From 51c7aeeb64f0a62fe8cf769ade4659e6d94f1e36 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Wed, 25 Jan 2023 19:52:55 +0000 Subject: [PATCH 01/14] added script for table creation --- enterprise/audit/generate.sh | 2 +- scripts/auditdocgen/main.go | 82 ++++++++++++++++++++++ scripts/{auditgen => audittypegen}/main.go | 0 3 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 scripts/auditdocgen/main.go rename scripts/{auditgen => audittypegen}/main.go (100%) diff --git a/enterprise/audit/generate.sh b/enterprise/audit/generate.sh index 7821242b60939..42d8980f4342e 100755 --- a/enterprise/audit/generate.sh +++ b/enterprise/audit/generate.sh @@ -15,5 +15,5 @@ PROJECT_ROOT=$(cd "$SCRIPT_DIR" && git rev-parse --show-toplevel) ( cd "$PROJECT_ROOT" - go run ./scripts/auditgen ./coderd/database "$@" + go run ./scripts/audittypegen ./coderd/database "$@" ) diff --git a/scripts/auditdocgen/main.go b/scripts/auditdocgen/main.go new file mode 100644 index 0000000000000..6101269d75c46 --- /dev/null +++ b/scripts/auditdocgen/main.go @@ -0,0 +1,82 @@ +package main + +import ( + "bytes" + "fmt" + "log" + "strconv" + "strings" + + "github.com/coder/coder/enterprise/audit" +) + +func main() { + auditableResourcesMap, err := readAuditableResources() + if err != nil { + log.Fatal("can't read auditableResources: ", err) + } + + doc, err := readAuditDoc() + if err != nil { + log.Fatal("can't read audit doc: ", err) + } + + doc, err = updateAuditDoc(doc, auditableResourcesMap) + if err != nil { + log.Fatal("can't update audit doc: ", err) + } + + err = writeAuditDoc(doc) + if err != nil { + log.Fatal("can't write updated audit doc: ", err) + } +} + +type AuditableResourcesMap map[string]map[string]bool + +func readAuditableResources() (AuditableResourcesMap, error) { + auditableResourcesMap := make(AuditableResourcesMap) + + for resourceName, resourceFields := range audit.AuditableResources { + friendlyResourceName := strings.Split(resourceName, ".")[2] + fieldNameMap := make(map[string]bool) + for fieldName, action := range resourceFields { + fieldNameMap[fieldName] = action != audit.ActionIgnore + auditableResourcesMap[friendlyResourceName] = fieldNameMap + } + } + + return auditableResourcesMap, nil +} + +func readAuditDoc() ([]byte, error) { + var doc []byte + return doc, nil +} + +func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([]byte, error) { + var updatedDoc []byte + + var buffer bytes.Buffer + buffer.WriteByte('\n') + buffer.WriteString("|Resource||\n") + buffer.WriteString("|--|-----------------|\n") + + for resourceName, resourceFields := range auditableResourcesMap { + + buffer.Write([]byte("|" + resourceName + "|")) + + for fieldName, isTracked := range resourceFields { + buffer.Write([]byte("")) + } + + buffer.WriteString("
FieldTracked
" + fieldName + "" + strconv.FormatBool(isTracked) + "
\n") + } + + fmt.Println("updated table", buffer.String()) + return updatedDoc, nil +} + +func writeAuditDoc(doc []byte) error { + return nil +} diff --git a/scripts/auditgen/main.go b/scripts/audittypegen/main.go similarity index 100% rename from scripts/auditgen/main.go rename to scripts/audittypegen/main.go From 0facafef8f0ea6e3ba065a79993c622fb378f108 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Wed, 25 Jan 2023 20:36:55 +0000 Subject: [PATCH 02/14] added tags to audit-logs.md --- .vscode/settings.json | 2 ++ Makefile | 7 +++++ docs/admin/audit-logs.md | 26 ++++++++++------ scripts/auditdocgen/main.go | 62 +++++++++++++++++++++++++++++++++---- 4 files changed, 82 insertions(+), 15 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 292ee5cd7c4ad..0e4658912a05d 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -117,6 +117,7 @@ "tailnet", "tailnettest", "Tailscale", + "tbody", "TCGETS", "tcpip", "TCSETS", @@ -128,6 +129,7 @@ "tfjson", "tfplan", "tfstate", + "thead", "tios", "tmpdir", "tparallel", diff --git a/Makefile b/Makefile index 4abf12be4b12d..01048aaf7ba79 100644 --- a/Makefile +++ b/Makefile @@ -418,6 +418,7 @@ gen: \ provisionerd/proto/provisionerd.pb.go \ site/src/api/typesGenerated.ts \ docs/admin/prometheus.md \ + docs/admin/audit-logs.md \ coderd/apidoc/swagger.json \ .prettierignore.include \ .prettierignore \ @@ -436,6 +437,7 @@ gen/mark-fresh: provisionerd/proto/provisionerd.pb.go \ site/src/api/typesGenerated.ts \ docs/admin/prometheus.md \ + docs/admin/audit-logs.md \ coderd/apidoc/swagger.json \ .prettierignore.include \ .prettierignore \ @@ -490,6 +492,11 @@ docs/admin/prometheus.md: scripts/metricsdocgen/main.go scripts/metricsdocgen/me cd site yarn run format:write:only ../docs/admin/prometheus.md +docs/admin/audit-logs.md: scripts/auditdocgen/main.go enterprise/audit/table.go + go run scripts/auditdocgen/main.go + cd site + yarn run format:write:only ../docs/admin/audit-logs.md + coderd/apidoc/swagger.json: $(shell find ./scripts/apidocgen $(FIND_EXCLUSIONS) -type f) $(wildcard coderd/*.go) $(wildcard enterprise/coderd/*.go) $(wildcard codersdk/*.go) .swaggo docs/manifest.json ./scripts/apidocgen/generate.sh yarn run --cwd=site format:write:only ../docs/api ../docs/manifest.json ../coderd/apidoc/swagger.json diff --git a/docs/admin/audit-logs.md b/docs/admin/audit-logs.md index 4a05bbb7f6bbe..a0797a2dabd60 100644 --- a/docs/admin/audit-logs.md +++ b/docs/admin/audit-logs.md @@ -5,15 +5,23 @@ their deployment. ## Tracked Events -We track **create, update and delete** events for the following resources: - -- GitSSHKey -- Template -- TemplateVersion -- Workspace -- WorkspaceBuild -- User -- Group +We track the following resources: + + + +| Resource | | +| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| AuditableGroup |
