chore: add auditing to workspace dormancy

sreya · sreya · commit 148219fe2b54 · 2023-10-05T18:30:19.000Z
- Adds an audit log for workspaces automatically transitioned to the dormant
  state.
- Imposes a mininum of 1 minute on cleanup-related fields. This is to
  prevent accidental API misuse from resulting in catastrophe.
diff --git a/cli/server.go b/cli/server.go
@@ -938,7 +938,7 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 			autobuildTicker := time.NewTicker(vals.AutobuildPollInterval.Value())
 			defer autobuildTicker.Stop()
 			autobuildExecutor := autobuild.NewExecutor(
-				ctx, options.Database, options.Pubsub, coderAPI.TemplateScheduleStore, logger, autobuildTicker.C)
+				ctx, options.Database, options.Pubsub, coderAPI.TemplateScheduleStore, &coderAPI.Auditor, logger, autobuildTicker.C)
 			autobuildExecutor.Run()
 
 			hangDetectorTicker := time.NewTicker(vals.JobHangDetectorInterval.Value())
diff --git a/coderd/autobuild/lifecycle_executor.go b/coderd/autobuild/lifecycle_executor.go
@@ -3,6 +3,9 @@ package autobuild
 import (
 	"context"
 	"database/sql"
+	"encoding/json"
+	"net/http"
+	"strconv"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -12,6 +15,7 @@ import (
 	"golang.org/x/xerrors"
 
 	"cdr.dev/slog"
+	"github.com/coder/coder/v2/coderd/audit"
 	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/coderd/database/dbauthz"
 	"github.com/coder/coder/v2/coderd/database/dbtime"
@@ -29,6 +33,7 @@ type Executor struct {
 	db                    database.Store
 	ps                    pubsub.Pubsub
 	templateScheduleStore *atomic.Pointer[schedule.TemplateScheduleStore]
+	auditor               *atomic.Pointer[audit.Auditor]
 	log                   slog.Logger
 	tick                  <-chan time.Time
 	statsCh               chan<- Stats
@@ -42,7 +47,7 @@ type Stats struct {
 }
 
 // New returns a new wsactions executor.
-func NewExecutor(ctx context.Context, db database.Store, ps pubsub.Pubsub, tss *atomic.Pointer[schedule.TemplateScheduleStore], log slog.Logger, tick <-chan time.Time) *Executor {
+func NewExecutor(ctx context.Context, db database.Store, ps pubsub.Pubsub, tss *atomic.Pointer[schedule.TemplateScheduleStore], auditor *atomic.Pointer[audit.Auditor], log slog.Logger, tick <-chan time.Time) *Executor {
 	le := &Executor{
 		//nolint:gocritic // Autostart has a limited set of permissions.
 		ctx:                   dbauthz.AsAutostart(ctx),
@@ -51,6 +56,7 @@ func NewExecutor(ctx context.Context, db database.Store, ps pubsub.Pubsub, tss *
 		templateScheduleStore: tss,
 		tick:                  tick,
 		log:                   log.Named("autobuild"),
+		auditor:               auditor,
 	}
 	return le
 }
@@ -166,13 +172,14 @@ func (e *Executor) runOnce(t time.Time) Stats {
 					return nil
 				}
 
+				var build *database.WorkspaceBuild
 				if nextTransition != "" {
 					builder := wsbuilder.New(ws, nextTransition).
 						SetLastWorkspaceBuildInTx(&latestBuild).
 						SetLastWorkspaceBuildJobInTx(&latestJob).
 						Reason(reason)
 
