Skip to content

feat: Auditing group members as part of group resource #5730

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Jan 18, 2023
Merged

feat: Auditing group members as part of group resource #5730

merged 12 commits into from
Jan 18, 2023

Conversation

Kira-Pilot
Copy link
Member

@Kira-Pilot Kira-Pilot commented Jan 16, 2023
edited
Loading

resolves #4736

We now audit group members as part of group changes:
Screen Shot 2023-01-17 at 2 58 07 PM

Kira-Pilot
Kira-Pilot commented Jan 16, 2023
View reviewed changes
Kira-Pilot
Kira-Pilot commented Jan 16, 2023
View reviewed changes
Kira-Pilot
Kira-Pilot commented Jan 16, 2023
View reviewed changes
Kira-Pilot
Kira-Pilot commented Jan 16, 2023
View reviewed changes
Kira-Pilot
Kira-Pilot commented Jan 16, 2023
View reviewed changes
@Kira-Pilot Kira-Pilot requested a review from kylecarbs January 16, 2023 17:54
kylecarbs
kylecarbs reviewed Jan 16, 2023
View reviewed changes
@Kira-Pilot Kira-Pilot changed the title added AuditableGroup type feat: Auditing group members as part of group resource Jan 17, 2023
@Emyrk Emyrk mentioned this pull request Jan 17, 2023
Merged
@Kira-Pilot Kira-Pilot marked this pull request as ready for review January 17, 2023 20:14
@Kira-Pilot Kira-Pilot requested a review from a team as a code owner January 17, 2023 20:14
@Kira-Pilot Kira-Pilot requested review from presleyp, Emyrk and coadler and removed request for a team January 17, 2023 20:14
Emyrk
Emyrk reviewed Jan 17, 2023
View reviewed changes
enterprise/coderd/groups.go Outdated
Audit: *auditor,
Log: api.Logger,
Request: r,
Action: database.AuditActionDelete,
})
)
defer commitAudit()
aReq.Old = group
var emptyUsers []database.User
aReq.Old = group.Auditable(emptyUsers)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't the aReq.New be emptyUsers and the aReq.Old have the members?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great catch @Emyrk! Updated.

Kira-Pilot and others added 4 commits January 17, 2023 16:10
@Kira-Pilot @Emyrk
Update coderd/database/modelmethods.go
6b5f134 
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
@Kira-Pilot @Emyrk
Update coderd/database/modelmethods.go
d33b330 
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
@Kira-Pilot
fetching group members in group.delete
240c004
@Kira-Pilot
Merge branch 'audit-group-and-members/kira-pilot' of github.com:coder…
921107c 
…/coder into audit-group-and-members/kira-pilot
coadler
coadler approved these changes Jan 17, 2023
View reviewed changes
enterprise/coderd/groups.go Outdated
Comment on lines 245 to 246
patchedMembers, patchedMembersErr := api.Database.GetGroupMembers(ctx, group.ID)
if patchedMembersErr != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do these errors need to be named differently? It seems like the wrong error is being passed below.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops! Will fix. What convention do you like for naming errors? Just call them err until there's a scoping conflict?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unless you need multiple errors in scope at once, I would always just name them err!

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good! Will update now.

presleyp
presleyp reviewed Jan 18, 2023
View reviewed changes
site/src/components/AuditLogRow/AuditLogRow.tsx
// groups have nested diffs (group members)
// so we overwrite the member diff such that
// only the user_id is shown.
if (auditLog.resource_type === "group") {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you pull this out into a util function, maybe with a unit test?

@Kira-Pilot Kira-Pilot merged commit 6b68fbb into main Jan 18, 2023
@Kira-Pilot Kira-Pilot deleted the audit-group-and-members/kira-pilot branch January 18, 2023 20:13
@github-actions github-actions bot locked and limited conversation to collaborators Jan 18, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Emyrk Emyrk Emyrk left review comments

@coadler coadler coadler approved these changes

@kylecarbs kylecarbs kylecarbs left review comments

@presleyp presleyp presleyp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

audit: updating users in a group should generate an audit log diff
5 participants
@Kira-Pilot @presleyp @Emyrk @coadler @kylecarbs