From b8998dd01baec0783a70cd8579fbe534f96254bf Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 13 Oct 2022 18:31:34 +0000 Subject: [PATCH 1/5] fix: ensure deleting workspace creates audit log --- coderd/workspacebuilds.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/coderd/workspacebuilds.go b/coderd/workspacebuilds.go index b2d8424907df4..34eb521e8ae5f 100644 --- a/coderd/workspacebuilds.go +++ b/coderd/workspacebuilds.go @@ -15,6 +15,7 @@ import ( "golang.org/x/exp/slices" "golang.org/x/xerrors" + "github.com/coder/coder/coderd/audit" "github.com/coder/coder/coderd/database" "github.com/coder/coder/coderd/httpapi" "github.com/coder/coder/coderd/httpmw" @@ -250,10 +251,13 @@ func (api *API) workspaceBuildByBuildNumber(rw http.ResponseWriter, r *http.Requ httpapi.Write(ctx, rw, http.StatusOK, apiBuild) } +// STARTS HERE + func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) { ctx := r.Context() apiKey := httpmw.APIKey(r) workspace := httpmw.WorkspaceParam(r) + var createBuild codersdk.CreateWorkspaceBuildRequest if !httpapi.Read(ctx, rw, r, &createBuild) { return @@ -261,6 +265,7 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) { // Rbac action depends on the transition var action rbac.Action + switch createBuild.Transition { case codersdk.WorkspaceTransitionDelete: action = rbac.ActionDelete @@ -277,6 +282,22 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) { return } + // we only want to create audit logs for delete builds right now + if action == rbac.ActionDelete { + var ( + auditor = api.Auditor.Load() + aReq, commitAudit = audit.InitRequest[database.Workspace](rw, &audit.RequestParams{ + Audit: *auditor, + Log: api.Logger, + Request: r, + Action: database.AuditActionDelete, + }) + ) + + defer commitAudit() + aReq.Old = workspace + } + if createBuild.TemplateVersionID == uuid.Nil { latestBuild, err := api.Database.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspace.ID) if err != nil { @@ -525,6 +546,8 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) { httpapi.Write(ctx, rw, http.StatusCreated, apiBuild) } +// ENDS HERE !!!!! + func (api *API) patchCancelWorkspaceBuild(rw http.ResponseWriter, r *http.Request) { ctx := r.Context() workspaceBuild := httpmw.WorkspaceBuildParam(r) From 94f32563eb900a950b65e12afc5ff75c46ee728b Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 13 Oct 2022 18:34:29 +0000 Subject: [PATCH 2/5] getting rid of comments --- coderd/workspacebuilds.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/coderd/workspacebuilds.go b/coderd/workspacebuilds.go index 34eb521e8ae5f..b555d6d4fa80b 100644 --- a/coderd/workspacebuilds.go +++ b/coderd/workspacebuilds.go @@ -251,8 +251,6 @@ func (api *API) workspaceBuildByBuildNumber(rw http.ResponseWriter, r *http.Requ httpapi.Write(ctx, rw, http.StatusOK, apiBuild) } -// STARTS HERE - func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) { ctx := r.Context() apiKey := httpmw.APIKey(r) @@ -546,8 +544,6 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) { httpapi.Write(ctx, rw, http.StatusCreated, apiBuild) } -// ENDS HERE !!!!! - func (api *API) patchCancelWorkspaceBuild(rw http.ResponseWriter, r *http.Request) { ctx := r.Context() workspaceBuild := httpmw.WorkspaceBuildParam(r) From 76f8d6f48218733232299a73aa90b22e6a87cad4 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 13 Oct 2022 18:35:38 +0000 Subject: [PATCH 3/5] remove whitespace --- coderd/workspacebuilds.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/coderd/workspacebuilds.go b/coderd/workspacebuilds.go index b555d6d4fa80b..97f1a7685cc09 100644 --- a/coderd/workspacebuilds.go +++ b/coderd/workspacebuilds.go @@ -255,7 +255,6 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) { ctx := r.Context() apiKey := httpmw.APIKey(r) workspace := httpmw.WorkspaceParam(r) - var createBuild codersdk.CreateWorkspaceBuildRequest if !httpapi.Read(ctx, rw, r, &createBuild) { return @@ -263,7 +262,6 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) { // Rbac action depends on the transition var action rbac.Action - switch createBuild.Transition { case codersdk.WorkspaceTransitionDelete: action = rbac.ActionDelete From 3065cacc11ac17faaed2206ce1a4f5f4da4ca442 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 13 Oct 2022 20:26:04 +0000 Subject: [PATCH 4/5] pushing failing test --- coderd/workspacebuilds_test.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/coderd/workspacebuilds_test.go b/coderd/workspacebuilds_test.go index c4c3f7d364220..7d00d5af79317 100644 --- a/coderd/workspacebuilds_test.go +++ b/coderd/workspacebuilds_test.go @@ -13,6 +13,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/coder/coder/coderd/audit" "github.com/coder/coder/coderd/coderdtest" "github.com/coder/coder/coderd/database" "github.com/coder/coder/codersdk" @@ -541,6 +542,7 @@ func TestWorkspaceBuildStatus(t *testing.T) { closeDaemon.Close() template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + auditor := audit.NewMock() // initial returned state is "pending" require.EqualValues(t, codersdk.WorkspaceStatusPending, workspace.LatestBuild.Status) @@ -575,4 +577,7 @@ func TestWorkspaceBuildStatus(t *testing.T) { workspace, err = client.DeletedWorkspace(ctx, workspace.ID) require.NoError(t, err) require.EqualValues(t, codersdk.WorkspaceStatusDeleted, workspace.LatestBuild.Status) + + require.Len(t, auditor.AuditLogs, 4) + assert.Equal(t, database.AuditActionDelete, auditor.AuditLogs[3].Action) } From aea2e73c10387a0fe887e708705624ece718207f Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 13 Oct 2022 21:04:34 +0000 Subject: [PATCH 5/5] fixed test --- coderd/workspacebuilds_test.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/coderd/workspacebuilds_test.go b/coderd/workspacebuilds_test.go index 7d00d5af79317..983063a1907bc 100644 --- a/coderd/workspacebuilds_test.go +++ b/coderd/workspacebuilds_test.go @@ -535,14 +535,14 @@ func TestWorkspaceBuildStatus(t *testing.T) { t.Parallel() ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() - client, closeDaemon, api := coderdtest.NewWithAPI(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + auditor := audit.NewMock() + client, closeDaemon, api := coderdtest.NewWithAPI(t, &coderdtest.Options{IncludeProvisionerDaemon: true, Auditor: auditor}) user := coderdtest.CreateFirstUser(t, client) version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) closeDaemon.Close() template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) - auditor := audit.NewMock() // initial returned state is "pending" require.EqualValues(t, codersdk.WorkspaceStatusPending, workspace.LatestBuild.Status) @@ -578,6 +578,7 @@ func TestWorkspaceBuildStatus(t *testing.T) { require.NoError(t, err) require.EqualValues(t, codersdk.WorkspaceStatusDeleted, workspace.LatestBuild.Status) - require.Len(t, auditor.AuditLogs, 4) - assert.Equal(t, database.AuditActionDelete, auditor.AuditLogs[3].Action) + // assert an audit log has been created for deletion + require.Len(t, auditor.AuditLogs, 5) + assert.Equal(t, database.AuditActionDelete, auditor.AuditLogs[4].Action) }