FieldTracked
avatar_urltrue
quota_allowancetrue
memberstrue
idtrue
nametrue
organization_idfalse
| +| Organization |
FieldTracked
idtrue
nametrue
descriptiontrue
created_atfalse
updated_atfalse
| +| OrganizationMember |
FieldTracked
updated_atfalse
rolestrue
user_idtrue
organization_idtrue
created_atfalse
| +| User |
FieldTracked
deletedtrue
idtrue
usernametrue
rbac_rolestrue
login_typefalse
updated_atfalse
hashed_passwordtrue
statustrue
last_seen_atfalse
emailtrue
created_atfalse
avatar_urlfalse
| +| Workspace |
FieldTracked
idtrue
template_idtrue
deletedfalse
nametrue
organization_idfalse
owner_idtrue
autostart_scheduletrue
ttltrue
last_used_atfalse
created_atfalse
updated_atfalse
| +| WorkspaceBuild |
FieldTracked
created_atfalse
job_idfalse
idfalse
updated_atfalse
template_version_idtrue
initiator_idfalse
deadlinefalse
daily_costfalse
build_numberfalse
provisioner_statefalse
reasonfalse
workspace_idfalse
transitionfalse
| +| GitSSHKey |
FieldTracked
created_atfalse
updated_atfalse
private_keytrue
public_keytrue
user_idtrue
| +| Template |
FieldTracked
updated_atfalse
provisionertrue
idtrue
default_ttltrue
organization_idfalse
icontrue
min_autostart_intervaltrue
deletedfalse
display_nametrue
group_acltrue
nametrue
created_atfalse
created_bytrue
user_acltrue
is_privatetrue
active_version_idtrue
allow_user_cancel_workspace_jobstrue
descriptiontrue
| +| TemplateVersion |
FieldTracked
idtrue
template_idtrue
nametrue
created_atfalse
updated_atfalse
readmetrue
job_idfalse
created_bytrue
organization_idfalse
| + + ## Filtering logs diff --git a/scripts/auditdocgen/main.go b/scripts/auditdocgen/main.go index 6101269d75c46..44fa1928c372b 100644 --- a/scripts/auditdocgen/main.go +++ b/scripts/auditdocgen/main.go @@ -2,15 +2,33 @@ package main import ( "bytes" + "flag" "fmt" "log" + "os" "strconv" "strings" + "golang.org/x/xerrors" + "github.com/coder/coder/enterprise/audit" ) +var ( + auditDocFile string + dryRun bool + + generatorPrefix = []byte("") + generatorSuffix = []byte("") +) + +type AuditableResourcesMap map[string]map[string]bool + func main() { + flag.StringVar(&auditDocFile, "audit-doc-file", "docs/admin/audit-logs.md", "Path to audit log doc file") + flag.BoolVar(&dryRun, "dry-run", false, "Dry run") + flag.Parse() + auditableResourcesMap, err := readAuditableResources() if err != nil { log.Fatal("can't read auditableResources: ", err) @@ -26,14 +44,19 @@ func main() { log.Fatal("can't update audit doc: ", err) } + if dryRun { + log.Println(string(doc)) + return + } + err = writeAuditDoc(doc) if err != nil { log.Fatal("can't write updated audit doc: ", err) } } -type AuditableResourcesMap map[string]map[string]bool - +// Transforms audit.AuditableResources to AuditableResourcesMap, +// which uses friendlier language. func readAuditableResources() (AuditableResourcesMap, error) { auditableResourcesMap := make(AuditableResourcesMap) @@ -49,16 +72,35 @@ func readAuditableResources() (AuditableResourcesMap, error) { return auditableResourcesMap, nil } +// Reads the content of docs/admin/audit-logs.md func readAuditDoc() ([]byte, error) { - var doc []byte + doc, err := os.ReadFile(auditDocFile) + if err != nil { + return nil, err + } + fmt.Println("document returned", doc) + return doc, nil } +// Writes a markdown table of audit log resources to a buffer func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([]byte, error) { - var updatedDoc []byte + i := bytes.Index(doc, generatorPrefix) + if i < 0 { + return nil, xerrors.New("generator prefix tag not found") + } + tableStartIndex := i + len(generatorPrefix) + 1 + + j := bytes.Index(doc[tableStartIndex:], generatorSuffix) + if j < 0 { + return nil, xerrors.New("generator suffix tag not found") + } + tableEndIndex := tableStartIndex + j var buffer bytes.Buffer + buffer.Write(doc[:tableStartIndex]) buffer.WriteByte('\n') + buffer.WriteString("|Resource||\n") buffer.WriteString("|--|-----------------|\n") @@ -73,10 +115,18 @@ func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([] buffer.WriteString("\n") } - fmt.Println("updated table", buffer.String()) - return updatedDoc, nil + buffer.WriteString("\n") + buffer.Write(doc[tableEndIndex:]) + return buffer.Bytes(), nil } +// Updates docs/admin/audit-logs.md with new table content func writeAuditDoc(doc []byte) error { + // G306: Expect WriteFile permissions to be 0600 or less + /* #nosec G306 */ + err := os.WriteFile(auditDocFile, doc, 0644) + if err != nil { + return err + } return nil } From 963552a1c772771cce5cf9bb9b1bcaf245c9e067 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Wed, 25 Jan 2023 20:51:40 +0000 Subject: [PATCH 03/14] removed log --- docs/admin/audit-logs.md | 18 +++++++++--------- scripts/auditdocgen/main.go | 2 -- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/docs/admin/audit-logs.md b/docs/admin/audit-logs.md index a0797a2dabd60..2aabc87cbdc96 100644 --- a/docs/admin/audit-logs.md +++ b/docs/admin/audit-logs.md @@ -11,15 +11,15 @@ We track the following resources: | Resource | | | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| AuditableGroup |
FieldTracked
avatar_urltrue
quota_allowancetrue
memberstrue
idtrue
nametrue
organization_idfalse
| -| Organization |
FieldTracked
idtrue
nametrue
descriptiontrue
created_atfalse
updated_atfalse
| -| OrganizationMember |
FieldTracked
updated_atfalse
rolestrue
user_idtrue
organization_idtrue
created_atfalse
| -| User |
FieldTracked
deletedtrue
idtrue
usernametrue
rbac_rolestrue
login_typefalse
updated_atfalse
hashed_passwordtrue
statustrue
last_seen_atfalse
emailtrue
created_atfalse
avatar_urlfalse
| -| Workspace |
FieldTracked
