coder
diff --git a/‎CODEOWNERS
Lines changed: 2 additions & 2 deletions b/‎CODEOWNERS
Lines changed: 2 additions & 2 deletions
diff --git a/‎coderd/database/check_constraint.go
Lines changed: 1 addition & 0 deletions b/‎coderd/database/check_constraint.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 29 additions & 3 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 29 additions & 3 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 17 additions & 10 deletions b/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 17 additions & 10 deletions
diff --git a/‎coderd/database/dump.sql
Lines changed: 6 additions & 13 deletions b/‎coderd/database/dump.sql
Lines changed: 6 additions & 13 deletions
diff --git a/‎coderd/database/migrations/000358_create_usage_events_table.down.sql
Lines changed: 0 additions & 2 deletions b/‎coderd/database/migrations/000358_create_usage_events_table.down.sql
Lines changed: 0 additions & 2 deletions
diff --git a/‎coderd/database/migrations/000359_create_usage_events_table.down.sql
Lines changed: 1 addition & 0 deletions b/‎coderd/database/migrations/000359_create_usage_events_table.down.sql
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/migrations/000358_create_usage_events_table.up.sql renamed to ‎coderd/database/migrations/000359_create_usage_events_table.up.sql
Lines changed: 9 additions & 10 deletions b/‎coderd/database/migrations/000358_create_usage_events_table.up.sql renamed to ‎coderd/database/migrations/000359_create_usage_events_table.up.sql
Lines changed: 9 additions & 10 deletions
diff --git a/‎coderd/database/migrations/testdata/fixtures/000353_create_usage_events_table.up.sql renamed to ‎coderd/database/migrations/testdata/fixtures/000359_create_usage_events_table.up.sql b/‎coderd/database/migrations/testdata/fixtures/000353_create_usage_events_table.up.sql renamed to ‎coderd/database/migrations/testdata/fixtures/000359_create_usage_events_table.up.sql
diff --git a/‎coderd/database/modelmethods.go
Lines changed: 0 additions & 9 deletions b/‎coderd/database/modelmethods.go
Lines changed: 0 additions & 9 deletions
@@ -36,5 +36,5 @@ coderd/schedule/autostop.go @deansheather @DanielleMaywood
 
 # Usage tracking code requires intimate knowledge of Tallyman and Metronome, as
 # well as guidance from revenue.
-coderd/usage/ @deansheather
-enterprise/coderd/usage/ @deansheather
+coderd/usage/ @deansheather @spikecurtis
+enterprise/coderd/usage/ @deansheather @spikecurtis
@@ -509,6 +509,24 @@ var (
 		}),
 		Scope: rbac.ScopeAll,
 	}.WithCachedASTValue()
+
+	subjectUsageTracker = rbac.Subject{
+		Type:         rbac.SubjectTypeUsageTracker,
+		FriendlyName: "Usage Tracker",
+		ID:           uuid.Nil.String(),
+		Roles: rbac.Roles([]rbac.Role{
+			{
+				Identifier:  rbac.RoleIdentifier{Name: "usage-tracker"},
+				DisplayName: "Usage Tracker",
+				Site: rbac.Permissions(map[string][]policy.Action{
+					rbac.ResourceUsageEvent.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate},
+				}),
+				Org:  map[string][]rbac.Permission{},
+				User: []rbac.Permission{},
+			},
+		}),
+		Scope: rbac.ScopeAll,
+	}.WithCachedASTValue()
 )
 
 // AsProvisionerd returns a context with an actor that has permissions required
@@ -579,10 +597,18 @@ func AsPrebuildsOrchestrator(ctx context.Context) context.Context {
 	return As(ctx, subjectPrebuildsOrchestrator)
 }
 
+// AsFileReader returns a context with an actor that has permissions required
+// for reading all files.
 func AsFileReader(ctx context.Context) context.Context {
 	return As(ctx, subjectFileReader)
 }
 
