Skip to content

add: admin field/audit log mappings #1146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 10, 2022
Merged

add: admin field/audit log mappings #1146

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e1bd0ae
add: admin field/audit log mappings
ericpaulsen Oct 7, 2022
87fa3ac
add: note on undocumented fields
ericpaulsen Oct 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 74 additions & 0 deletions admin/audit.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,3 +58,77 @@ actions included:
- `view`: the Coder CLI used a secret
- `write`: the user made a change to a Coder entity (e.g., workspace, user,
resource pool, etc.)

## Admin logged events

With the exception of a few, logged events made by Admin panel changes will output
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we document the exception?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should, but those will be added soon, so we'd have to go back and remove it. i'm thinking whatever is not documenting isn't logged. what do you think?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's fair.

the changed field(s) and the new, corresponding value. Below is the expected
(example) output for each Admin panel change.

> The Admin fields not documented below currently do not output a field/diff.

### Infrastructure

**Admin Setting** | **Action** | **Target** | **Field** | **Diff**
------|------|------|------|------
Access URL | Write | infrastructure | access URL | `coder.com`
GPU Vendor | Write | infrastructure | gpu vendor | `amd/nvidia/none`
Enable container-based virtual machines | Write | infrastructure | enable container vms| `true/false`
Enable caching | Write | infrastructure | enabled cached container vms | `true/false`
Enable auto loading of `shiftfs` kernel module | Write | infrastructure | enable load shiftfs | `true/false`
Default to container-based virtual machines | Write | infrastructure | default container vms | `true/false`
Enable self-contained workspace builds | Write | features | coder agent pull assets | `enabled/disabled`
Enable workspace process logging | Write | features | exectrace | `enabled/disabled`
Enable TUN device | Write | features | fuse device | `enabled/disabled`
Enable FUSE device | Write | features | tun device | `enabled/disabled`
Enable default registry | Write | infrastructure | default registry enabled | `true/false`
Enable ECR IAM role authentication | Write |features | ecr auth irsa | `enabled/disabled`
Enable AAD authentication for ACR | Write | features | azure auth aad | `enabled/disabled`
Enable fallback shell support for K8s | Write | features | |
Extension marketplace type | Write | * | ext marketplace type | `public/custom`
Dev URL access permissions | Write | devurl access | public/org/authed/ | `true/false`
Enable memory overprovisioning | Write | infrastructure | memory overprovisioning enabled | `true/false`

### Git OAuth

| **Admin Setting** | **Action** | **Target** | **Field** | **Diff** |
|------|------|------|------|------|
| Client ID | Write | oauth configs | client id| `0fb2...7a4a` |
| Client Secret | Write | oauth configs | client secret | `******` |
| Description | Write | oauth configs | description | `example` |
|Name | Write | oauth configs | name | `GitHub` |
| Provider |Write | oauth configs |service type | `github/gitlab` |
| URL | Write| oauth configs | URL host | `host.com`

### Appearance

| **Admin Setting** | **Action** | **Target** | **Field** | **Diff** |
|------|------|------|------|------|
| System Banner | Write | system banner | enabled | `true/false` |
| Background color | Write | system banner | color bg | `#9A4967` |
| Footer | Write | system banner | text footer | `UNCLASSIFIED` |
| Header | Write | system banner | text header | `UNCLASSIFIED` |
| Service Banner | Write | appearance | svc banner enabled | `true/false` |
| Background color | Write | appearance | svc banner color bg | `#18382D` |
| Message | Write | appearance | svc banner body | `Maintenance 9:01PM` |
| Terms of Service | Write | appearance | tos body | `Accept Terms & Conditions` |
| Text field | Write | appearance | tos enabled | `true/false` |

### Telemetry

| **Admin Setting** | **Action** | **Target** | **Field** | **Diff** |
|------|------|------|------|------|
| Send crash reports | Write | telemetry | crash reports enabled | `true/false` |
| Send usage telemetry | Write | telemetry | enhanced telemetry enabled| `true/false` |
| Send enhanced usage telemetry | Write | telemetry | telemetry enabled | `true/false` |

### Templates

> The template policy dropdown will provide a unique `commit`/`hash` for the
> uploaded file. If file is uploaded from disk, then `file path`/`git ref` will
> be `local`.

| **Admin Setting** | **Action** | **Target** | **Field** | **Diff** |
|------|------|------|------|------|
| Enable workspace templates | Write | infrastructure | enable workspaces as code | `true/false` |
| Template policy | Write | local | commit/file hash/filepath/git ref/From | `0000...0000`/`ed19...843b`/`local`/`local`/`User`|