idtrue
template_idtrue
deletedfalse
nametrue
organization_idfalse
owner_idtrue
autostart_scheduletrue
ttltrue
last_used_atfalse
created_atfalse
updated_atfalse
| -| WorkspaceBuild |
FieldTracked
created_atfalse
job_idfalse
idfalse
updated_atfalse
template_version_idtrue
initiator_idfalse
deadlinefalse
daily_costfalse
build_numberfalse
provisioner_statefalse
reasonfalse
workspace_idfalse
transitionfalse
| -| GitSSHKey |
FieldTracked
created_atfalse
updated_atfalse
private_keytrue
public_keytrue
user_idtrue
| -| Template |
FieldTracked
updated_atfalse
provisionertrue
idtrue
default_ttltrue
organization_idfalse
icontrue
min_autostart_intervaltrue
deletedfalse
display_nametrue
group_acltrue
nametrue
created_atfalse
created_bytrue
user_acltrue
is_privatetrue
active_version_idtrue
allow_user_cancel_workspace_jobstrue
descriptiontrue
| -| TemplateVersion |
FieldTracked
idtrue
template_idtrue
nametrue
created_atfalse
updated_atfalse
readmetrue
job_idfalse
created_bytrue
organization_idfalse
| +| GitSSHKey |
FieldTracked
public_keytrue
user_idtrue
created_atfalse
updated_atfalse
private_keytrue
| +| WorkspaceBuild |
FieldTracked
job_idfalse
created_atfalse
daily_costfalse
template_version_idtrue
build_numberfalse
initiator_idfalse
provisioner_statefalse
reasonfalse
workspace_idfalse
transitionfalse
idfalse
updated_atfalse
deadlinefalse
| +| User |
FieldTracked
created_atfalse
updated_atfalse
deletedtrue
hashed_passwordtrue
login_typefalse
usernametrue
avatar_urlfalse
last_seen_atfalse
idtrue
rbac_rolestrue
emailtrue
statustrue
| +| AuditableGroup |
FieldTracked
quota_allowancetrue
memberstrue
idtrue
nametrue
organization_idfalse
avatar_urltrue
| +| Organization |
FieldTracked
created_atfalse
updated_atfalse
idtrue
nametrue
descriptiontrue
| +| Template |
FieldTracked
allow_user_cancel_workspace_jobstrue
provisionertrue
descriptiontrue
group_acltrue
user_acltrue
created_atfalse
updated_atfalse
icontrue
created_bytrue
deletedfalse
default_ttltrue
nametrue
idtrue
min_autostart_intervaltrue
organization_idfalse
display_nametrue
is_privatetrue
active_version_idtrue
| +| OrganizationMember |
FieldTracked
created_atfalse
updated_atfalse
rolestrue
user_idtrue
organization_idtrue
| +| TemplateVersion |
FieldTracked
created_bytrue
idtrue
readmetrue
job_idfalse
organization_idfalse
created_atfalse
updated_atfalse
nametrue
template_idtrue
| +| Workspace |
FieldTracked
template_idtrue
nametrue
autostart_scheduletrue
idtrue
created_atfalse
ttltrue
updated_atfalse
owner_idtrue
last_used_atfalse
deletedfalse
organization_idfalse
| diff --git a/scripts/auditdocgen/main.go b/scripts/auditdocgen/main.go index 44fa1928c372b..0baea9c4ffdf8 100644 --- a/scripts/auditdocgen/main.go +++ b/scripts/auditdocgen/main.go @@ -3,7 +3,6 @@ package main import ( "bytes" "flag" - "fmt" "log" "os" "strconv" @@ -78,7 +77,6 @@ func readAuditDoc() ([]byte, error) { if err != nil { return nil, err } - fmt.Println("document returned", doc) return doc, nil } From e1a9fbbfe76dff2ae705d0d94652b49bee673243 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Wed, 25 Jan 2023 20:58:49 +0000 Subject: [PATCH 04/14] removed empty block line --- scripts/auditdocgen/main.go | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/auditdocgen/main.go b/scripts/auditdocgen/main.go index 0baea9c4ffdf8..857449604bcc3 100644 --- a/scripts/auditdocgen/main.go +++ b/scripts/auditdocgen/main.go @@ -103,7 +103,6 @@ func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([] buffer.WriteString("|--|-----------------|\n") for resourceName, resourceFields := range auditableResourcesMap { - buffer.Write([]byte("|" + resourceName + "|")) for fieldName, isTracked := range resourceFields { From f2b459593f4e00a20a20b96b62910dad670a803c Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 26 Jan 2023 15:39:31 +0000 Subject: [PATCH 05/14] PR feedback --- docs/admin/audit-logs.md | 16 ++++++++-------- scripts/auditdocgen/main.go | 35 ++++++++++++++++++++--------------- scripts/check_unstaged.sh | 2 +- 3 files changed, 29 insertions(+), 24 deletions(-) diff --git a/docs/admin/audit-logs.md b/docs/admin/audit-logs.md index 2aabc87cbdc96..6de4c8c50023a 100644 --- a/docs/admin/audit-logs.md +++ b/docs/admin/audit-logs.md @@ -11,15 +11,15 @@ We track the following resources: | Resource | | | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| GitSSHKey |
FieldTracked
FieldTracked
public_keytrue
user_idtrue
created_atfalse
updated_atfalse
private_keytrue
| -| WorkspaceBuild |
FieldTracked
job_idfalse
created_atfalse
daily_costfalse
template_version_idtrue
build_numberfalse
initiator_idfalse
provisioner_statefalse
reasonfalse
workspace_idfalse
transitionfalse
idfalse
updated_atfalse
deadlinefalse
| -| User |
FieldTracked
created_atfalse
updated_atfalse
deletedtrue
hashed_passwordtrue
login_typefalse
usernametrue
avatar_urlfalse
last_seen_atfalse
idtrue
rbac_rolestrue
emailtrue
statustrue
| +| User |
FieldTracked
rbac_rolestrue
last_seen_atfalse
hashed_passwordtrue
updated_atfalse
login_typefalse
deletedtrue
statustrue
avatar_urlfalse
emailtrue
usernametrue
created_atfalse
idtrue
| +| Workspace |
FieldTracked
created_atfalse
owner_idtrue
idtrue
nametrue
ttltrue
last_used_atfalse
updated_atfalse
organization_idfalse
template_idtrue
deletedfalse
autostart_scheduletrue
| +| GitSSHKey |
FieldTracked
user_idtrue
created_atfalse
updated_atfalse
private_keytrue
public_keytrue
| +| Organization |
FieldTracked
nametrue
descriptiontrue
created_atfalse
updated_atfalse
idtrue
| | AuditableGroup |
FieldTracked
quota_allowancetrue
memberstrue
idtrue
nametrue
organization_idfalse
avatar_urltrue
| -| Organization |
FieldTracked