+// AsUsageTracker returns a context with an actor that has permissions required
+// for creating, reading, and updating usage events.
+func AsUsageTracker(ctx context.Context) context.Context {
+	return As(ctx, subjectUsageTracker)
+}
+
 var AsRemoveActor = rbac.Subject{
 	ID: "remove-actor",
 }
@@ -3952,7 +3978,7 @@ func (q *querier) InsertTemplateVersionWorkspaceTag(ctx context.Context, arg dat
 }
 
 func (q *querier) InsertUsageEvent(ctx context.Context, arg database.InsertUsageEventParams) error {
-	if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceSystem); err != nil {
+	if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceUsageEvent); err != nil {
 		return err
 	}
 	return q.db.InsertUsageEvent(ctx, arg)
@@ -4315,7 +4341,7 @@ func (q *querier) RevokeDBCryptKey(ctx context.Context, activeKeyDigest string)
 
 func (q *querier) SelectUsageEventsForPublishing(ctx context.Context, arg time.Time) ([]database.UsageEvent, error) {
 	// ActionUpdate because we're updating the publish_started_at column.
-	if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceSystem); err != nil {
+	if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceUsageEvent); err != nil {
 		return nil, err
 	}
 	return q.db.SelectUsageEventsForPublishing(ctx, arg)
@@ -4803,7 +4829,7 @@ func (q *querier) UpdateTemplateWorkspacesLastUsedAt(ctx context.Context, arg da
 }
 
 func (q *querier) UpdateUsageEventsPostPublish(ctx context.Context, arg database.UpdateUsageEventsPostPublishParams) error {
-	if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceSystem); err != nil {
+	if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceUsageEvent); err != nil {
 		return err
 	}
 	return q.db.UpdateUsageEventsPostPublish(ctx, arg)
 
@@ -5668,25 +5668,32 @@ func (s *MethodTestSuite) TestUserSecrets() {
 }
 
 func (s *MethodTestSuite) TestUsageEvents() {
-	s.Run("InsertUsageEvent", s.Subtest(func(db database.Store, check *expects) {
-		check.Args(database.InsertUsageEventParams{
+	s.Run("InsertUsageEvent", s.Mocked(func(db *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
+		params := database.InsertUsageEventParams{
 			ID:        "1",
-			EventType: database.UsageEventTypeDcManagedAgentsV1,
+			EventType: "dc_managed_agents_v1",
 			EventData: []byte("{}"),
 			CreatedAt: dbtime.Now(),
-		}).Asserts(rbac.ResourceSystem, policy.ActionCreate)
+		}
+		db.EXPECT().InsertUsageEvent(gomock.Any(), params).Return(nil)
+		check.Args(params).Asserts(rbac.ResourceUsageEvent, policy.ActionCreate)
 	}))
 
-	s.Run("SelectUsageEventsForPublishing", s.Subtest(func(db database.Store, check *expects) {
-		check.Args(dbtime.Now()).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
+	s.Run("SelectUsageEventsForPublishing", s.Mocked(func(db *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
+		now := dbtime.Now()
+		db.EXPECT().SelectUsageEventsForPublishing(gomock.Any(), now).Return([]database.UsageEvent{}, nil)
+		check.Args(now).Asserts(rbac.ResourceUsageEvent, policy.ActionUpdate)
 	}))
 
