chore: update Audit docs to include Audit Actions #5887
- Loading branch information
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,8 +4,26 @@ import ( | |
| "reflect" | ||
|
|
||
| "github.com/coder/coder/coderd/database" | ||
| "github.com/coder/coder/codersdk" | ||
| ) | ||
|
|
||
| // This mapping creates a relationship between an Auditable Resource | ||
| // and the Audit Actions we track for that resource. | ||
| // It is important to maintain this mapping when adding a new Auditable Resource to the | ||
| // AuditableResources map (below) as our documentation - generated in scripts/auditdocgen/main.go - | ||
| // depends upon it. | ||
| var AuditActionMap = map[string][]string{ | ||
| "GitSSHKey": {string(codersdk.AuditActionCreate)}, | ||
| "OrganizationMember": {}, | ||
| "Organization": {}, | ||
| "Template": {string(codersdk.AuditActionWrite), string(codersdk.AuditActionDelete)}, | ||
| "TemplateVersion": {string(codersdk.AuditActionCreate), string(codersdk.AuditActionWrite)}, | ||
| "User": {string(codersdk.AuditActionCreate), string(codersdk.AuditActionWrite), string(codersdk.AuditActionDelete)}, | ||
| "Workspace": {string(codersdk.AuditActionCreate), string(codersdk.AuditActionWrite), string(codersdk.AuditActionDelete)}, | ||
| "WorkspaceBuild": {string(codersdk.AuditActionStart), string(codersdk.AuditActionStop)}, | ||
| "AuditableGroup": {string(codersdk.AuditActionCreate), string(codersdk.AuditActionWrite), string(codersdk.AuditActionDelete)}, | ||
| } | ||
|
|
||
|
There was a problem hiding this comment. @coadler if you can think of a better way to get this relationship rather than maintaining this map, I'm all ears. There was a problem hiding this comment. I think this is the best way currently! There was a problem hiding this comment. Not blocking this PR, but would be beneficial as a next step: What would make sense now is refactoring the rest of the codebase to use only this map to figure out the There was a problem hiding this comment. @mtojek @coadler When we make an audit request for a resource, we pass an action. I could grab the action from this new map. This would be a quick update, but would touch every audit request in the code base. Otherwise, I can explore the unit test that looks at the keys in Let me know which approach seems better. |
||
| type Action string | ||
|
|
||
| const ( | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think we can just keep it as
map[string][]Action{}?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mtojek The reason I didn't do that is because then, in the script, we must range over each Action and convert it to a string, which seemed like extra computation, and since this data structure is only used for that purpose, I thought it might be better to just have it in the format that is easiest for lookup. Let me know if you think this is a suboptimal approach - I'm happy to change it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are only a few items on this array, so I'm pretty sure that we won't notice the performance drop :) I think that's safe to adjust it.