-					_, job, err = builder.Build(e.ctx, tx, nil)
+					build, job, err = builder.Build(e.ctx, tx, nil)
 					if err != nil {
 						log.Error(e.ctx, "unable to transition workspace",
 							slog.F("transition", nextTransition),
@@ -185,13 +192,41 @@ func (e *Executor) runOnce(t time.Time) Stats {
 				//  Transition the workspace to dormant if it has breached the template's
 				// threshold for inactivity.
 				if reason == database.BuildReasonAutolock {
+					wsOld := ws
 					ws, err = tx.UpdateWorkspaceDormantDeletingAt(e.ctx, database.UpdateWorkspaceDormantDeletingAtParams{
 						ID: ws.ID,
 						DormantAt: sql.NullTime{
 							Time:  dbtime.Now(),
 							Valid: true,
 						},
 					})
+
+					fields := audit.AdditionalFields{
+						WorkspaceName: ws.Name,
+						BuildReason:   reason,
+					}
+					if build != nil {
+						fields.BuildNumber = strconv.FormatInt(int64(latestBuild.BuildNumber), 10)
+					}
+
+					raw, err := json.Marshal(fields)
+					if err != nil {
+						e.log.Error(e.ctx, "marshal resource info for successful job", slog.Error(err))
+					}
+
+					audit.WorkspaceBuildAudit(e.ctx, &audit.BuildAuditParams[database.Workspace]{
+						Audit:            *e.auditor.Load(),
+						Log:              e.log,
+						UserID:           job.InitiatorID,
+						OrganizationID:   ws.OrganizationID,
+						JobID:            job.ID,
+						Action:           database.AuditActionWrite,
+						Old:              wsOld,
+						New:              ws,
+						Status:           http.StatusOK,
+						AdditionalFields: raw,
+					})
+
 					if err != nil {
 						log.Error(e.ctx, "unable to transition workspace to dormant",
 							slog.F("transition", nextTransition),
diff --git a/coderd/coderdtest/coderdtest.go b/coderd/coderdtest/coderdtest.go
@@ -262,12 +262,19 @@ func NewOptions(t testing.TB, options *Options) (func(http.Handler), context.Can
 	}
 	templateScheduleStore.Store(&options.TemplateScheduleStore)
 
+	var auditor atomic.Pointer[audit.Auditor]
+	if options.Auditor == nil {
+		options.Auditor = audit.NewNop()
+	}
+	auditor.Store(&options.Auditor)
+
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	lifecycleExecutor := autobuild.NewExecutor(
 		ctx,
 		options.Database,
 		options.Pubsub,
 		&templateScheduleStore,
+		&auditor,
 		slogtest.Make(t, nil).Named("autobuild.executor").Leveled(slog.LevelDebug),
 		options.AutobuildTicker,
 	).WithStatsChannel(options.AutobuildStats)
diff --git a/coderd/templates.go b/coderd/templates.go
@@ -537,17 +537,19 @@ func (api *API) patchTemplateMeta(rw http.ResponseWriter, r *http.Request) {
 	if req.AutostopRequirement.Weeks > schedule.MaxTemplateAutostopRequirementWeeks {
 		validErrs = append(validErrs, codersdk.ValidationError{Field: "autostop_requirement.weeks", Detail: fmt.Sprintf("Must be less than %d.", schedule.MaxTemplateAutostopRequirementWeeks)})
 	}
-	if req.FailureTTLMillis < 0 {
-		validErrs = append(validErrs, codersdk.ValidationError{Field: "failure_ttl_ms", Detail: "Must be a positive integer."})
-	}
-	if req.TimeTilDormantMillis < 0 {
-		validErrs = append(validErrs, codersdk.ValidationError{Field: "inactivity_ttl_ms", Detail: "Must be a positive integer."})
+
+	// The minimum valid value for a dormant TTL is 1 minute. This is
+	// to ensure an uninformed user does not send an unintentionally
+	// small number resulting in potentially catastrophic consequences.
+	const minTTL = 1000 * 60
+	if req.FailureTTLMillis < 0 || (req.FailureTTLMillis > 0 && req.FailureTTLMillis < minTTL) {
+		validErrs = append(validErrs, codersdk.ValidationError{Field: "failure_ttl_ms", Detail: "Value must be at least one minute."})
 	}
-	if req.TimeTilDormantMillis < 0 {
-		validErrs = append(validErrs, codersdk.ValidationError{Field: "inactivity_ttl_ms", Detail: "Must be a positive integer."})
+	if req.TimeTilDormantMillis < 0 || (req.TimeTilDormantMillis > 0 && req.TimeTilDormantMillis < minTTL) {
+		validErrs = append(validErrs, codersdk.ValidationError{Field: "time_til_dormant_ms", Detail: "Value must be at least one minute."})
 	}
-	if req.TimeTilDormantAutoDeleteMillis < 0 {
-		validErrs = append(validErrs, codersdk.ValidationError{Field: "locked_ttl_ms", Detail: "Must be a positive integer."})
+	if req.TimeTilDormantAutoDeleteMillis < 0 || (req.TimeTilDormantAutoDeleteMillis > 0 && req.TimeTilDormantAutoDeleteMillis < minTTL) {
+		validErrs = append(validErrs, codersdk.ValidationError{Field: "time_til_dormant_autodelete_ms", Detail: "Value must be at least one minute."})
 	}
 