-	s.Run("UpdateUsageEventsPostPublish", s.Subtest(func(db database.Store, check *expects) {
-		check.Args(database.UpdateUsageEventsPostPublishParams{
-			Now:             dbtime.Now(),
+	s.Run("UpdateUsageEventsPostPublish", s.Mocked(func(db *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
+		now := dbtime.Now()
+		params := database.UpdateUsageEventsPostPublishParams{
+			Now:             now,
 			IDs:             []string{"1", "2"},
 			FailureMessages: []string{"error", "error"},
 			SetPublishedAts: []bool{false, false},
-		}).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
+		}
+		db.EXPECT().UpdateUsageEventsPostPublish(gomock.Any(), params).Return(nil)
+		check.Args(params).Asserts(rbac.ResourceUsageEvent, policy.ActionUpdate)
 	}))
 }
@@ -0,0 +1 @@
+DROP TABLE usage_events;
@@ -1,12 +1,9 @@
-CREATE TYPE usage_event_type AS ENUM (
-  'dc_managed_agents_v1'
-);
-
-COMMENT ON TYPE usage_event_type IS 'The usage event type with version. "dc" means "discrete" (e.g. a single event, for counters), "hb" means "heartbeat" (e.g. a recurring event that contains a total count of usage generated from the database, for gauges).';
-
 CREATE TABLE usage_events (
   id TEXT PRIMARY KEY,
-  event_type usage_event_type NOT NULL,
+  -- We use a TEXT column with a CHECK constraint rather than an enum because of
+  -- the limitations with adding new values to an enum and using them in the
+  -- same transaction.
+  event_type TEXT NOT NULL CONSTRAINT usage_event_type_check CHECK (event_type IN ('dc_managed_agents_v1')),
   event_data JSONB NOT NULL,
   created_at TIMESTAMP WITH TIME ZONE NOT NULL,
   publish_started_at TIMESTAMP WITH TIME ZONE DEFAULT NULL,
@@ -16,11 +13,13 @@ CREATE TABLE usage_events (
 
 COMMENT ON TABLE usage_events IS 'usage_events contains usage data that is collected from the product and potentially shipped to the usage collector service.';
 COMMENT ON COLUMN usage_events.id IS 'For "discrete" event types, this is a random UUID. For "heartbeat" event types, this is a combination of the event type and a truncated timestamp.';
+COMMENT ON COLUMN usage_events.event_type IS 'The usage event type with version. "dc" means "discrete" (e.g. a single event, for counters), "hb" means "heartbeat" (e.g. a recurring event that contains a total count of usage generated from the database, for gauges).';
 COMMENT ON COLUMN usage_events.event_data IS 'Event payload. Determined by the matching usage struct for this event type.';
 COMMENT ON COLUMN usage_events.publish_started_at IS 'Set to a timestamp while the event is being published by a Coder replica to the usage collector service. Used to avoid duplicate publishes by multiple replicas. Timestamps older than 1 hour are considered expired.';
 COMMENT ON COLUMN usage_events.published_at IS 'Set to a timestamp when the event is successfully (or permanently unsuccessfully) published to the usage collector service. If set, the event should never be attempted to be published again.';
 COMMENT ON COLUMN usage_events.failure_message IS 'Set to an error message when the event is temporarily or permanently unsuccessfully published to the usage collector service.';
 
-CREATE INDEX idx_usage_events_created_at ON usage_events (created_at);
-CREATE INDEX idx_usage_events_publish_started_at ON usage_events (publish_started_at);
-CREATE INDEX idx_usage_events_published_at ON usage_events (published_at);
+-- Create an index with all three fields used by the
+-- SelectUsageEventsForPublishing query.
+CREATE INDEX idx_usage_events_select_for_publishing
+  ON usage_events (published_at, publish_started_at, created_at);
@@ -4,7 +4,6 @@ import (
 	"encoding/hex"
 	"sort"
 	"strconv"
-	"strings"
 	"time"
 
 	"github.com/google/uuid"
@@ -637,11 +636,3 @@ func (m WorkspaceAgentVolumeResourceMonitor) Debounce(
 func (s UserSecret) RBACObject() rbac.Object {
 	return rbac.ResourceUserSecret.WithID(s.ID).WithOwner(s.UserID.String())
 }
-
-func (e UsageEventType) IsDiscrete() bool {
-	return e.Valid() && strings.HasPrefix(string(e), "dc_")
-}
-
-func (e UsageEventType) IsHeartbeat() bool {
-	return e.Valid() && strings.HasPrefix(string(e), "hb_")
-}