feat: add audit package

coadler · coadler · commit e7d0201f0c71 · 2022-04-15T16:46:06.000-04:00
diff --git a/coderd/audit/diff.go b/coderd/audit/diff.go
@@ -0,0 +1,105 @@
+package audit
+
+import (
+	"fmt"
+	"reflect"
+)
+
+// TODO: this might need to be in the database package.
+type DiffMap map[string]interface{}
+
+func Empty[T Auditable]() T {
+	var t T
+	return t
+}
+
+func Diff[T Auditable](old, new T) DiffMap {
+	// Values are equal, return an empty diff.
+	if reflect.DeepEqual(old, new) {
+		return DiffMap{}
+	}
+
+	return diffValues(old, new)
+}
+
+func diffValues[T any](old, new T) DiffMap {
+	var (
+		baseDiff = DiffMap{}
+
+		oldV = reflect.ValueOf(old)
+
+		newV = reflect.ValueOf(new)
+		newT = reflect.TypeOf(new)
+
+		diffKey = AuditableResources[newT.Name()]
+	)
+
+	if diffKey == nil {
+		panic(fmt.Sprintf("dev error: type %T attempted audit but not auditable", new))
+	}
+
+	for i := 0; i < newT.NumField(); i++ {
+		var (
+			oldF = oldV.Field(i)
+			newF = newV.Field(i)
+
+			oldI = oldF.Interface()
+			newI = newF.Interface()
+
+			diffName = newT.Field(i).Tag.Get("json")
+		)
+
+		atype, ok := diffKey[diffName]
+		if !ok {
+			panic(fmt.Sprintf("dev error: field %q lacks audit information", diffName))
+		}
+
+		if atype == ActionIgnore {
+			continue
+		}
+
+		// If the field is a pointer, dereference it. Nil pointers are coerced
+		// to the zero value of their underlying type.
+		if oldF.Kind() == reflect.Ptr && newF.Kind() == reflect.Ptr {
+			oldF, newF = derefPointer(oldF), derefPointer(newF)
+			oldI, newI = oldF.Interface(), newF.Interface()
+		}
+
+		// Recursively walk up nested structs.
+		if newF.Kind() == reflect.Struct {
+			baseDiff[diffName] = diffValues(oldI, newI)
+			continue
+		}
+
+		if !reflect.DeepEqual(oldI, newI) {
+			switch atype {
+			case ActionAuditable:
+				baseDiff[diffName] = newI
+			case ActionSecret:
+				baseDiff[diffName] = reflect.Zero(newF.Type()).Interface()
+			}
+		}
+	}
+
+	return baseDiff
+}
+
+// derefPointer deferences a reflect.Value that is a pointer to its underlying
+// value. It dereferences recursively until it finds a non-pointer value. If the
+// pointer is nil, it will be coerced to the zero value of the underlying type.
+func derefPointer(ptr reflect.Value) reflect.Value {
+	if !ptr.IsNil() {
+		// Grab the value the pointer references.
+		ptr = ptr.Elem()
+	} else {
+		// Coerce nil ptrs to zero'd values of their underlying type.
+		ptr = reflect.Zero(ptr.Type().Elem())
+	}
+
+	// Recursively deref nested pointers.
+	if ptr.Kind() == reflect.Ptr {
+		return derefPointer(ptr)
+	}
+
+	return ptr
+}
diff --git a/coderd/audit/diff_test.go b/coderd/audit/diff_test.go
@@ -0,0 +1,61 @@
+package audit_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/coderd/audit"
+	"github.com/coder/coder/coderd/database"
+)
+
+func TestDiff(t *testing.T) {
+	t.Parallel()
+
+	t.Run("Normal", func(t *testing.T) {
+		t.Parallel()
+
+		runDiffTests(t, []diffTest[database.User]{
+			{
+				name: "LeftEmpty",
+				left: audit.Empty[database.User](), right: database.User{Name: "colin", Email: "colin@coder.com"},
+				exp: audit.DiffMap{
+					"name":  "colin",
+					"email": "colin@coder.com",
+				},
+			},
+			{
+				name: "RightEmpty",
+				left: database.User{Name: "colin", Email: "colin@coder.com"}, right: audit.Empty[database.User](),
+				exp: audit.DiffMap{
+					"name":  "",
+					"email": "",
+				},
+			},
+			{
+				name: "NoChange",
+				left: audit.Empty[database.User](), right: audit.Empty[database.User](),
+				exp: audit.DiffMap{},
+			},
+		})
+	})
+}
+
+type diffTest[T audit.Auditable] struct {
+	name        string
+	left, right T
+	exp         audit.DiffMap
+}
+
+func runDiffTests[T audit.Auditable](t *testing.T, tests []diffTest[T]) {
+	t.Helper()
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			require.Equal(t,
+				test.exp,
+				audit.Diff(test.left, test.right),
+			)
+		})
+	}
+}
diff --git a/coderd/audit/table.go b/coderd/audit/table.go
@@ -0,0 +1,106 @@
+package audit
+
+import (
+	"reflect"
+
+	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/coderd/database"
+)
+
+// Auditable is mostly a marker interface. It contains a definitive list of all
+// auditable types. If you want to audit a new type, first define it in
+// AuditableResources, then add it to this interface.
+type Auditable interface {
+	database.User |
