Skip to content

chore: add audit log tests #4764

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Oct 27, 2022
Merged

chore: add audit log tests #4764

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
acf1ad3
added test for stopping a workspace build
Kira-Pilot Oct 24, 2022
2cd8b3a
Merge remote-tracking branch 'origin/main' into add-audit-coverage/ki…
Kira-Pilot Oct 26, 2022
c50db18
formatted sfriendly string; added tests
Kira-Pilot Oct 26, 2022
fdc94d8
logging unmarshal error in auditLogDescription
Kira-Pilot Oct 26, 2022
93aedaf
prettier
Kira-Pilot Oct 26, 2022
1a9936f
got rid of extra workspace word
Kira-Pilot Oct 26, 2022
3e4cb89
PR feedback
Kira-Pilot Oct 27, 2022
f669898
Merge remote-tracking branch 'origin/main' into add-audit-coverage/ki…
Kira-Pilot Oct 27, 2022
dc7e4a9
fixed mistake; wrote tests in penance
Kira-Pilot Oct 27, 2022
ac68b3c
fix be
Kira-Pilot Oct 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 5 additions & 11 deletions coderd/audit.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -219,24 +219,18 @@ func convertAuditLog(dblog database.GetAuditLogsOffsetRow) codersdk.AuditLog {
}
}

type WorkspaceResourceInfo struct {
WorkspaceName string
}

func auditLogDescription(alog database.GetAuditLogsOffsetRow) string {
str := fmt.Sprintf("{user} %s %s",
codersdk.AuditAction(alog.Action).FriendlyString(),
codersdk.ResourceType(alog.ResourceType).FriendlyString(),
)

// Strings for build updates follow the below format:
// "{user} started workspace build for workspace {target}"
// where target is a workspace instead of the workspace build
// Strings for workspace_builds follow the below format:
// "{user} started workspace build for {target}"
// where target is a workspace instead of the workspace build,
// passed in on the FE via AuditLog.AdditionalFields rather than derived in request.go:35
Comment on lines +230 to +231
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wonderful comment 👍

if alog.ResourceType == database.ResourceTypeWorkspaceBuild {
workspaceBytes := []byte(alog.AdditionalFields)
var workspaceResourceInfo WorkspaceResourceInfo
_ = json.Unmarshal(workspaceBytes, &workspaceResourceInfo)
str += " for workspace " + workspaceResourceInfo.WorkspaceName
str += " for"
}

// We don't display the name for git ssh keys. It's fairly long and doesn't
Expand Down
2 changes: 1 addition & 1 deletion coderd/audit/request.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func ResourceTarget[T Auditable](tgt T) string {
return typed.Name
case database.WorkspaceBuild:
// this isn't used
return string(typed.BuildNumber)
return ""
case database.GitSSHKey:
return typed.PublicKey
case database.Group:
Expand Down
23 changes: 21 additions & 2 deletions coderd/workspacebuilds_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -536,13 +536,20 @@ func TestWorkspaceBuildStatus(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
defer cancel()
auditor := audit.NewMock()
numLogs := len(auditor.AuditLogs)
client, closeDaemon, api := coderdtest.NewWithAPI(t, &coderdtest.Options{IncludeProvisionerDaemon: true, Auditor: auditor})
user := coderdtest.CreateFirstUser(t, client)
numLogs++ // add an audit log for user
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
numLogs++ // add an audit log for template version

coderdtest.AwaitTemplateVersionJob(t, client, version.ID)
closeDaemon.Close()
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
numLogs++ // add an audit log for template creation

workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
numLogs++ // add an audit log for workspace creation

// initial returned state is "pending"
require.EqualValues(t, codersdk.WorkspaceStatusPending, workspace.LatestBuild.Status)
Expand All @@ -561,11 +568,22 @@ func TestWorkspaceBuildStatus(t *testing.T) {
require.NoError(t, err)
require.EqualValues(t, codersdk.WorkspaceStatusStopped, workspace.LatestBuild.Status)

// assert an audit log has been created for workspace stopping
numLogs++ // add an audit log for workspace_build stop
require.Len(t, auditor.AuditLogs, numLogs)
require.Equal(t, database.AuditActionStop, auditor.AuditLogs[numLogs-1].Action)

_ = closeDaemon.Close()
// after successful cancel is "canceled"
build = coderdtest.CreateWorkspaceBuild(t, client, workspace, database.WorkspaceTransitionStart)
err = client.CancelWorkspaceBuild(ctx, build.ID)
require.NoError(t, err)

numLogs++ // add an audit log for workspace build start
// assert an audit log has been created workspace starting
require.Len(t, auditor.AuditLogs, numLogs)
require.Equal(t, database.AuditActionStart, auditor.AuditLogs[numLogs-1].Action)

workspace, err = client.Workspace(ctx, workspace.ID)
require.NoError(t, err)
require.EqualValues(t, codersdk.WorkspaceStatusCanceled, workspace.LatestBuild.Status)
Expand All @@ -577,8 +595,9 @@ func TestWorkspaceBuildStatus(t *testing.T) {
workspace, err = client.DeletedWorkspace(ctx, workspace.ID)
require.NoError(t, err)
require.EqualValues(t, codersdk.WorkspaceStatusDeleted, workspace.LatestBuild.Status)
numLogs++ // add an audit log for workspace build deletion