created_atfalse
updated_atfalse
idtrue
nametrue
descriptiontrue
| -| Template |
FieldTracked
allow_user_cancel_workspace_jobstrue
provisionertrue
descriptiontrue
group_acltrue
user_acltrue
created_atfalse
updated_atfalse
icontrue
created_bytrue
deletedfalse
default_ttltrue
nametrue
idtrue
min_autostart_intervaltrue
organization_idfalse
display_nametrue
is_privatetrue
active_version_idtrue
| -| OrganizationMember |
FieldTracked
created_atfalse
updated_atfalse
rolestrue
user_idtrue
organization_idtrue
| -| TemplateVersion |
FieldTracked
created_bytrue
idtrue
readmetrue
job_idfalse
organization_idfalse
created_atfalse
updated_atfalse
nametrue
template_idtrue
| -| Workspace |
FieldTracked
template_idtrue
nametrue
autostart_scheduletrue
idtrue
created_atfalse
ttltrue
updated_atfalse
owner_idtrue
last_used_atfalse
deletedfalse
organization_idfalse
| +| Template |
FieldTracked
user_acltrue
idtrue
updated_atfalse
nametrue
created_bytrue
created_atfalse
active_version_idtrue
group_acltrue
provisionertrue
organization_idfalse
display_nametrue
default_ttltrue
descriptiontrue
min_autostart_intervaltrue
deletedfalse
is_privatetrue
allow_user_cancel_workspace_jobstrue
icontrue
| +| WorkspaceBuild |
FieldTracked
updated_atfalse
template_version_idtrue
transitionfalse
provisioner_statefalse
reasonfalse
idfalse
daily_costfalse
deadlinefalse
initiator_idfalse
created_atfalse
workspace_idfalse
job_idfalse
build_numberfalse
| +| TemplateVersion |
FieldTracked
created_atfalse
updated_atfalse
organization_idfalse
template_idtrue
nametrue
readmetrue
created_bytrue
idtrue
job_idfalse
| +| OrganizationMember |
FieldTracked
rolestrue
user_idtrue
organization_idtrue
created_atfalse
updated_atfalse
| diff --git a/scripts/auditdocgen/main.go b/scripts/auditdocgen/main.go index 857449604bcc3..2461807bd4723 100644 --- a/scripts/auditdocgen/main.go +++ b/scripts/auditdocgen/main.go @@ -21,6 +21,20 @@ var ( generatorSuffix = []byte("") ) +/* +* +AuditableResourcesMap is derived from audit.AuditableResources +and has the following structure: + + { + friendlyResourceName: { + fieldName1: isTracked, + fieldName2: isTracked, + ... + }, + ... + } +*/ type AuditableResourcesMap map[string]map[string]bool func main() { @@ -28,10 +42,7 @@ func main() { flag.BoolVar(&dryRun, "dry-run", false, "Dry run") flag.Parse() - auditableResourcesMap, err := readAuditableResources() - if err != nil { - log.Fatal("can't read auditableResources: ", err) - } + auditableResourcesMap := readAuditableResources() doc, err := readAuditDoc() if err != nil { @@ -56,7 +67,7 @@ func main() { // Transforms audit.AuditableResources to AuditableResourcesMap, // which uses friendlier language. -func readAuditableResources() (AuditableResourcesMap, error) { +func readAuditableResources() AuditableResourcesMap { auditableResourcesMap := make(AuditableResourcesMap) for resourceName, resourceFields := range audit.AuditableResources { @@ -68,10 +79,9 @@ func readAuditableResources() (AuditableResourcesMap, error) { } } - return auditableResourcesMap, nil + return auditableResourcesMap } -// Reads the content of docs/admin/audit-logs.md func readAuditDoc() ([]byte, error) { doc, err := os.ReadFile(auditDocFile) if err != nil { @@ -103,10 +113,10 @@ func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([] buffer.WriteString("|--|-----------------|\n") for resourceName, resourceFields := range auditableResourcesMap { - buffer.Write([]byte("|" + resourceName + "|")) + buffer.WriteString("|" + resourceName + "|
FieldTracked
") for fieldName, isTracked := range resourceFields { - buffer.Write([]byte("")) + buffer.WriteString("") } buffer.WriteString("
FieldTracked
" + fieldName + "" + strconv.FormatBool(isTracked) + "
" + fieldName + "" + strconv.FormatBool(isTracked) + "
\n") @@ -117,13 +127,8 @@ func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([] return buffer.Bytes(), nil } -// Updates docs/admin/audit-logs.md with new table content func writeAuditDoc(doc []byte) error { // G306: Expect WriteFile permissions to be 0600 or less /* #nosec G306 */ - err := os.WriteFile(auditDocFile, doc, 0644) - if err != nil { - return err - } - return nil + return os.WriteFile(auditDocFile, doc, 0644) } diff --git a/scripts/check_unstaged.sh b/scripts/check_unstaged.sh index a6de5f0204ef8..cf80235616a54 100755 --- a/scripts/check_unstaged.sh +++ b/scripts/check_unstaged.sh @@ -5,7 +5,7 @@ set -euo pipefail source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" cdroot -FILES="$(git ls-files --other --modified --exclude-standard)" +FILES="$(git ls-files --other --modified --exclude-standard --exclude=“scripts/auditdocgen/main.go”)" if [[ "$FILES" != "" ]]; then mapfile -t files <<<"$FILES" From bcd67a21d5af6cc728475d92480bad9ba9b2c801 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 26 Jan 2023 15:45:12 +0000 Subject: [PATCH 06/14] modify check_unstaged --- scripts/check_unstaged.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/check_unstaged.sh b/scripts/check_unstaged.sh index cf80235616a54..592130179490f 100755 --- a/scripts/check_unstaged.sh +++ b/scripts/check_unstaged.sh @@ -5,7 +5,7 @@ set -euo pipefail source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" cdroot -FILES="$(git ls-files --other --modified --exclude-standard --exclude=“scripts/auditdocgen/main.go”)" +FILES="$(git ls-files --other --modified --exclude-standard -- 'scripts/auditdocgen/main.go')" if [[ "$FILES" != "" ]]; then mapfile -t files <<<"$FILES" From dfe78c3849c1b9c58e63a14717ac7d412cf4fae7 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 26 Jan 2023 15:57:00 +0000 Subject: [PATCH 07/14] third times the charm maybe --- scripts/check_unstaged.