Skip to content

Audit build outcomes/kira pilot #5143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Nov 22, 2022
Merged

Audit build outcomes/kira pilot #5143

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
df3a6ce
auditing failed builds
Kira-Pilot Nov 18, 2022
ab1fec0
logging workspace build successes
Kira-Pilot Nov 18, 2022
9895b88
remove duplicate workspace build entry
Kira-Pilot Nov 21, 2022
d5aed0e
fixed workspacebuilds_test
Kira-Pilot Nov 21, 2022
3b635ac
PR feedback
Kira-Pilot Nov 21, 2022
ecbea40
Merge remote-tracking branch 'origin/main' into audit-build-outcomes/…
Kira-Pilot Nov 21, 2022
b8ab479
lint and migrations
Kira-Pilot Nov 21, 2022
8a8a3eb
fix nil auditors
coadler Nov 22, 2022
d5c8045
workspace_build test
Kira-Pilot Nov 22, 2022
1b276e4
fixed workspaces_teest
Kira-Pilot Nov 22, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
remove duplicate workspace build entry
  • Loading branch information
@Kira-Pilot
Kira-Pilot committed Nov 21, 2022
commit 9895b8849d2cc6bfce8d3f5fe125708e8e3e48f8
3 changes: 2 additions & 1 deletion coderd/provisionerdserver/provisionerdserver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -520,6 +520,7 @@ func (server *Server) FailJob(ctx context.Context, failJob *proto.FailedJob) (*p
case *proto.FailedJob_TemplateImport_:
}

// if failed job is a workspace build, audit the outcome
if job.Type == database.ProvisionerJobTypeWorkspaceBuild {
auditor := server.Auditor.Load()
build, getBuildErr := server.Database.GetWorkspaceBuildByJobID(ctx, job.ID)
Expand Down Expand Up @@ -695,9 +696,9 @@ func (server *Server) CompleteJob(ctx context.Context, completed *proto.Complete
return nil, xerrors.Errorf("complete job: %w", err)
}

// audit the outcome of the workspace build
if getWorkspaceError == nil {
auditor := server.Auditor.Load()

auditAction := determineAuditAction(workspaceBuild.Transition)

// We pass the workspace name to the Auditor so that it
Expand Down
54 changes: 1 addition & 53 deletions coderd/workspacebuilds.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,6 @@ import (
"golang.org/x/exp/slices"
"golang.org/x/xerrors"

"cdr.dev/slog"
"github.com/coder/coder/coderd/audit"
"github.com/coder/coder/coderd/database"
"github.com/coder/coder/coderd/httpapi"
"github.com/coder/coder/coderd/httpmw"
Expand Down Expand Up @@ -280,58 +278,8 @@ func (api *API) postWorkspaceBuilds(rw http.ResponseWriter, r *http.Request) {
return
}

auditor := api.Auditor.Load()

// if user deletes a workspace, audit the workspace
if action == rbac.ActionDelete {
aReq, commitAudit := audit.InitRequest[database.Workspace](rw, &audit.RequestParams{
Audit: *auditor,
Log: api.Logger,
Request: r,
Action: database.AuditActionDelete,
})

defer commitAudit()
aReq.Old = workspace
}

latestBuild, latestBuildErr := api.Database.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspace.ID)

// if a user starts/stops a workspace, audit the workspace build
if action == rbac.ActionUpdate {
var auditAction database.AuditAction
if createBuild.Transition == codersdk.WorkspaceTransitionStart {
auditAction = database.AuditActionStart
} else if createBuild.Transition == codersdk.WorkspaceTransitionStop {
auditAction = database.AuditActionStop
} else {
auditAction = database.AuditActionWrite
}

// We pass the workspace name to the Auditor so that it
// can form a friendly string for the user.
workspaceResourceInfo := map[string]string{
"workspaceName": workspace.Name,
}

wriBytes, err := json.Marshal(workspaceResourceInfo)
if err != nil {
api.Logger.Error(ctx, "could not marshal workspace name", slog.Error(err))
}

aReq, commitAudit := audit.InitRequest[database.WorkspaceBuild](rw, &audit.RequestParams{
Audit: *auditor,
Log: api.Logger,
Request: r,
Action: auditAction,
AdditionalFields: wriBytes,
})

defer commitAudit()
aReq.Old = latestBuild
}

if createBuild.TemplateVersionID == uuid.Nil {
latestBuild, latestBuildErr := api.Database.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspace.ID)
if latestBuildErr != nil {
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
Message: "Internal error fetching the latest workspace build.",
Expand Down