Skip to content

feat(cli/support): confirm before creating bundle #12684

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Mar 21, 2024
Merged

feat(cli/support): confirm before creating bundle #12684

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e90c4db
feat(cli/support): confirm before creating bundle
johnstcn Mar 20, 2024
b5bc498
address PR comments
johnstcn Mar 21, 2024
d44e85b
unhide, make gen
johnstcn Mar 21, 2024
76189da
Revert "unhide, make gen"
johnstcn Mar 21, 2024
6f00ef1
update blurb
johnstcn Mar 21, 2024
1b764a6
address PR comments
johnstcn Mar 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 85 additions & 11 deletions cli/support.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"encoding/base64"
"encoding/json"
"fmt"
"net/url"
"os"
"path/filepath"
"strings"
Expand All @@ -16,6 +17,7 @@ import (

"cdr.dev/slog"
"cdr.dev/slog/sloggers/sloghuman"
"github.com/coder/coder/v2/cli/cliui"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/support"
"github.com/coder/serpent"
Expand All @@ -38,6 +40,8 @@ func (r *RootCmd) support() *serpent.Command {

func (r *RootCmd) supportBundle() *serpent.Command {
var outputPath string
var coderURLOverride string
var confirm bool
client := new(codersdk.Client)
cmd := &serpent.Command{
Use: "bundle <workspace> [<agent>]",
Expand All @@ -48,14 +52,52 @@ func (r *RootCmd) supportBundle() *serpent.Command {
r.InitClient(client),
),
Handler: func(inv *serpent.Invocation) error {
var (
log = slog.Make(sloghuman.Sink(inv.Stderr)).
Leveled(slog.LevelDebug)
deps = support.Deps{
Client: client,
Log: log,
}
var cliLogBuf bytes.Buffer
cliLogW := sloghuman.Sink(&cliLogBuf)
cliLog := slog.Make(sloghuman.Sink(inv.Stderr), cliLogW)
if r.verbose {
cliLog = cliLog.Leveled(slog.LevelDebug)
}

vi := defaultVersionInfo()
cliLog.Info(inv.Context(), "version info",
slog.F("version", vi.Version),
slog.F("build_time", vi.BuildTime),
slog.F("external_url", vi.ExternalURL),
slog.F("slim", vi.Slim),
slog.F("agpl", vi.AGPL),
slog.F("boring_crypto", vi.BoringCrypto),
)
cliLog.Info(inv.Context(), "invocation", slog.F("args", strings.Join(os.Args, " ")))

if !confirm {
ans, err := cliui.Prompt(inv, cliui.PromptOptions{
Text: cliui.Bold("Note: ") + cliui.Wrap("While we try to sanitize sensitive data from support bundles, we cannot guarantee that they do not contain information that you or your organization may consider sensitive.\n") + cliui.Bold("Please confirm that you will:\n") + " - Review the support bundle before distribution\n - Only distribute it via trusted channels.\n",
Default: cliui.ConfirmNo,
Secret: false,
IsConfirm: true,
})
if err != nil || ans != cliui.ConfirmYes {
return err
}
cliLog.Info(inv.Context(), "user confirmed manually", slog.F("answer", ans))
} else {
cliLog.Info(inv.Context(), "user auto-confirmed")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: debug or trace level?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah fair, we don't want unnecessary output.

}

// Check if we're running inside a workspace
if _, found := os.LookupEnv("CODER_AGENT_URL"); found {
cliLog.Warn(inv.Context(), "running inside coder workspace")
}

if coderURLOverride != "" && coderURLOverride != client.URL.String() {
u, err := url.Parse(coderURLOverride)
if err != nil {
return xerrors.Errorf("invalid value for Coder URL override: %w", err)
}
cliLog.Warn(inv.Context(), "coder url overridden", slog.F("url", coderURLOverride))
client.URL = u
}

if len(inv.Args) == 0 {
return xerrors.Errorf("must specify workspace name")
Expand All @@ -64,8 +106,10 @@ func (r *RootCmd) supportBundle() *serpent.Command {
if err != nil {
return xerrors.Errorf("invalid workspace: %w", err)
}

deps.WorkspaceID = ws.ID
cliLog.Info(inv.Context(), "found workspace",
slog.F("workspace_name", ws.Name),
slog.F("workspace_id", ws.ID),
)

agentName := ""
if len(inv.Args) > 1 {
Expand All @@ -76,8 +120,10 @@ func (r *RootCmd) supportBundle() *serpent.Command {
if !found {
return xerrors.Errorf("could not find agent named %q for workspace", agentName)
}

deps.AgentID = agt.ID
cliLog.Info(inv.Context(), "found workspace agent",
slog.F("agent_name", agt.Name),
slog.F("agent_id", agt.ID),
)

if outputPath == "" {
cwd, err := filepath.Abs(".")
Expand All @@ -87,6 +133,7 @@ func (r *RootCmd) supportBundle() *serpent.Command {
fname := fmt.Sprintf("coder-support-%d.zip", time.Now().Unix())
outputPath = filepath.Join(cwd, fname)
}
cliLog.Info(inv.Context(), "output path", slog.F("path", outputPath))

w, err := os.Create(outputPath)
if err != nil {
Expand All @@ -95,11 +142,24 @@ func (r *RootCmd) supportBundle() *serpent.Command {
zwr := zip.NewWriter(w)
defer zwr.Close()

clientLog := slog.Make().Leveled(slog.LevelDebug)
if r.verbose {
clientLog.AppendSinks(sloghuman.Sink(inv.Stderr))
}
deps := support.Deps{
Client: client,
// Support adds a sink so we don't need to supply one ourselves.
Log: clientLog,
WorkspaceID: ws.ID,
AgentID: agt.ID,
}

bun, err := support.Run(inv.Context(), &deps)
if err != nil {
_ = os.Remove(outputPath) // best effort
return xerrors.Errorf("create support bundle: %w", err)
}
bun.CLILogs = cliLogBuf.Bytes()

if err := writeBundle(bun, zwr); err != nil {
_ = os.Remove(outputPath) // best effort
Expand All @@ -109,13 +169,26 @@ func (r *RootCmd) supportBundle() *serpent.Command {
},
}
cmd.Options = serpent.OptionSet{
{
Flag: "confirm",
FlagShorthand: "y",
Env: "CODER_SUPPORT_BUNDLE_CONFIRM",
Description: "By setting this to true, you confirm that you will treat the resulting support bundle as if it contained sensitive information.",
Value: serpent.BoolOf(&confirm),
},
{
Flag: "output",
FlagShorthand: "o",
Env: "CODER_SUPPORT_BUNDLE_OUTPUT",
Description: "File path for writing the generated support bundle. Defaults to coder-support-$(date +%s).zip.",
Value: serpent.StringOf(&outputPath),
},
{
Flag: "url-override",
Env: "CODER_SUPPORT_BUNDLE_URL_OVERRIDE",
Description: "Override the URL to your Coder deployment. This may be useful, for example, if you need to troubleshoot a specific Coder replica.",
Value: serpent.StringOf(&coderURLOverride),
},
}

return cmd
Expand Down Expand Up @@ -182,6 +255,7 @@ func writeBundle(src *support.Bundle, dest *zip.Writer) error {
"agent/prometheus.txt": string(src.Agent.Prometheus),
"workspace/template_file.zip": string(templateVersionBytes),
"logs.txt": strings.Join(src.Logs, "\n"),
"cli_logs.txt": string(src.CLILogs),
} {
f, err := dest.Create(k)
if err != nil {
Expand Down
11 changes: 7 additions & 4 deletions cli/support_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ func TestSupportBundle(t *testing.T) {

d := t.TempDir()
path := filepath.Join(d, "bundle.zip")
inv, root := clitest.New(t, "support", "bundle", r.Workspace.Name, "--output", path)
inv, root := clitest.New(t, "support", "bundle", r.Workspace.Name, "--output", path, "--confirm")
//nolint: gocritic // requires owner privilege
clitest.SetupConfig(t, client, root)
err = inv.Run()
Expand All @@ -88,7 +88,7 @@ func TestSupportBundle(t *testing.T) {
t.Parallel()
client := coderdtest.New(t, nil)
_ = coderdtest.CreateFirstUser(t, client)
inv, root := clitest.New(t, "support", "bundle")
inv, root := clitest.New(t, "support", "bundle", "--confirm")
//nolint: gocritic // requires owner privilege
clitest.SetupConfig(t, client, root)
err := inv.Run()
Expand All @@ -103,7 +103,7 @@ func TestSupportBundle(t *testing.T) {
OrganizationID: admin.OrganizationID,
OwnerID: admin.UserID,
}).Do() // without agent!
inv, root := clitest.New(t, "support", "bundle", r.Workspace.Name)
inv, root := clitest.New(t, "support", "bundle", r.Workspace.Name, "--confirm")
//nolint: gocritic // requires owner privilege
clitest.SetupConfig(t, client, root)
err := inv.Run()
Expand All @@ -119,7 +119,7 @@ func TestSupportBundle(t *testing.T) {
OrganizationID: user.OrganizationID,
OwnerID: member.ID,
}).WithAgent().Do()
inv, root := clitest.New(t, "support", "bundle", r.Workspace.Name)
inv, root := clitest.New(t, "support", "bundle", r.Workspace.Name, "--confirm")
clitest.SetupConfig(t, memberClient, root)
err := inv.Run()
require.ErrorContains(t, err, "failed authorization check")
Expand Down Expand Up @@ -219,6 +219,9 @@ func assertBundleContents(t *testing.T, path string) {
case "logs.txt":
bs := readBytesFromZip(t, f)
require.NotEmpty(t, bs, "logs should not be empty")
case "cli_logs.txt":
bs := readBytesFromZip(t, f)
require.NotEmpty(t, bs, "CLI logs should not be empty")
default:
require.Failf(t, "unexpected file in bundle", f.Name)
}
Expand Down
1 change: 1 addition & 0 deletions support/support.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ type Bundle struct {
Workspace Workspace `json:"workspace"`
Agent Agent `json:"agent"`
Logs []string `json:"logs"`
CLILogs []byte `json:"cli_logs"`
}

type Deployment struct {
Expand Down