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/check_unstaged.sh b/scripts/check_unstaged.sh index 592130179490f..acd3be27a9762 100755 --- a/scripts/check_unstaged.sh +++ b/scripts/check_unstaged.sh @@ -5,7 +5,7 @@ set -euo pipefail source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" cdroot -FILES="$(git ls-files --other --modified --exclude-standard -- 'scripts/auditdocgen/main.go')" +FILES="$(git ls-files --other --modified --exclude-standard -- './audditdocgen/main.go')" if [[ "$FILES" != "" ]]; then mapfile -t files <<<"$FILES" From d9a1ab0bad3e4602923232d0291e4974a6640823 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 26 Jan 2023 16:01:38 +0000 Subject: [PATCH 08/14] spelling --- scripts/check_unstaged.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/check_unstaged.sh b/scripts/check_unstaged.sh index acd3be27a9762..592130179490f 100755 --- a/scripts/check_unstaged.sh +++ b/scripts/check_unstaged.sh @@ -5,7 +5,7 @@ set -euo pipefail source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" cdroot -FILES="$(git ls-files --other --modified --exclude-standard -- './audditdocgen/main.go')" +FILES="$(git ls-files --other --modified --exclude-standard -- 'scripts/auditdocgen/main.go')" if [[ "$FILES" != "" ]]; then mapfile -t files <<<"$FILES" From 1906daa6c91feed552084d6974f43a6be05e9adf Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 26 Jan 2023 16:03:32 +0000 Subject: [PATCH 09/14] relative path --- scripts/check_unstaged.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/check_unstaged.sh b/scripts/check_unstaged.sh index 592130179490f..fff4061bbb5c2 100755 --- a/scripts/check_unstaged.sh +++ b/scripts/check_unstaged.sh @@ -5,7 +5,7 @@ set -euo pipefail source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" cdroot -FILES="$(git ls-files --other --modified --exclude-standard -- 'scripts/auditdocgen/main.go')" +FILES="$(git ls-files --other --modified --exclude-standard -- './scripts/auditdocgen/main.go')" if [[ "$FILES" != "" ]]; then mapfile -t files <<<"$FILES" From a6891dc965cd4e0737d72207446aaf63c6d9c61e Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 26 Jan 2023 16:17:15 +0000 Subject: [PATCH 10/14] excluding from the right script this time --- scripts/check_enterprise_imports.sh | 2 +- scripts/check_unstaged.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/check_enterprise_imports.sh b/scripts/check_enterprise_imports.sh index d89eeed1c0f4d..4aacae53ad869 100755 --- a/scripts/check_enterprise_imports.sh +++ b/scripts/check_enterprise_imports.sh @@ -9,7 +9,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" cdroot set +e -find . -regex ".*\.go" | grep -v "./enterprise" | xargs grep -n "github.com/coder/coder/enterprise" +find . -regex ".*\.go" | grep -v "./enterprise" | grep -v "./scripts/auditdocgen/main.go" | xargs grep -n "github.com/coder/coder/enterprise" # reverse the exit code because we want this script to fail if grep finds anything. status=$? set -e diff --git a/scripts/check_unstaged.sh b/scripts/check_unstaged.sh index fff4061bbb5c2..a6de5f0204ef8 100755 --- a/scripts/check_unstaged.sh +++ b/scripts/check_unstaged.sh @@ -5,7 +5,7 @@ set -euo pipefail source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" cdroot -FILES="$(git ls-files --other --modified --exclude-standard -- './scripts/auditdocgen/main.go')" +FILES="$(git ls-files --other --modified --exclude-standard)" if [[ "$FILES" != "" ]]; then mapfile -t files <<<"$FILES" From be44d6c71889e63579b2963b4012514ed230f6f7 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 26 Jan 2023 19:03:52 +0000 Subject: [PATCH 11/14] sorted resources to ensure table order --- docs/admin/audit-logs.md | 18 +++++++++--------- scripts/auditdocgen/main.go | 17 +++++++++++++++-- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/docs/admin/audit-logs.md b/docs/admin/audit-logs.md index 6de4c8c50023a..82b4c4d339fb7 100644 --- a/docs/admin/audit-logs.md +++ b/docs/admin/audit-logs.md @@ -11,15 +11,15 @@ We track the following resources: | Resource | | | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| User |
FieldTracked
rbac_rolestrue
last_seen_atfalse
hashed_passwordtrue
updated_atfalse
login_typefalse
deletedtrue
statustrue
avatar_urlfalse
emailtrue
usernametrue
created_atfalse
idtrue
| -| Workspace |
FieldTracked
created_atfalse
owner_idtrue
idtrue
nametrue
ttltrue
last_used_atfalse
updated_atfalse
organization_idfalse
template_idtrue
deletedfalse
autostart_scheduletrue
| -| GitSSHKey |
FieldTracked
user_idtrue
created_atfalse
updated_atfalse
private_keytrue
public_keytrue
| -| Organization |
FieldTracked
nametrue
descriptiontrue
created_atfalse
updated_atfalse
idtrue
| -| AuditableGroup |
FieldTracked
quota_allowancetrue
memberstrue
idtrue
nametrue
organization_idfalse
avatar_urltrue
| -| Template |
FieldTracked
user_acltrue
idtrue
updated_atfalse
nametrue
created_bytrue
created_atfalse
active_version_idtrue
group_acltrue
provisionertrue
organization_idfalse
display_nametrue
default_ttltrue
descriptiontrue
min_autostart_intervaltrue
deletedfalse
is_privatetrue
allow_user_cancel_workspace_jobstrue
icontrue
| -| WorkspaceBuild |
FieldTracked
updated_atfalse
template_version_idtrue
transitionfalse
provisioner_statefalse
reasonfalse
idfalse
daily_costfalse
deadlinefalse
initiator_idfalse
created_atfalse
workspace_idfalse
job_idfalse
build_numberfalse
| -| TemplateVersion |
FieldTracked
created_atfalse
updated_atfalse
organization_idfalse
template_idtrue
nametrue
readmetrue
created_bytrue
idtrue
job_idfalse
| -| OrganizationMember |
FieldTracked
rolestrue
user_idtrue
