, db database.Store, orig database.User) database.User {
342342
UpdatedAt: takeFirst(orig.UpdatedAt, dbtime.Now()),
343343
RBACRoles: takeFirstSlice(orig.RBACRoles, []string{}),
344344
LoginType: takeFirst(orig.LoginType, database.LoginTypePassword),
345+
Status: string(takeFirst(orig.Status, database.UserStatusDormant)),
345346
})
346347
require.NoError(t, err, "insert user")
347348

coderd/database/dbmem/dbmem.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7709,6 +7709,11 @@ func (q *FakeQuerier) InsertUser(_ context.Context, arg database.InsertUserParam
77097709
}
77107710
}
77117711

7712+
status := database.UserStatusDormant
7713+
if arg.Status != "" {
7714+
status = database.UserStatus(arg.Status)
7715+
}
7716+
77127717
user := database.User{
77137718
ID: arg.ID,
77147719
Email: arg.Email,
@@ -7717,7 +7722,7 @@ func (q *FakeQuerier) InsertUser(_ context.Context, arg database.InsertUserParam
77177722
UpdatedAt: arg.UpdatedAt,
77187723
Username: arg.Username,
77197724
Name: arg.Name,
7720-
Status: database.UserStatusDormant,
7725+
Status: status,
77217726
RBACRoles: arg.RBACRoles,
77227727
LoginType: arg.LoginType,
77237728
}
@@ -8640,6 +8645,7 @@ func (q *FakeQuerier) UpdateInactiveUsersToDormant(_ context.Context, params dat
86408645
updated = append(updated, database.UpdateInactiveUsersToDormantRow{
86418646
ID: user.ID,
86428647
Email: user.Email,
8648+
Username: user.Username,
86438649
LastSeenAt: user.LastSeenAt,
86448650
})
86458651
}

coderd/database/queries.sql.go

Lines changed: 17 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy