Skip to content

feat: add auditing to user routes #3961

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 9, 2022
Merged

feat: add auditing to user routes #3961

merged 3 commits into from
Sep 9, 2022

Conversation

coadler
Copy link
Contributor

@coadler coadler commented Sep 8, 2022

No description provided.

@coadler coadler self-assigned this Sep 8, 2022
@spikecurtis
Copy link
Contributor

Tests?

@coadler coadler force-pushed the colin/user-auditing branch from af6f0c9 to 1f5f69a Compare September 8, 2022 22:20
spikecurtis
spikecurtis reviewed Sep 8, 2022
View reviewed changes
coderd/users_test.go
@@ -387,6 +390,7 @@ func TestPostUsers(t *testing.T) {
Password: "testing",
})
require.NoError(t, err)
assert.Len(t, auditor.AuditLogs, 1)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would be good to assert more more about the log, like action, resource type & name, status, etc.

same goes for the other tests.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think in the API tests it's really only important that we assert the audit log is being generated and the action. The other fields are testable elsewhere.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where are you suggesting we test the other fields, and which ones do you think will be covered?

I feel like this is an ideal place to test that user API calls generate audit logs with a resource type user, for example. Or that a successful API call results in an audit log recording status 200.

Also, that RequestID is non-empty.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resource Type/ID/Target: Derived from the generic InitRequest is called with, so it is type enforced to be correct
Status code: Logic is all in the audit package, so it can just be tested there instead
Request ID: Logic is also in the audit package

@coadler coadler merged commit 4e26e32 into main Sep 9, 2022
@coadler coadler deleted the colin/user-auditing branch September 9, 2022 02:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spikecurtis spikecurtis spikecurtis left review comments

@kylecarbs kylecarbs kylecarbs approved these changes

Assignees

@coadler coadler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@coadler @spikecurtis @kylecarbs