organization_idtrue
created_atfalse
updated_atfalse
| +| AuditableGroup |
FieldTracked
nametrue
organization_idfalse
avatar_urltrue
quota_allowancetrue
memberstrue
idtrue
| +| GitSSHKey |
FieldTracked
public_keytrue
user_idtrue
created_atfalse
updated_atfalse
private_keytrue
| +| Organization |
FieldTracked
updated_atfalse
idtrue
nametrue
descriptiontrue
created_atfalse
| +| OrganizationMember |
FieldTracked
created_atfalse
updated_atfalse
rolestrue
user_idtrue
organization_idtrue
| +| Template |
FieldTracked
min_autostart_intervaltrue
created_bytrue
allow_user_cancel_workspace_jobstrue
idtrue
active_version_idtrue
updated_atfalse
deletedfalse
default_ttltrue
is_privatetrue
created_atfalse
provisionertrue
group_acltrue
descriptiontrue
user_acltrue
organization_idfalse
nametrue
display_nametrue
icontrue
| +| TemplateVersion |
FieldTracked
readmetrue
nametrue
organization_idfalse
updated_atfalse
template_idtrue
job_idfalse
created_atfalse
created_bytrue
idtrue
| +| User |
FieldTracked
statustrue
avatar_urlfalse
login_typefalse
last_seen_atfalse
emailtrue
usernametrue
updated_atfalse
rbac_rolestrue
hashed_passwordtrue
created_atfalse
deletedtrue
idtrue
| +| Workspace |
FieldTracked
autostart_scheduletrue
ttltrue
last_used_atfalse
idtrue
created_atfalse
organization_idfalse
template_idtrue
deletedfalse
updated_atfalse
owner_idtrue
nametrue
| +| WorkspaceBuild |
FieldTracked
deadlinefalse
idfalse
created_atfalse
build_numberfalse
job_idfalse
template_version_idtrue
transitionfalse
provisioner_statefalse
reasonfalse
updated_atfalse
daily_costfalse
workspace_idfalse
initiator_idfalse
| diff --git a/scripts/auditdocgen/main.go b/scripts/auditdocgen/main.go index 2461807bd4723..fc546a6d4d549 100644 --- a/scripts/auditdocgen/main.go +++ b/scripts/auditdocgen/main.go @@ -5,6 +5,7 @@ import ( "flag" "log" "os" + "sort" "strconv" "strings" @@ -93,6 +94,9 @@ func readAuditDoc() ([]byte, error) { // Writes a markdown table of audit log resources to a buffer func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([]byte, error) { + // We must sort the resources to ensure table ordering + resourceNames := sortResources(auditableResourcesMap) + i := bytes.Index(doc, generatorPrefix) if i < 0 { return nil, xerrors.New("generator prefix tag not found") @@ -112,10 +116,10 @@ func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([] buffer.WriteString("|Resource||\n") buffer.WriteString("|--|-----------------|\n") - for resourceName, resourceFields := range auditableResourcesMap { + for _, resourceName := range resourceNames { buffer.WriteString("|" + resourceName + "|") - for fieldName, isTracked := range resourceFields { + for fieldName, isTracked := range auditableResourcesMap[resourceName] { buffer.WriteString("") } @@ -132,3 +136,12 @@ func writeAuditDoc(doc []byte) error { /* #nosec G306 */ return os.WriteFile(auditDocFile, doc, 0644) } + +func sortResources(resourcesMap AuditableResourcesMap) []string { + var resourceNames []string + for key := range resourcesMap { + resourceNames = append(resourceNames, key) + } + sort.Strings(resourceNames) + return resourceNames +} From f96cbe3dcbe4302fa3434d37647823856385806d Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 26 Jan 2023 19:22:46 +0000 Subject: [PATCH 12/14] running make cmd --- docs/admin/audit-logs.md | 18 +++++++++--------- scripts/auditdocgen/main.go | 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/admin/audit-logs.md b/docs/admin/audit-logs.md index 82b4c4d339fb7..953563df28459 100644 --- a/docs/admin/audit-logs.md +++ b/docs/admin/audit-logs.md @@ -11,15 +11,15 @@ We track the following resources: | Resource | | | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| AuditableGroup |
FieldTracked
" + fieldName + "" + strconv.FormatBool(isTracked) + "
FieldTracked
nametrue
organization_idfalse
avatar_urltrue
quota_allowancetrue
memberstrue
idtrue
| -| GitSSHKey |
FieldTracked
public_keytrue
user_idtrue
created_atfalse
updated_atfalse
private_keytrue
| -| Organization |
FieldTracked
updated_atfalse
idtrue
nametrue
descriptiontrue
created_atfalse
| -| OrganizationMember |
FieldTracked
created_atfalse
updated_atfalse
rolestrue
user_idtrue
organization_idtrue
| -| Template |
FieldTracked
min_autostart_intervaltrue
created_bytrue
allow_user_cancel_workspace_jobstrue
idtrue
active_version_idtrue
updated_atfalse
deletedfalse
default_ttltrue
is_privatetrue
created_atfalse
provisionertrue
group_acltrue
descriptiontrue
user_acltrue
organization_idfalse
nametrue
display_nametrue
icontrue
| -| TemplateVersion |
FieldTracked
readmetrue
nametrue
organization_idfalse
updated_atfalse
template_idtrue
job_idfalse
created_atfalse
created_bytrue
idtrue
| -| User |
FieldTracked
statustrue
avatar_urlfalse
login_typefalse
last_seen_atfalse
emailtrue
usernametrue
updated_atfalse
rbac_rolestrue
hashed_passwordtrue
created_atfalse
deletedtrue
idtrue
| -| Workspace |
FieldTracked
autostart_scheduletrue
ttltrue
last_used_atfalse
idtrue
created_atfalse
organization_idfalse
template_idtrue
deletedfalse
updated_atfalse
owner_idtrue
nametrue
| -| WorkspaceBuild |
FieldTracked
deadlinefalse
idfalse
created_atfalse
build_numberfalse
job_idfalse
template_version_idtrue
transitionfalse
provisioner_statefalse
reasonfalse
updated_atfalse
daily_costfalse
workspace_idfalse
initiator_idfalse
| +| AuditableGroup |
FieldTracked
organization_idfalse
avatar_urltrue
quota_allowancetrue
memberstrue
idtrue
nametrue
| +| GitSSHKey |
FieldTracked
private_keytrue
public_keytrue
user_idtrue
created_atfalse
updated_atfalse
| +| Organization |
FieldTracked
created_atfalse
updated_atfalse
idtrue
nametrue
descriptiontrue
| +| OrganizationMember |
