Skip to content

feat: add support for workspace app audit #16801

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 40 commits into from
Mar 18, 2025
Merged

feat: add support for workspace app audit #16801

merged 40 commits into from
Mar 18, 2025

Conversation

mafredri
Copy link
Member

@mafredri mafredri commented Mar 4, 2025
edited
Loading

This change adds support for workspace app auditing.

To avoid audit log spam, we introduce the concept of app audit sessions. An audit session is unique per workspace app, user, ip, user agent and http status code. The sessions are stored in a separate table from audit logs to allow use-case specific optimizations. Sessions are ephemeral and the table does not function as a log.

The logic for auditing is placed in the DBTokenProvider for workspace apps so that wsproxies are included.

This is the final change affecting the API fo #15139.

Updates #15139

image

@mafredri mafredri force-pushed the mafredri/app-audit branch 9 times, most recently from e94f72d to 054a301 Compare March 5, 2025 22:38
johnstcn
johnstcn reviewed Mar 6, 2025
View reviewed changes
Emyrk
Emyrk reviewed Mar 6, 2025
View reviewed changes
johnstcn
johnstcn reviewed Mar 7, 2025
View reviewed changes
@mafredri mafredri mentioned this pull request Mar 12, 2025
Closed
@mafredri mafredri mentioned this pull request Mar 17, 2025
Open
@mafredri mafredri force-pushed the mafredri/app-audit branch from de7e913 to c1ae295 Compare March 17, 2025 13:28
@mafredri
Copy link
Member Author

I've implemented the requested changes, PTAL. Up-to-date view of audit log:

image

We still don't have any custom handling for terminal entry and port forward entry, they will just say "opened the agent".

@mafredri mafredri requested review from Emyrk and johnstcn March 17, 2025 14:00
johnstcn
johnstcn approved these changes Mar 18, 2025
View reviewed changes
Copy link
Member

@johnstcn johnstcn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have any further comments! Thanks for working on this @mafredri !

coderd/audit.go
Comment on lines +285 to +292
switch {
case alog.AuditLog.StatusCode == int32(http.StatusSeeOther):
_, _ = b.WriteString("was redirected attempting to ")
_, _ = b.WriteString(string(alog.AuditLog.Action))
case alog.AuditLog.StatusCode >= 400:
_, _ = b.WriteString("unsuccessfully attempted to ")
_, _ = b.WriteString(string(alog.AuditLog.Action))
} else {
default:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@mafredri mafredri merged commit de41bd6 into main Mar 18, 2025
32 checks passed
@mafredri mafredri deleted the mafredri/app-audit branch March 18, 2025 11:50
@github-actions github-actions bot locked and limited conversation to collaborators Mar 18, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@johnstcn johnstcn johnstcn approved these changes

@Emyrk Emyrk Awaiting requested review from Emyrk

Assignees

@mafredri mafredri

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mafredri @johnstcn @Emyrk