 	if len(validErrs) > 0 {
diff --git a/coderd/workspaces.go b/coderd/workspaces.go
@@ -816,8 +816,20 @@ func (api *API) putWorkspaceTTL(rw http.ResponseWriter, r *http.Request) {
 // @Success 200 {object} codersdk.Workspace
 // @Router /workspaces/{workspace}/dormant [put]
 func (api *API) putWorkspaceDormant(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	workspace := httpmw.WorkspaceParam(r)
+	var (
+		ctx               = r.Context()
+		workspace         = httpmw.WorkspaceParam(r)
+		oldWorkspace      = workspace
+		auditor           = api.Auditor.Load()
+		aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
+			Audit:   *auditor,
+			Log:     api.Logger,
+			Request: r,
+			Action:  database.AuditActionWrite,
+		})
+	)
+	aReq.Old = oldWorkspace
+	defer commitAudit()
 
 	var req codersdk.UpdateWorkspaceDormancy
 	if !httpapi.Read(ctx, rw, r, &req) {
@@ -865,6 +877,7 @@ func (api *API) putWorkspaceDormant(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	aReq.New = workspace
 	httpapi.Write(ctx, rw, http.StatusOK, convertWorkspace(
 		workspace,
 		data.builds[0],
diff --git a/coderd/workspaces_test.go b/coderd/workspaces_test.go
@@ -2824,7 +2824,10 @@ func TestWorkspaceDormant(t *testing.T) {
 	t.Run("OK", func(t *testing.T) {
 		t.Parallel()
 		var (
-			client                   = coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true})
+			auditRecorder = audit.NewMock()
+			client        = coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true,
+				Auditor: auditRecorder,
+			})
 			user                     = coderdtest.CreateFirstUser(t, client)
 			version                  = coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
 			_                        = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID)
@@ -2841,10 +2844,12 @@ func TestWorkspaceDormant(t *testing.T) {
 		defer cancel()
 
 		lastUsedAt := workspace.LastUsedAt
+		auditRecorder.ResetLogs()
 		err := client.UpdateWorkspaceDormancy(ctx, workspace.ID, codersdk.UpdateWorkspaceDormancy{
 			Dormant: true,
 		})
 		require.NoError(t, err)
+		require.Len(t, auditRecorder.AuditLogs(), 1)
 
 		workspace = coderdtest.MustWorkspace(t, client, workspace.ID)
 		require.NoError(t, err, "fetch provisioned workspace")
diff --git a/codersdk/audit.go b/codersdk/audit.go
@@ -72,6 +72,7 @@ const (
 	AuditActionLogin    AuditAction = "login"
 	AuditActionLogout   AuditAction = "logout"
 	AuditActionRegister AuditAction = "register"
+	AuditActionDormant  AuditAction = "dormant"
 )
 
