Skip to content

Commit 0d65143

Browse files
EmyrkEmyrk
authored
chore: implement audit log for custom role edits (#13494)
* chore: implement audit log for custom role edits
1 parent 056a697 commit 0d65143

File tree

21 files changed

+122
-16
lines changed

21 files changed

+122
-16
lines changed

coderd/apidoc/docs.go

Lines changed: 4 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

Lines changed: 4 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/audit/diff.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,8 @@ type Auditable interface {
2121
database.AuditOAuthConvertState |
2222
database.HealthSettings |
2323
database.OAuth2ProviderApp |
24-
database.OAuth2ProviderAppSecret
24+
database.OAuth2ProviderAppSecret |
25+
database.CustomRole
2526
}
2627

2728
// Map is a map of changed fields in an audited resource. It maps field names to

coderd/audit/request.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,8 @@ func ResourceTarget[T Auditable](tgt T) string {
103103
return typed.Name
104104
case database.OAuth2ProviderAppSecret:
105105
return typed.DisplaySecret
106+
case database.CustomRole:
107+
return typed.Name
106108
default:
107109
panic(fmt.Sprintf("unknown resource %T for ResourceTarget", tgt))
108110
}
@@ -140,6 +142,8 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {
140142
return typed.ID
141143
case database.OAuth2ProviderAppSecret:
142144
return typed.ID
145+
case database.CustomRole:
146+
return typed.ID
143147
default:
144148
panic(fmt.Sprintf("unknown resource %T for ResourceID", tgt))
145149
}
@@ -175,6 +179,8 @@ func ResourceType[T Auditable](tgt T) database.ResourceType {
175179
return database.ResourceTypeOauth2ProviderApp
176180
case database.OAuth2ProviderAppSecret:
177181
return database.ResourceTypeOauth2ProviderAppSecret
182+
case database.CustomRole:
183+
return database.ResourceTypeCustomRole
178184
default:
179185
panic(fmt.Sprintf("unknown resource %T for ResourceType", typed))
180186
}
@@ -211,6 +217,8 @@ func ResourceRequiresOrgID[T Auditable]() bool {
211217
return false
212218
case database.OAuth2ProviderAppSecret:
213219
return false
220+
case database.CustomRole:
221+
return true
214222
default:
215223
panic(fmt.Sprintf("unknown resource %T for ResourceRequiresOrgID", tgt))
216224
}

coderd/coderdtest/coderdtest.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -758,6 +758,8 @@ func createAnotherUserRetry(t testing.TB, client *codersdk.Client, organizationI
758758
roleName, _, err = rbac.RoleSplit(roleName)
759759
require.NoError(t, err, "split org role name")
760760
if ok {
761+
roleName, _, err = rbac.RoleSplit(roleName)
762+
require.NoError(t, err, "split rolename")
761763
orgRoles[orgID] = append(orgRoles[orgID], roleName)
762764
} else {
763765
siteRoles = append(siteRoles, roleName)

coderd/database/dbauthz/customroles_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -244,7 +244,7 @@ func TestUpsertCustomRoles(t *testing.T) {
244244
} else {
245245
require.NoError(t, err)
246246

247-
// Verify we can fetch the role
247+
// Verify the role is fetched with the lookup filter.
248248
roles, err := az.CustomRoles(ctx, database.CustomRolesParams{
249249
LookupRoles: []database.NameOrganizationPair{
250250
{

coderd/database/dbmem/dbmem.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8415,6 +8415,7 @@ func (q *FakeQuerier) UpsertCustomRole(_ context.Context, arg database.UpsertCus
84158415
}
84168416

84178417
role := database.CustomRole{
8418+
ID: uuid.New(),
84188419
Name: arg.Name,
84198420
DisplayName: arg.DisplayName,
84208421
OrganizationID: arg.OrganizationID,

coderd/database/dump.sql

Lines changed: 8 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/migrations/000218_org_custom_role_audit.down.sql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
DROP INDEX idx_custom_roles_id;
2+
ALTER TABLE custom_roles DROP COLUMN id;

coderd/database/migrations/000218_org_custom_role_audit.up.sql

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
-- (name) is the primary key, this column is almost exclusively for auditing.
2+
-- Audit logs require a uuid as the unique identifier for a resource.
3+
ALTER TABLE custom_roles ADD COLUMN id uuid DEFAULT gen_random_uuid() NOT NULL;
4+
COMMENT ON COLUMN custom_roles.id IS 'Custom roles ID is used purely for auditing purposes. Name is a better unique identifier.';
5+
6+
-- Ensure unique uuids.
7+
CREATE INDEX idx_custom_roles_id ON custom_roles (id);
8+
ALTER TYPE resource_type ADD VALUE IF NOT EXISTS 'custom_role';

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy