coder
diff --git a/‎agent/agent_test.go
Lines changed: 8 additions & 1 deletion b/‎agent/agent_test.go
Lines changed: 8 additions & 1 deletion
diff --git a/‎coderd/audit.go
Lines changed: 16 additions & 0 deletions b/‎coderd/audit.go
Lines changed: 16 additions & 0 deletions
diff --git a/‎coderd/audit/diff.go
Lines changed: 2 additions & 1 deletion b/‎coderd/audit/diff.go
Lines changed: 2 additions & 1 deletion
diff --git a/‎coderd/audit/request.go
Lines changed: 15 additions & 3 deletions b/‎coderd/audit/request.go
Lines changed: 15 additions & 3 deletions
diff --git a/‎coderd/database/dump.sql
Lines changed: 5 additions & 2 deletions b/‎coderd/database/dump.sql
Lines changed: 5 additions & 2 deletions
diff --git a/‎coderd/database/migrations/000065_add_audit_enums.down.sql
Lines changed: 2 additions & 0 deletions b/‎coderd/database/migrations/000065_add_audit_enums.down.sql
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/database/migrations/000065_add_audit_enums.up.sql
Lines changed: 4 additions & 0 deletions b/‎coderd/database/migrations/000065_add_audit_enums.up.sql
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/database/models.go
Lines changed: 3 additions & 0 deletions b/‎coderd/database/models.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/workspacebuilds.go
Lines changed: 48 additions & 13 deletions b/‎coderd/workspacebuilds.go
Lines changed: 48 additions & 13 deletions
diff --git a/‎coderd/workspacebuilds_test.go
Lines changed: 2 additions & 2 deletions b/‎coderd/workspacebuilds_test.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎codersdk/audit.go
Lines changed: 9 additions & 0 deletions b/‎codersdk/audit.go
Lines changed: 9 additions & 0 deletions
diff --git a/‎dogfood/Dockerfile
Lines changed: 1 addition & 1 deletion b/‎dogfood/Dockerfile
Lines changed: 1 addition & 1 deletion
diff --git a/‎enterprise/audit/table.go
Lines changed: 15 additions & 0 deletions b/‎enterprise/audit/table.go
Lines changed: 15 additions & 0 deletions
diff --git a/‎go.mod
Lines changed: 1 addition & 7 deletions b/‎go.mod
Lines changed: 1 addition & 7 deletions
diff --git a/‎go.sum
Lines changed: 4 additions & 2 deletions b/‎go.sum
Lines changed: 4 additions & 2 deletions
diff --git a/‎site/src/api/typesGenerated.ts
Lines changed: 2 additions & 1 deletion b/‎site/src/api/typesGenerated.ts
Lines changed: 2 additions & 1 deletion
@@ -11,6 +11,7 @@ import (
 	"os"
 	"os/exec"
 	"os/user"
+	"path"
 	"path/filepath"
 	"runtime"
 	"strconv"
@@ -231,7 +232,13 @@ func TestAgent(t *testing.T) {
 		require.NoError(t, err, "get working directory")
 		require.Equal(t, home, wd, "working directory should be home user home")
 		tempFile := filepath.Join(t.TempDir(), "sftp")
-		file, err := client.Create(tempFile)
+		// SFTP only accepts unix-y paths.
+		remoteFile := filepath.ToSlash(tempFile)
+		if !path.IsAbs(remoteFile) {
+			// On Windows, e.g. "/C:/Users/...".
+			remoteFile = path.Join("/", remoteFile)
+		}
+		file, err := client.Create(remoteFile)
 		require.NoError(t, err)
 		err = file.Close()
 		require.NoError(t, err)
 
@@ -219,12 +219,26 @@ func convertAuditLog(dblog database.GetAuditLogsOffsetRow) codersdk.AuditLog {
 	}
 }
 
+type WorkspaceResourceInfo struct {
+	WorkspaceName string
+}
+
 func auditLogDescription(alog database.GetAuditLogsOffsetRow) string {
 	str := fmt.Sprintf("{user} %s %s",
 		codersdk.AuditAction(alog.Action).FriendlyString(),
 		codersdk.ResourceType(alog.ResourceType).FriendlyString(),
 	)
 
+	// Strings for build updates follow the below format:
+	// "{user} started workspace build for workspace {target}"
+	// where target is a workspace instead of the workspace build
+	if alog.ResourceType == database.ResourceTypeWorkspaceBuild {
+		workspaceBytes := []byte(alog.AdditionalFields)
+		var workspaceResourceInfo WorkspaceResourceInfo
+		_ = json.Unmarshal(workspaceBytes, &workspaceResourceInfo)
+		str += " for workspace " + workspaceResourceInfo.WorkspaceName
+	}
+
 	// We don't display the name for git ssh keys. It's fairly long and doesn't
 	// make too much sense to display.
 	if alog.ResourceType != database.ResourceTypeGitSshKey {
@@ -288,6 +302,8 @@ func resourceTypeFromString(resourceTypeString string) string {
 		return resourceTypeString
 	case codersdk.ResourceTypeWorkspace:
 		return resourceTypeString
+	case codersdk.ResourceTypeWorkspaceBuild:
+		return resourceTypeString
 	case codersdk.ResourceTypeGitSSHKey:
 		return resourceTypeString
 	case codersdk.ResourceTypeAPIKey:
 
@@ -16,7 +16,8 @@ type Auditable interface {
 		database.User |
 		database.Workspace |
 		database.GitSSHKey |
-		database.Group
+		database.Group |
+		database.WorkspaceBuild
 }
 
 // Map is a map of changed fields in an audited resource. It maps field names to
 
@@ -20,8 +20,9 @@ type RequestParams struct {
 	Audit Auditor
 	Log   slog.Logger
 
-	Request *http.Request
-	Action  database.AuditAction
+	Request          *http.Request
+	Action           database.AuditAction
+	AdditionalFields json.RawMessage
 }
 
 type Request[T Auditable] struct {
@@ -43,6 +44,9 @@ func ResourceTarget[T Auditable](tgt T) string {
 		return typed.Username
 	case database.Workspace:
 		return typed.Name
+	case database.WorkspaceBuild:
+		// this isn't used
+		return string(typed.BuildNumber)
 	case database.GitSSHKey:
 		return typed.PublicKey
 	case database.Group:
@@ -64,6 +68,8 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {
 		return typed.ID
 	case database.Workspace:
 		return typed.ID
+	case database.WorkspaceBuild:
+		return typed.ID
 	case database.GitSSHKey:
 		return typed.UserID
 	case database.Group:
@@ -85,6 +91,8 @@ func ResourceType[T Auditable](tgt T) database.ResourceType {
 		return database.ResourceTypeUser
 	case database.Workspace:
 		return database.ResourceTypeWorkspace
+	case database.WorkspaceBuild:
+		return database.ResourceTypeWorkspaceBuild
 	case database.GitSSHKey:
 		return database.ResourceTypeGitSshKey
 	case database.Group:
@@ -129,6 +137,10 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 			}
 		}
 
+		if p.AdditionalFields == nil {
+			p.AdditionalFields = json.RawMessage("{}")
+		}
+
 		ip := parseIP(p.Request.RemoteAddr)
 		err := p.Audit.Export(ctx, database.AuditLog{
 			ID:               uuid.New(),
@@ -143,7 +155,7 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 			Diff:             diffRaw,
 			StatusCode:       int32(sw.Status),
 			RequestID:        httpmw.RequestID(p.Request),
-			AdditionalFields: json.RawMessage("{}"),
+			AdditionalFields: p.AdditionalFields,
 		})
 		if err != nil {
 			p.Log.Error(logCtx, "export audit log", slog.Error(err))
 
@@ -0,0 +1,2 @@
+-- It's not possible to drop enum values from enum types, so the UP has "IF NOT
+-- EXISTS".
@@ -0,0 +1,4 @@
+ALTER TYPE audit_action ADD VALUE IF NOT EXISTS 'start';
+ALTER TYPE audit_action ADD VALUE IF NOT EXISTS 'stop';
+
+ALTER TYPE resource_type ADD VALUE IF NOT EXISTS 'workspace_build';
@@ -15,6 +15,7 @@ import (
 	"golang.org/x/exp/slices"
 	"golang.org/x/xerrors"
 
+	"cdr.dev/slog"
 	"github.com/coder/coder/coderd/audit"
 	"github.com/coder/coder/coderd/database"
 	"github.com/coder/coder/coderd/httpapi"
@@ -278,28 +279,62 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// we only want to create audit logs for delete builds right now
+	auditor := api.Auditor.Load()
+
+	// if user deletes a workspace, audit the workspace
 	if action == rbac.ActionDelete {
-		var (
-			auditor           = api.Auditor.Load()
-			aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
-				Audit:   *auditor,
-				Log:     api.Logger,
-				Request: r,
-				Action:  database.AuditActionDelete,
-			})
-		)
+		aReq, commitAudit := audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
+			Audit:   *auditor,
+			Log:     api.Logger,
+			Request: r,
+			Action:  database.AuditActionDelete,
+		})
 
 		defer commitAudit()
 		aReq.Old = workspace
 	}
 
-	if createBuild.TemplateVersionID == uuid.Nil {
-		latestBuild, err := api.Database.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspace.ID)
+	latestBuild, latestBuildErr := api.Database.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspace.ID)
+
+	// if a user starts/stops a workspace, audit the workspace build
+	if action == rbac.ActionUpdate {
+		var auditAction database.AuditAction
+		if createBuild.Transition == codersdk.WorkspaceTransitionStart {
+			auditAction = database.AuditActionStart
+		} else if createBuild.Transition == codersdk.WorkspaceTransitionStop {
+			auditAction = database.AuditActionStop
+		} else {
+			auditAction = database.AuditActionWrite
+		}
+
+		// We pass the workspace name to the Auditor so that it
+		// can form a friendly string for the user.
+		workspaceResourceInfo := map[string]string{
+			"workspaceName": workspace.Name,
+		}
+
+		wriBytes, err := json.Marshal(workspaceResourceInfo)
 		if err != nil {
+			api.Logger.Error(ctx, "could not marshal workspace name", slog.Error(err))
+		}
+
+		aReq, commitAudit := audit.InitRequest[database.WorkspaceBuild](rw, &audit.RequestParams{
+			Audit:            *auditor,
+			Log:              api.Logger,
+			Request:          r,
+			Action:           auditAction,
+			AdditionalFields: wriBytes,
+		})
+
+		defer commitAudit()
+		aReq.Old = latestBuild
+	}
+
+	if createBuild.TemplateVersionID == uuid.Nil {
+		if latestBuildErr != nil {
 			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
 				Message: "Internal error fetching the latest workspace build.",
-				Detail:  err.Error(),
+				Detail:  latestBuildErr.Error(),
 			})
 			return
 		}
 
@@ -579,6 +579,6 @@ func TestWorkspaceBuildStatus(t *testing.T) {
 	require.EqualValues(t, codersdk.WorkspaceStatusDeleted, workspace.LatestBuild.Status)
 
 	// assert an audit log has been created for deletion
-	require.Len(t, auditor.AuditLogs, 5)
-	assert.Equal(t, database.AuditActionDelete, auditor.AuditLogs[4].Action)
+	require.Len(t, auditor.AuditLogs, 7)
+	assert.Equal(t, database.AuditActionDelete, auditor.AuditLogs[6].Action)
 }
@@ -19,6 +19,7 @@ const (
 	ResourceTypeTemplateVersion ResourceType = "template_version"
 	ResourceTypeUser            ResourceType = "user"
 	ResourceTypeWorkspace       ResourceType = "workspace"
+	ResourceTypeWorkspaceBuild  ResourceType = "workspace_build"
 	ResourceTypeGitSSHKey       ResourceType = "git_ssh_key"
 	ResourceTypeAPIKey          ResourceType = "api_key"
 	ResourceTypeGroup           ResourceType = "group"
@@ -36,6 +37,8 @@ func (r ResourceType) FriendlyString() string {
 		return "user"
 	case ResourceTypeWorkspace:
 		return "workspace"
+	case ResourceTypeWorkspaceBuild:
+		return "workspace build"
 	case ResourceTypeGitSSHKey:
 		return "git ssh key"
 	case ResourceTypeAPIKey:
@@ -53,6 +56,8 @@ const (
 	AuditActionCreate AuditAction = "create"
 	AuditActionWrite  AuditAction = "write"
 	AuditActionDelete AuditAction = "delete"
+	AuditActionStart  AuditAction = "start"
+	AuditActionStop   AuditAction = "stop"
 )
 
 func (a AuditAction) FriendlyString() string {
@@ -63,6 +68,10 @@ func (a AuditAction) FriendlyString() string {
 		return "updated"
 	case AuditActionDelete:
 		return "deleted"
+	case AuditActionStart:
+		return "started"
+	case AuditActionStop:
+		return "stopped"
 	default:
 		return "unknown"
 	}
 
@@ -1,7 +1,7 @@
 FROM rust:slim AS rust-utils
 # Install rust helper programs
 # ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
-env CARGO_INSTALL_ROOT=/tmp/
+ENV CARGO_INSTALL_ROOT=/tmp/
 RUN cargo install exa bat ripgrep typos-cli watchexec-cli
 
 FROM ubuntu AS go
 
@@ -109,6 +109,21 @@ var AuditableResources = auditMap(map[any]map[string]Action{
 		"organization_id": ActionIgnore, // Never changes.
 		"avatar_url":      ActionTrack,
 	},
+	// We don't show any diff for the WorkspaceBuild resource
+	&database.WorkspaceBuild{}: {
+		"id":                  ActionIgnore,
+		"created_at":          ActionIgnore,
+		"updated_at":          ActionIgnore,
+		"workspace_id":        ActionIgnore,
+		"template_version_id": ActionIgnore,
+		"build_number":        ActionIgnore,
+		"transition":          ActionIgnore,
+		"initiator_id":        ActionIgnore,
+		"provisioner_state":   ActionIgnore,
+		"job_id":              ActionIgnore,
+		"deadline":            ActionIgnore,
+		"reason":              ActionIgnore,
+	},
 })
 