 func (a AuditAction) Friendly() string {
@@ -92,6 +93,8 @@ func (a AuditAction) Friendly() string {
 		return "logged out"
 	case AuditActionRegister:
 		return "registered"
+	case AuditActionDormant:
+		return "has gone dormant"
 	default:
 		return "unknown"
 	}
diff --git a/enterprise/coderd/templates_test.go b/enterprise/coderd/templates_test.go
@@ -185,55 +185,123 @@ func TestTemplates(t *testing.T) {
 	})
 
 	t.Run("CleanupTTLs", func(t *testing.T) {
-		t.Parallel()
+		t.Run("OK", func(t *testing.T) {
+			t.Parallel()
 
-		ctx := testutil.Context(t, testutil.WaitMedium)
-		client, user := coderdenttest.New(t, &coderdenttest.Options{
-			Options: &coderdtest.Options{
-				IncludeProvisionerDaemon: true,
-			},
-			LicenseOptions: &coderdenttest.LicenseOptions{
-				Features: license.Features{
-					codersdk.FeatureAdvancedTemplateScheduling: 1,
+			ctx := testutil.Context(t, testutil.WaitMedium)
+			client, user := coderdenttest.New(t, &coderdenttest.Options{
+				Options: &coderdtest.Options{
+					IncludeProvisionerDaemon: true,
 				},
-			},
+				LicenseOptions: &coderdenttest.LicenseOptions{
+					Features: license.Features{
+						codersdk.FeatureAdvancedTemplateScheduling: 1,
+					},
+				},
+			})
+
+			version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
+			coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID)
+			template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
+			require.EqualValues(t, 0, template.TimeTilDormantMillis)
+			require.EqualValues(t, 0, template.FailureTTLMillis)
+			require.EqualValues(t, 0, template.TimeTilDormantAutoDeleteMillis)
+
+			var (
+				failureTTL    time.Duration = 1 * time.Minute
+				inactivityTTL time.Duration = 2 * time.Minute
+				dormantTTL    time.Duration = 3 * time.Minute
+			)
+
+			updated, err := client.UpdateTemplateMeta(ctx, template.ID, codersdk.UpdateTemplateMeta{
+				Name:                           template.Name,
+				DisplayName:                    template.DisplayName,
+				Description:                    template.Description,
+				Icon:                           template.Icon,
+				AllowUserCancelWorkspaceJobs:   template.AllowUserCancelWorkspaceJobs,
+				TimeTilDormantMillis:           inactivityTTL.Milliseconds(),
+				FailureTTLMillis:               failureTTL.Milliseconds(),
+				TimeTilDormantAutoDeleteMillis: dormantTTL.Milliseconds(),
+			})
+			require.NoError(t, err)
+			require.Equal(t, failureTTL.Milliseconds(), updated.FailureTTLMillis)
+			require.Equal(t, inactivityTTL.Milliseconds(), updated.TimeTilDormantMillis)
+			require.Equal(t, dormantTTL.Milliseconds(), updated.TimeTilDormantAutoDeleteMillis)
+
+			// Validate fetching the template returns the same values as updating
+			// the template.
+			template, err = client.Template(ctx, template.ID)
+			require.NoError(t, err)
+			require.Equal(t, failureTTL.Milliseconds(), updated.FailureTTLMillis)
+			require.Equal(t, inactivityTTL.Milliseconds(), updated.TimeTilDormantMillis)
+			require.Equal(t, dormantTTL.Milliseconds(), updated.TimeTilDormantAutoDeleteMillis)
 		})
 
-		version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
-		coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID)
-		template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
-		require.EqualValues(t, 0, template.TimeTilDormantMillis)
-		require.EqualValues(t, 0, template.FailureTTLMillis)
-		require.EqualValues(t, 0, template.TimeTilDormantAutoDeleteMillis)
+		t.Run("BadRequest", func(t *testing.T) {
+			t.Parallel()
 
