Skip to content

Commit 088f219

Browse files
coadlercoadler
authored
feat: add audit logs for dormancy events (#15298)
1 parent 1456561 commit 088f219

File tree

26 files changed

+340
-105
lines changed

26 files changed

+340
-105
lines changed

cli/server_createadminuser.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -197,6 +197,7 @@ func (r *RootCmd) newCreateAdminUserCommand() *serpent.Command {
197197
UpdatedAt: dbtime.Now(),
198198
RBACRoles: []string{rbac.RoleOwner().String()},
199199
LoginType: database.LoginTypePassword,
200+
Status: "",
200201
})
201202
if err != nil {
202203
return xerrors.Errorf("insert user: %w", err)

coderd/apidoc/docs.go

Lines changed: 8 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

Lines changed: 8 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/audit/fields.go

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
package audit
2+
3+
import (
4+
"context"
5+
"encoding/json"
6+
7+
"cdr.dev/slog"
8+
)
9+
10+
type BackgroundSubsystem string
11+
12+
const (
13+
BackgroundSubsystemDormancy BackgroundSubsystem = "dormancy"
14+
)
15+
16+
func BackgroundTaskFields(subsystem BackgroundSubsystem) map[string]string {
17+
return map[string]string{
18+
"automatic_actor": "coder",
19+
"automatic_subsystem": string(subsystem),
20+
}
21+
}
22+
23+
func BackgroundTaskFieldsBytes(ctx context.Context, logger slog.Logger, subsystem BackgroundSubsystem) []byte {
24+
af := BackgroundTaskFields(subsystem)
25+
26+
wriBytes, err := json.Marshal(af)
27+
if err != nil {
28+
logger.Error(ctx, "marshal additional fields for dormancy audit", slog.Error(err))
29+
return []byte("{}")
30+
}
31+
32+
return wriBytes
33+
}

coderd/audit/request.go

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -62,12 +62,13 @@ type BackgroundAuditParams[T Auditable] struct {
6262
Audit Auditor
6363
Log slog.Logger
6464

65-
UserID uuid.UUID
66-
RequestID uuid.UUID
67-
Status int
68-
Action database.AuditAction
69-
OrganizationID uuid.UUID
70-
IP string
65+
UserID uuid.UUID
66+
RequestID uuid.UUID
67+
Status int
68+
Action database.AuditAction
69+
OrganizationID uuid.UUID
70+
IP string
71+
// todo: this should automatically marshal an interface{} instead of accepting a raw message.
7172
AdditionalFields json.RawMessage
7273

7374
New T

coderd/coderd.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -702,6 +702,7 @@ func New(options *Options) *API {
702702

703703
apiKeyMiddleware := httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{
704704
DB: options.Database,
705+
ActivateDormantUser: ActivateDormantUser(options.Logger, &api.Auditor, options.Database),
705706
OAuth2Configs: oauthConfigs,
706707
RedirectToLogin: false,
707708
DisableSessionExpiryRefresh: options.DeploymentValues.Sessions.DisableExpiryRefresh.Value(),

coderd/coderdtest/coderdtest.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -719,6 +719,9 @@ func createAnotherUserRetry(t testing.TB, client *codersdk.Client, organizationI
719719
Name: RandomName(t),
720720
Password: "SomeSecurePassword!",
721721
OrganizationIDs: organizationIDs,
722+
// Always create users as active in tests to ignore an extra audit log
723+
// when logging in.
724+
UserStatus: ptr.Ref(codersdk.UserStatusActive),
722725
}
723726
for _, m := range mutators {
724727
m(&req)

coderd/database/dbgen/dbgen.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -342,6 +342,7 @@ func User(t testing.TB, db database.Store, orig database.User) database.User {
342342
UpdatedAt: takeFirst(orig.UpdatedAt, dbtime.Now()),
343343
RBACRoles: takeFirstSlice(orig.RBACRoles, []string{}),
344344
LoginType: takeFirst(orig.LoginType, database.LoginTypePassword),
345+
Status: string(takeFirst(orig.Status, database.UserStatusDormant)),
345346
})
346347
require.NoError(t, err, "insert user")
347348

coderd/database/dbmem/dbmem.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7709,6 +7709,11 @@ func (q *FakeQuerier) InsertUser(_ context.Context, arg database.InsertUserParam
77097709
}
77107710
}
77117711

7712+
status := database.UserStatusDormant
7713+
if arg.Status != "" {
7714+
status = database.UserStatus(arg.Status)
7715+
}
7716+
77127717
user := database.User{
77137718
ID: arg.ID,
77147719
Email: arg.Email,
@@ -7717,7 +7722,7 @@ func (q *FakeQuerier) InsertUser(_ context.Context, arg database.InsertUserParam
77177722
UpdatedAt: arg.UpdatedAt,
77187723
Username: arg.Username,
77197724
Name: arg.Name,
7720-
Status: database.UserStatusDormant,
7725+
Status: status,
77217726
RBACRoles: arg.RBACRoles,
77227727
LoginType: arg.LoginType,
77237728
}
@@ -8640,6 +8645,7 @@ func (q *FakeQuerier) UpdateInactiveUsersToDormant(_ context.Context, params dat
86408645
updated = append(updated, database.UpdateInactiveUsersToDormantRow{
86418646
ID: user.ID,
86428647
Email: user.Email,
8648+
Username: user.Username,
86438649
LastSeenAt: user.LastSeenAt,
86448650
})
86458651
}

coderd/database/queries.sql.go

Lines changed: 17 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)