 // auditMap converts a map of struct pointers to a map of struct names as
 
@@ -51,12 +51,6 @@ replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20221015033036-5861
 // makes importing it directly a bit messy.
 replace github.com/gliderlabs/ssh => github.com/coder/ssh v0.0.0-20220811105153-fcea99919338
 
-// The sftp server implementation used by us does not support changing
-// the working directory, this fork adds support for it.
-//
-// Attempt to upstream: https://github.com/pkg/sftp/pull/528
-replace github.com/pkg/sftp => github.com/mafredri/sftp v1.13.6-0.20221014125459-6a7168cf46fd
-
 require (
 	cdr.dev/slog v1.4.2-0.20220525200111-18dce5c2cd5f
 	cloud.google.com/go/compute v1.10.0
@@ -119,7 +113,7 @@ require (
 	github.com/pion/udp v0.1.1
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8
 	github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e
-	github.com/pkg/sftp v1.13.5
+	github.com/pkg/sftp v1.13.6-0.20221018182125-7da137aa03f0
 	github.com/prometheus/client_golang v1.13.0
 	github.com/quasilyte/go-ruleguard/dsl v0.3.21
 	github.com/robfig/cron/v3 v3.0.1
 
@@ -1230,8 +1230,6 @@ github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69
 github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
 github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
-github.com/mafredri/sftp v1.13.6-0.20221014125459-6a7168cf46fd h1:X7ZK1YGbCoPkllDq/lG5PLV4k3LVddypzoH5hVgzmiw=
-github.com/mafredri/sftp v1.13.6-0.20221014125459-6a7168cf46fd/go.mod h1:wHDZ0IZX6JcBYRK1TH9bcVq8G7TLpVHYIGJRFnmPfxg=
 github.com/mafredri/udp v0.1.2-0.20220805105907-b2872e92e98d h1:E+lU8/1jcUd3guqaRvjAGCcwoPe7jcYrNv9K0OzEwdQ=
 github.com/mafredri/udp v0.1.2-0.20220805105907-b2872e92e98d/go.mod h1:GUd681aT3Tj7pdNkUtqBz5pp/GLMGIaMI9Obq6+ob48=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
@@ -1516,6 +1514,10 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.6.0/go.mod h1:qBsxPvzyUincmltOk6iyRVxHYg4adc0OFOv72ZdLa18=
+github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
+github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
+github.com/pkg/sftp v1.13.6-0.20221018182125-7da137aa03f0 h1:QJypP3NZEUt+ka49zyp/MSdpjjM9EYkg0WA1NZQaxT0=
+github.com/pkg/sftp v1.13.6-0.20221018182125-7da137aa03f0/go.mod h1:wHDZ0IZX6JcBYRK1TH9bcVq8G7TLpVHYIGJRFnmPfxg=
 github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 
@@ -915,7 +915,7 @@ export interface WorkspacesRequest extends Pagination {
 export type APIKeyScope = "all" | "application_connect"
 
 // From codersdk/audit.go
-export type AuditAction = "create" | "delete" | "write"
+export type AuditAction = "create" | "delete" | "start" | "stop" | "write"
 
 // From codersdk/workspacebuilds.go
 export type BuildReason = "autostart" | "autostop" | "initiator"
@@ -975,6 +975,7 @@ export type ResourceType =
   | "template_version"
   | "user"
   | "workspace"
+  | "workspace_build"
 
 // From codersdk/sse.go
 export type ServerSentEventType = "data" | "error" | "ping"
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,8 @@ type Auditable interface {`
`16`	`16`	`database.User \|`
`17`	`17`	`database.Workspace \|`
`18`	`18`	`database.GitSSHKey \|`
`19`		`- database.Group`
	`19`	`+ database.Group \|`
	`20`	`+ database.WorkspaceBuild`
`20`	`21`	`}`
`21`	`22`
`22`	`23`	`// Map is a map of changed fields in an audited resource. It maps field names to`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+-- It's not possible to drop enum values from enum types, so the UP has "IF NOT`
	`2`	`+-- EXISTS".`
Original file line number	Diff line number	Diff line change
`@@ -579,6 +579,6 @@ func TestWorkspaceBuildStatus(t *testing.T) {`
`579`	`579`	`require.EqualValues(t, codersdk.WorkspaceStatusDeleted, workspace.LatestBuild.Status)`
`580`	`580`
`581`	`581`	`// assert an audit log has been created for deletion`
`582`		`- require.Len(t, auditor.AuditLogs, 5)`
`583`		`- assert.Equal(t, database.AuditActionDelete, auditor.AuditLogs[4].Action)`
	`582`	`+ require.Len(t, auditor.AuditLogs, 7)`
	`583`	`+ assert.Equal(t, database.AuditActionDelete, auditor.AuditLogs[6].Action)`
`584`	`584`	`}`