-		var (
-			failureTTL    int64 = 1
-			inactivityTTL int64 = 2
-			dormantTTL    int64 = 3
-		)
+			ctx := testutil.Context(t, testutil.WaitMedium)
+			client, user := coderdenttest.New(t, &coderdenttest.Options{
+				Options: &coderdtest.Options{
+					IncludeProvisionerDaemon: true,
+				},
+				LicenseOptions: &coderdenttest.LicenseOptions{
+					Features: license.Features{
+						codersdk.FeatureAdvancedTemplateScheduling: 1,
+					},
+				},
+			})
 
-		updated, err := client.UpdateTemplateMeta(ctx, template.ID, codersdk.UpdateTemplateMeta{
-			Name:                           template.Name,
-			DisplayName:                    template.DisplayName,
-			Description:                    template.Description,
-			Icon:                           template.Icon,
-			AllowUserCancelWorkspaceJobs:   template.AllowUserCancelWorkspaceJobs,
-			TimeTilDormantMillis:           inactivityTTL,
-			FailureTTLMillis:               failureTTL,
-			TimeTilDormantAutoDeleteMillis: dormantTTL,
-		})
-		require.NoError(t, err)
-		require.Equal(t, failureTTL, updated.FailureTTLMillis)
-		require.Equal(t, inactivityTTL, updated.TimeTilDormantMillis)
-		require.Equal(t, dormantTTL, updated.TimeTilDormantAutoDeleteMillis)
+			version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
+			coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID)
+			template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
 
-		// Validate fetching the template returns the same values as updating
-		// the template.
-		template, err = client.Template(ctx, template.ID)
-		require.NoError(t, err)
-		require.Equal(t, failureTTL, updated.FailureTTLMillis)
-		require.Equal(t, inactivityTTL, updated.TimeTilDormantMillis)
-		require.Equal(t, dormantTTL, updated.TimeTilDormantAutoDeleteMillis)
+			type testcase struct {
+				Name                string
+				TimeTilDormantMS    int64
+				FailureTTLMS        int64
+				DormantAutoDeleteMS int64
+			}
+
+			cases := []testcase{
+				{
+					Name:                "NegativeValue",
+					TimeTilDormantMS:    -1,
+					FailureTTLMS:        -2,
+					DormantAutoDeleteMS: -3,
+				},
+				{
+					Name:                "ValueTooSmall",
+					TimeTilDormantMS:    1,
+					FailureTTLMS:        999,
+					DormantAutoDeleteMS: 500,
+				},
+			}
+
+			for _, c := range cases {
+				c := c
+
+				t.Run(c.Name, func(t *testing.T) {
+					t.Parallel()
+
+					_, err := client.UpdateTemplateMeta(ctx, template.ID, codersdk.UpdateTemplateMeta{
+						Name:                           template.Name,
+						DisplayName:                    template.DisplayName,
+						Description:                    template.Description,
+						Icon:                           template.Icon,
+						AllowUserCancelWorkspaceJobs:   template.AllowUserCancelWorkspaceJobs,
+						TimeTilDormantMillis:           c.TimeTilDormantMS,
+						FailureTTLMillis:               c.FailureTTLMS,
+						TimeTilDormantAutoDeleteMillis: c.DormantAutoDeleteMS,
+					})
+					require.Error(t, err)
+					cerr, ok := codersdk.AsError(err)
+					require.True(t, ok)
+					require.Len(t, cerr.Validations, 3)
+					require.Equal(t, "Value must be at least one minute.", cerr.Validations[0].Detail)
+				})
+			}
+		})
 	})
 
 	t.Run("UpdateTimeTilDormantAutoDelete", func(t *testing.T) {
diff --git a/enterprise/coderd/workspaces_test.go b/enterprise/coderd/workspaces_test.go