FieldTracked
user_idtrue
organization_idtrue
created_atfalse
updated_atfalse
rolestrue
| +| Template |
FieldTracked
min_autostart_intervaltrue
organization_idfalse
allow_user_cancel_workspace_jobstrue
active_version_idtrue
is_privatetrue
deletedfalse
default_ttltrue
user_acltrue
created_atfalse
icontrue
updated_atfalse
nametrue
display_nametrue
created_bytrue
idtrue
provisionertrue
group_acltrue
descriptiontrue
| +| TemplateVersion |
FieldTracked
idtrue
organization_idfalse
created_atfalse
created_bytrue
updated_atfalse
nametrue
readmetrue
job_idfalse
template_idtrue
| +| User |
FieldTracked
emailtrue
hashed_passwordtrue
avatar_urlfalse
idtrue
last_seen_atfalse
deletedtrue
usernametrue
created_atfalse
login_typefalse
updated_atfalse
statustrue
rbac_rolestrue
| +| Workspace |
FieldTracked
updated_atfalse
organization_idfalse
deletedfalse
ttltrue
last_used_atfalse
created_atfalse
autostart_scheduletrue
nametrue
idtrue
owner_idtrue
template_idtrue
| +| WorkspaceBuild |
FieldTracked
initiator_idfalse
job_idfalse
daily_costfalse
created_atfalse
build_numberfalse
transitionfalse
deadlinefalse
reasonfalse
idfalse
updated_atfalse
provisioner_statefalse
template_version_idtrue
workspace_idfalse
| diff --git a/scripts/auditdocgen/main.go b/scripts/auditdocgen/main.go index fc546a6d4d549..056437d91f612 100644 --- a/scripts/auditdocgen/main.go +++ b/scripts/auditdocgen/main.go @@ -95,7 +95,7 @@ func readAuditDoc() ([]byte, error) { // Writes a markdown table of audit log resources to a buffer func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([]byte, error) { // We must sort the resources to ensure table ordering - resourceNames := sortResources(auditableResourcesMap) + sortedResourceNames := sortResources(auditableResourcesMap) i := bytes.Index(doc, generatorPrefix) if i < 0 { @@ -116,7 +116,7 @@ func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([] buffer.WriteString("|Resource||\n") buffer.WriteString("|--|-----------------|\n") - for _, resourceName := range resourceNames { + for _, resourceName := range sortedResourceNames { buffer.WriteString("|" + resourceName + "|") for fieldName, isTracked := range auditableResourcesMap[resourceName] { From 0e1903d55c2f48bd1a6f3079bfc2e1572bf3bd35 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 26 Jan 2023 19:31:00 +0000 Subject: [PATCH 13/14] running make again --- docs/admin/audit-logs.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/admin/audit-logs.md b/docs/admin/audit-logs.md index 953563df28459..097baa8ba8f75 100644 --- a/docs/admin/audit-logs.md +++ b/docs/admin/audit-logs.md @@ -11,15 +11,15 @@ We track the following resources: | Resource | | | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| AuditableGroup |
FieldTracked
FieldTracked
organization_idfalse
avatar_urltrue
quota_allowancetrue
memberstrue
idtrue
nametrue
| -| GitSSHKey |
FieldTracked
private_keytrue
public_keytrue
user_idtrue
created_atfalse
updated_atfalse
| -| Organization |
FieldTracked
created_atfalse
updated_atfalse
idtrue
nametrue
descriptiontrue
| -| OrganizationMember |
FieldTracked
user_idtrue
organization_idtrue
created_atfalse
updated_atfalse
rolestrue
| -| Template |
FieldTracked
min_autostart_intervaltrue
organization_idfalse
allow_user_cancel_workspace_jobstrue
active_version_idtrue
is_privatetrue
deletedfalse
default_ttltrue
user_acltrue
created_atfalse
icontrue
updated_atfalse
nametrue
display_nametrue
created_bytrue
idtrue
provisionertrue
group_acltrue
descriptiontrue
| -| TemplateVersion |
FieldTracked
idtrue
organization_idfalse
created_atfalse
created_bytrue
updated_atfalse
nametrue
readmetrue
job_idfalse
template_idtrue
| -| User |
FieldTracked
emailtrue
hashed_passwordtrue
avatar_urlfalse
idtrue
last_seen_atfalse
deletedtrue
usernametrue
created_atfalse
login_typefalse
updated_atfalse
statustrue
rbac_rolestrue
| -| Workspace |
FieldTracked
updated_atfalse
organization_idfalse
deletedfalse
ttltrue
last_used_atfalse
created_atfalse
autostart_scheduletrue
nametrue
idtrue
owner_idtrue
template_idtrue
| -| WorkspaceBuild |
FieldTracked
initiator_idfalse
job_idfalse
daily_costfalse
created_atfalse
build_numberfalse
transitionfalse
deadlinefalse
reasonfalse
idfalse
updated_atfalse
provisioner_statefalse
template_version_idtrue
workspace_idfalse
| +| AuditableGroup |
FieldTracked
avatar_urltrue
quota_allowancetrue
memberstrue
idtrue
nametrue
organization_idfalse
| +| GitSSHKey |
FieldTracked
public_keytrue
user_idtrue
created_atfalse
updated_atfalse
private_keytrue
| +| Organization |
FieldTracked
descriptiontrue
created_atfalse
updated_atfalse
idtrue
nametrue
| +| OrganizationMember |
FieldTracked
updated_atfalse
rolestrue
user_idtrue
organization_idtrue
created_atfalse
| +| Template |
FieldTracked
idtrue
organization_idfalse
updated_atfalse
icontrue
display_nametrue
group_acltrue
default_ttltrue
is_privatetrue
deletedfalse
created_atfalse
nametrue
active_version_idtrue
descriptiontrue
min_autostart_intervaltrue
created_bytrue
allow_user_cancel_workspace_jobstrue
provisionertrue
user_acltrue
| +| TemplateVersion |
FieldTracked
nametrue
created_bytrue
updated_atfalse
template_idtrue
job_idfalse
idtrue
organization_idfalse
created_atfalse
readmetrue
| +| User |
FieldTracked
avatar_urlfalse
deletedtrue
created_atfalse
statustrue
rbac_rolestrue
last_seen_atfalse
idtrue
login_typefalse
hashed_passwordtrue
updated_atfalse
usernametrue
emailtrue
| +| Workspace |
FieldTracked
ttltrue
idtrue
organization_idfalse
autostart_scheduletrue
created_atfalse
template_idtrue
deletedfalse
last_used_atfalse
updated_atfalse
nametrue
owner_idtrue
| +| WorkspaceBuild |
FieldTracked
initiator_idfalse
provisioner_statefalse
idfalse
created_atfalse
daily_costfalse
build_numberfalse
job_idfalse
deadlinefalse
reasonfalse
updated_atfalse
workspace_idfalse
template_version_idtrue
transitionfalse
| From f3ec8f5820677ddb2fbd934ece1d0e68eb487ad7 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Thu, 26 Jan 2023 20:13:56 +0000 Subject: [PATCH 14/14] ensuring order on subtable --- docs/admin/audit-logs.md | 18 +++++++++--------- scripts/auditdocgen/main.go | 20 ++++++++++++-------- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/docs/admin/audit-logs.md b/docs/admin/audit-logs.md index 097baa8ba8f75..cf7bbca36a0e8 100644 --- a/docs/admin/audit-logs.md +++ b/docs/admin/audit-logs.md @@ -11,15 +11,15 @@ We track the following resources: | Resource | | | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| AuditableGroup |
FieldTracked
avatar_urltrue
quota_allowancetrue
memberstrue
idtrue
nametrue
organization_idfalse
| -| GitSSHKey |
FieldTracked
public_keytrue
user_idtrue
created_atfalse
updated_atfalse
private_keytrue
| -| Organization |
FieldTracked
descriptiontrue
created_atfalse
updated_atfalse
idtrue
nametrue
| -| OrganizationMember |
FieldTracked
updated_atfalse
rolestrue
user_idtrue
organization_idtrue
created_atfalse
| -| Template |
FieldTracked
idtrue
organization_idfalse
updated_atfalse
icontrue
display_nametrue
group_acltrue
default_ttltrue
is_privatetrue
deletedfalse
created_atfalse
nametrue
active_version_idtrue
descriptiontrue
min_autostart_intervaltrue
created_bytrue
allow_user_cancel_workspace_jobstrue
provisionertrue
user_acltrue
| -| TemplateVersion |
FieldTracked
nametrue
created_bytrue
updated_atfalse
template_idtrue
job_idfalse
idtrue
organization_idfalse
created_atfalse
readmetrue
| -| User |
FieldTracked
avatar_urlfalse
deletedtrue
created_atfalse
statustrue
rbac_rolestrue
last_seen_atfalse
idtrue
login_typefalse
hashed_passwordtrue
updated_atfalse
usernametrue
emailtrue
| -| Workspace |
FieldTracked
ttltrue
idtrue
organization_idfalse
autostart_scheduletrue
created_atfalse
template_idtrue
deletedfalse
last_used_atfalse
updated_atfalse
nametrue
owner_idtrue
| -| WorkspaceBuild |
FieldTracked
initiator_idfalse
provisioner_statefalse
idfalse
created_atfalse
daily_costfalse
build_numberfalse
job_idfalse
deadlinefalse
reasonfalse
updated_atfalse
workspace_idfalse
template_version_idtrue
transitionfalse
| +| AuditableGroup |
FieldTracked
avatar_urltrue
idtrue
memberstrue
nametrue
organization_idfalse
quota_allowancetrue
| +| GitSSHKey |
FieldTracked
created_atfalse
private_keytrue
public_keytrue
updated_atfalse
user_idtrue
| +| Organization |
FieldTracked
created_atfalse
descriptiontrue
idtrue
nametrue
updated_atfalse
| +| OrganizationMember |
FieldTracked
created_atfalse
organization_idtrue
rolestrue
updated_atfalse
user_idtrue
| +| Template |
FieldTracked
active_version_idtrue
allow_user_cancel_workspace_jobstrue
created_atfalse
created_bytrue
default_ttltrue
deletedfalse
descriptiontrue
display_nametrue
group_acltrue
icontrue
idtrue
is_privatetrue
min_autostart_intervaltrue
nametrue
organization_idfalse
provisionertrue
updated_atfalse
user_acltrue
| +| TemplateVersion |
FieldTracked
created_atfalse
created_bytrue
idtrue
job_idfalse
nametrue
organization_idfalse
readmetrue
template_idtrue
updated_atfalse
| +| User |
FieldTracked
avatar_urlfalse
created_atfalse
deletedtrue
emailtrue
hashed_passwordtrue
idtrue
last_seen_atfalse
login_typefalse
rbac_rolestrue
statustrue
updated_atfalse
usernametrue
| +| Workspace |
FieldTracked
autostart_scheduletrue
created_atfalse
deletedfalse
idtrue
last_used_atfalse
nametrue
organization_idfalse
owner_idtrue
template_idtrue
ttltrue
updated_atfalse
| +| WorkspaceBuild |
FieldTracked
build_numberfalse
created_atfalse
daily_costfalse
deadlinefalse
idfalse
initiator_idfalse
job_idfalse
provisioner_statefalse
reasonfalse
template_version_idtrue
transitionfalse
updated_atfalse
workspace_idfalse
| diff --git a/scripts/auditdocgen/main.go b/scripts/auditdocgen/main.go index 056437d91f612..4a304ad6645a8 100644 --- a/scripts/auditdocgen/main.go +++ b/scripts/auditdocgen/main.go @@ -95,7 +95,7 @@ func readAuditDoc() ([]byte, error) { // Writes a markdown table of audit log resources to a buffer func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([]byte, error) { // We must sort the resources to ensure table ordering - sortedResourceNames := sortResources(auditableResourcesMap) + sortedResourceNames := sortKeys(auditableResourcesMap) i := bytes.Index(doc, generatorPrefix) if i < 0 { @@ -119,7 +119,11 @@ func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([] for _, resourceName := range sortedResourceNames { buffer.WriteString("|" + resourceName + "|") - for fieldName, isTracked := range auditableResourcesMap[resourceName] { + // We must sort the field names to ensure sub-table ordering + sortedFieldNames := sortKeys(auditableResourcesMap[resourceName]) + + for _, fieldName := range sortedFieldNames { + isTracked := auditableResourcesMap[resourceName][fieldName] buffer.WriteString("") } @@ -137,11 +141,11 @@ func writeAuditDoc(doc []byte) error { return os.WriteFile(auditDocFile, doc, 0644) } -func sortResources(resourcesMap AuditableResourcesMap) []string { - var resourceNames []string - for key := range resourcesMap { - resourceNames = append(resourceNames, key) +func sortKeys[T any](stringMap map[string]T) []string { + var keyNames []string + for key := range stringMap { + keyNames = append(keyNames, key) } - sort.Strings(resourceNames) - return resourceNames + sort.Strings(keyNames) + return keyNames }
FieldTracked
" + fieldName + "" + strconv.FormatBool(isTracked) + "