+		database.Workspace
+}
+
+type Action int
+
+const (
+	// ActionIgnore ignores diffing for the field.
+	ActionIgnore = iota
+	// ActionAuditable includes the value in the diff if the value changed.
+	ActionAuditable
+	// ActionSecret includes a zero value of the same type if the value changed.
+	// It lets you indicate that a value changed, but without leaking its
+	// contents.
+	ActionSecret
+)
+
+// Map is a map of struct names to a map of field names that indicate that
+// field's AuditType.
+type Map map[string]map[string]Action
+
+// AuditableResources contains a definitive list of all auditable resources and
+// which fields are auditable.
+var AuditableResources = auditMap(map[any]map[string]Action{
+	&database.User{}: {
+		"id":              ActionIgnore,    // Never changes.
+		"email":           ActionAuditable, // A user can edit their email.
+		"name":            ActionAuditable, // A user can edit their name.
+		"revoked":         ActionAuditable, // An admin can revoke a user. This is different from deletion, which is implicit.
+		"login_type":      ActionAuditable, // An admin can update the login type of a user.
+		"hashed_password": ActionSecret,    // A user can change their own password.
+		"created_at":      ActionIgnore,    // Never changes.
+		"updated_at":      ActionIgnore,    // Changes, but is implicit and not helpful in a diff.
+		"username":        ActionIgnore,    // A user cannot change their username.
+	},
+	&database.Workspace{}: {
+		"id":                 ActionIgnore,    // Never changes.
+		"created_at":         ActionIgnore,    // Never changes.
+		"updated_at":         ActionIgnore,    // Changes, but is implicit and not helpful in a diff.
+		"owner_id":           ActionIgnore,    // We don't allow workspaces to change ownership.
+		"template_id":        ActionIgnore,    // We don't allow workspaces to change templates.
+		"deleted":            ActionIgnore,    // Changes, but is implicit when a delete event is fired.
+		"name":               ActionIgnore,    // We don't allow workspaces to change names.
+		"autostart_schedule": ActionAuditable, // Autostart schedules are directly editable by users.
+		"autostop_schedule":  ActionAuditable, // Autostart schedules are directly editable by users.
+	},
+})
+
+// auditMap converts a typed AuditMap into
+func auditMap(m map[any]map[string]Action) Map {
+	out := make(Map, len(m))
+
+	for k, v := range m {
+		out[reflect.TypeOf(k).Elem().Name()] = v
+	}
+
+	return out
+}
+
+func (t Action) String() string {
+	switch t {
+	case ActionIgnore:
+		return "ignore"
+	case ActionAuditable:
+		return "auditable"
+	case ActionSecret:
+		return "secret"
+	default:
+		return "unknown"
+	}
+}
+
+func (t Action) MarshalJSON() ([]byte, error) {
+	return []byte(t.String()), nil
+}
+
+func (t *Action) UnmarshalJSON(b []byte) error {
+	str := string(b)
+
+	switch str {
+	case "ignore":
+		*t = ActionIgnore
+	case "auditable":
+		*t = ActionAuditable
+	case "secret":
+		*t = ActionSecret
+	default:
+		return xerrors.Errorf("unknown AuditType %q", str)
+	}
+
+	return nil
+}
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -144,7 +144,7 @@ func New(options *Options) (http.Handler, func()) {
 			r.Post("/logout", api.postLogout)
 			r.Group(func(r chi.Router) {
 				r.Use(httpmw.ExtractAPIKey(options.Database, nil))
-				r.Post("/", api.postUsers)
+				r.Post("/", api.postUser)
 				r.Route("/{user}", func(r chi.Router) {
 					r.Use(httpmw.ExtractUserParam(options.Database))
 					r.Get("/", api.userByName)
diff --git a/coderd/users.go b/coderd/users.go
@@ -144,7 +144,7 @@ func (api *api) postFirstUser(rw http.ResponseWriter, r *http.Request) {
 }
 
 // Creates a new user.
-func (api *api) postUsers(rw http.ResponseWriter, r *http.Request) {
+func (api *api) postUser(rw http.ResponseWriter, r *http.Request) {
 	apiKey := httpmw.APIKey(r)
 
 	var createUser codersdk.CreateUserRequest

Original file line number	Diff line number	Diff line change
`@@ -144,7 +144,7 @@ func (api api) postFirstUser(rw http.ResponseWriter, r http.Request) {`
`144`	`144`	`}`
`145`	`145`
`146`	`146`	`// Creates a new user.`
`147`		`-func (api api) postUsers(rw http.ResponseWriter, r http.Request) {`
	`147`	`+func (api api) postUser(rw http.ResponseWriter, r http.Request) {`
`148`	`148`	`apiKey := httpmw.APIKey(r)`
`149`	`149`
`150`	`150`	`var createUser codersdk.CreateUserRequest`