// assert an audit log has been created for deletion
require.Len(t, auditor.AuditLogs, 7)
assert.Equal(t, database.AuditActionDelete, auditor.AuditLogs[6].Action)
require.Len(t, auditor.AuditLogs, numLogs)
require.Equal(t, database.AuditActionDelete, auditor.AuditLogs[numLogs-1].Action)
}
1 change: 1 addition & 0 deletions docs/admin/audit-logs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ We track **create, update and delete** events for the following resources:
- Template
- TemplateVersion
- Workspace
- Workspace start/stop
- User
- Group

Expand Down
2 changes: 2 additions & 0 deletions scripts/apitypings/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -688,6 +688,8 @@ func (g *Generator) typescriptType(ty types.Type) (TypescriptType, error) {
return TypescriptType{ValueType: "string", Optional: true}, nil
case "github.com/google/uuid.UUID":
return TypescriptType{ValueType: "string"}, nil
case "encoding/json.RawMessage":
return TypescriptType{ValueType: "Record<string, string>"}, nil
}

// Then see if the type is defined elsewhere. If it is, we can just
Expand Down
3 changes: 1 addition & 2 deletions site/src/api/typesGenerated.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,7 @@ export interface AuditLog {
readonly action: AuditAction
readonly diff: AuditDiff
readonly status_code: number
// This is likely an enum in an external package ("encoding/json.RawMessage")
readonly additional_fields: string
readonly additional_fields: Record<string, string>
readonly description: string
readonly user?: User
}
Expand Down
11 changes: 10 additions & 1 deletion site/src/components/AuditLogRow/AuditLogRow.stories.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,11 @@ import TableContainer from "@material-ui/core/TableContainer"
import TableHead from "@material-ui/core/TableHead"
import TableRow from "@material-ui/core/TableRow"
import { ComponentMeta, Story } from "@storybook/react"
import { MockAuditLog, MockAuditLog2 } from "testHelpers/entities"
import {
MockAuditLog,
MockAuditLog2,
MockAuditLogWithWorkspaceBuild,
} from "testHelpers/entities"
import { AuditLogRow, AuditLogRowProps } from "./AuditLogRow"

export default {
Expand Down Expand Up @@ -38,3 +42,8 @@ WithDiff.args = {
auditLog: MockAuditLog2,
defaultIsDiffOpen: true,
}

export const WithWorkspaceBuild = Template.bind({})
WithWorkspaceBuild.args = {
auditLog: MockAuditLogWithWorkspaceBuild,
}
41 changes: 41 additions & 0 deletions site/src/components/AuditLogRow/AuditLogRow.test.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
import { readableActionMessage } from "./AuditLogRow"
import {
MockAuditLog,
MockAuditLogWithWorkspaceBuild,
} from "testHelpers/entities"

describe("readableActionMessage()", () => {
it("renders the correct string for a workspaceBuild audit log", async () => {
// When
const friendlyString = readableActionMessage(MockAuditLogWithWorkspaceBuild)

// Then
expect(friendlyString).toBe(
"<strong>TestUser</strong> stopped workspace build for <strong>test2</strong>",
)
})
it("renders the correct string for a workspaceBuild audit log with a duplicate word", async () => {
// When
const AuditLogWithRepeat = {
...MockAuditLogWithWorkspaceBuild,
additional_fields: {
workspaceName: "workspace",
},
}
const friendlyString = readableActionMessage(AuditLogWithRepeat)

// Then
expect(friendlyString).toBe(
"<strong>TestUser</strong> stopped workspace build for <strong>workspace</strong>",
)
})
it("renders the correct string for a workspace audit log", async () => {
// When
const friendlyString = readableActionMessage(MockAuditLog)

// Then
expect(friendlyString).toBe(
"<strong>TestUser</strong> updated workspace <strong>bruno-dev</strong>",
)
})
})
11 changes: 9 additions & 2 deletions site/src/components/AuditLogRow/AuditLogRow.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,17 @@ import userAgentParser from "ua-parser-js"
import { combineClasses } from "util/combineClasses"
import { AuditLogDiff } from "./AuditLogDiff"

const readableActionMessage = (auditLog: AuditLog) => {
export const readableActionMessage = (auditLog: AuditLog): string => {
let target = auditLog.resource_target.trim()

// audit logs with a resource_type of workspace build use workspace name as a target
if (auditLog.resource_type === "workspace_build") {
target = auditLog.additional_fields.workspaceName.trim()
}

return auditLog.description
.replace("{user}", `<strong>${auditLog.user?.username.trim()}</strong>`)
.replace("{target}", `<strong>${auditLog.resource_target.trim()}</strong>`)
.replace("{target}", `<strong>${target}</strong>`)
}

const httpStatusColor = (httpStatus: number): PaletteIndex => {
Expand Down
14 changes: 13 additions & 1 deletion site/src/testHelpers/entities.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -916,7 +916,7 @@ export const MockAuditLog: TypesGen.AuditLog = {
},
},
status_code: 200,
additional_fields: "",
additional_fields: {},
description: "{user} updated workspace {target}",
user: MockUser,
}
Expand Down Expand Up @@ -949,6 +949,18 @@ export const MockAuditLog2: TypesGen.AuditLog = {
},
}

export const MockAuditLogWithWorkspaceBuild: TypesGen.AuditLog = {
...MockAuditLog,
id: "f90995bf-4a2b-4089-b597-e66e025e523e",
request_id: "61555889-2875-475c-8494-f7693dd5d75b",
action: "stop",
resource_type: "workspace_build",
description: "{user} stopped workspace build for {target}",
additional_fields: {
workspaceName: "test2",
},
}

export const MockWorkspaceQuota: TypesGen.WorkspaceQuota = {
user_workspace_count: 0,
user_workspace_limit: 100,
Expand Down
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy