From 97d63976ec4038a1ebdcaedfb7edb91e6313f0ed Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Tue, 6 Aug 2024 15:52:32 -0400 Subject: [PATCH 01/16] Enabling auditlog featureflag by default --- cmd/frontend/backend/user_emails.go | 6 +++--- cmd/frontend/graphqlbackend/external_services.go | 6 +++--- cmd/frontend/graphqlbackend/org.go | 6 +++--- cmd/frontend/graphqlbackend/orgs.go | 2 +- cmd/frontend/graphqlbackend/outbound_requests.go | 4 ++-- cmd/frontend/graphqlbackend/site.go | 6 +++--- cmd/frontend/graphqlbackend/user.go | 6 +++--- .../internal/dotcom/productsubscription/licenses_db.go | 4 ++-- .../dotcom/productsubscription/subscriptions_db.go | 8 ++++---- 9 files changed, 24 insertions(+), 24 deletions(-) diff --git a/cmd/frontend/backend/user_emails.go b/cmd/frontend/backend/user_emails.go index b0542e556d4b..c1a0cd734827 100644 --- a/cmd/frontend/backend/user_emails.go +++ b/cmd/frontend/backend/user_emails.go @@ -92,7 +92,7 @@ func (e *userEmails) Add(ctx context.Context, userID int32, email string) error return err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { arguments := struct { UserID int32 `json:"UserID"` Email string `json:"email"` @@ -147,7 +147,7 @@ func (e *userEmails) Remove(ctx context.Context, userID int32, email string) err if err := tx.UserEmails().Remove(ctx, userID, email); err != nil { return errors.Wrap(err, "removing user e-mail") } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { arguments := struct { UserID int32 `json:"UserID"` Email string `json:"email"` @@ -263,7 +263,7 @@ func (e *userEmails) SetVerified(ctx context.Context, userID int32, email string Email: email, Verified: verified, } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log action of email being verified/unverified if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailVerifiedToggle, "", uint32(userID), "", "BACKEND", arguments); err != nil { diff --git a/cmd/frontend/graphqlbackend/external_services.go b/cmd/frontend/graphqlbackend/external_services.go index fb869723d386..4922fca29e33 100644 --- a/cmd/frontend/graphqlbackend/external_services.go +++ b/cmd/frontend/graphqlbackend/external_services.go @@ -80,7 +80,7 @@ func (r *schemaResolver) AddExternalService(ctx context.Context, args *addExtern return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { arg := struct { Kind string @@ -196,7 +196,7 @@ func (r *schemaResolver) UpdateExternalService(ctx context.Context, args *update logger.Warn("Failed to get new redacted config", log.Error(err)) } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { arg := struct { ID graphql.ID DisplayName *string @@ -344,7 +344,7 @@ func (r *schemaResolver) DeleteExternalService(ctx context.Context, args *delete } } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { arguments := struct { GraphQLID graphql.ID `json:"GraphQL ID"` ExternalServiceID int64 `json:"External Service ID"` diff --git a/cmd/frontend/graphqlbackend/org.go b/cmd/frontend/graphqlbackend/org.go index 4bf850c7ba56..ace7d44e54a1 100644 --- a/cmd/frontend/graphqlbackend/org.go +++ b/cmd/frontend/graphqlbackend/org.go @@ -28,7 +28,7 @@ func (r *schemaResolver) Organization(ctx context.Context, args struct{ Name str return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log action for siteadmin viewing an organization's details if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { r.logger.Warn("Error logging security event", log.Error(err)) @@ -273,7 +273,7 @@ func (r *schemaResolver) CreateOrganization(ctx context.Context, args *struct { return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when a new organization being created if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { r.logger.Warn("Error logging security event", log.Error(err)) @@ -311,7 +311,7 @@ func (r *schemaResolver) UpdateOrganization(ctx context.Context, args *struct { return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when organization settings are updated if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { r.logger.Warn("Error logging security event", log.Error(err)) diff --git a/cmd/frontend/graphqlbackend/orgs.go b/cmd/frontend/graphqlbackend/orgs.go index a85edb935dcb..44a110e841f8 100644 --- a/cmd/frontend/graphqlbackend/orgs.go +++ b/cmd/frontend/graphqlbackend/orgs.go @@ -47,7 +47,7 @@ func (r *orgConnectionResolver) Nodes(ctx context.Context) ([]*OrgResolver, erro org: org, }) } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when listing organizations. if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgListViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { diff --git a/cmd/frontend/graphqlbackend/outbound_requests.go b/cmd/frontend/graphqlbackend/outbound_requests.go index e0f718e0f2c1..a87928f7893b 100644 --- a/cmd/frontend/graphqlbackend/outbound_requests.go +++ b/cmd/frontend/graphqlbackend/outbound_requests.go @@ -65,7 +65,7 @@ func (r *schemaResolver) OutboundRequests(ctx context.Context, args *outboundReq after = "" } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an even when Outbound requests are viewed if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { @@ -90,7 +90,7 @@ func (r *schemaResolver) outboundRequestByID(ctx context.Context, id graphql.ID) return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an even when Outbound requests are viewed if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", graphql.ID(key)); err != nil { diff --git a/cmd/frontend/graphqlbackend/site.go b/cmd/frontend/graphqlbackend/site.go index 50e27f63ca73..d698677c7a9e 100644 --- a/cmd/frontend/graphqlbackend/site.go +++ b/cmd/frontend/graphqlbackend/site.go @@ -112,7 +112,7 @@ func (r *siteResolver) Configuration(ctx context.Context, args *SiteConfiguratio // The only way a non-admin can access this field is when `returnSafeConfigsOnly` // is set to true. if returnSafeConfigsOnly { - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when site config is viewed by non-admin user. if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigRedactedViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { @@ -123,7 +123,7 @@ func (r *siteResolver) Configuration(ctx context.Context, args *SiteConfiguratio } return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when site config is viewed by admin user. if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { @@ -340,7 +340,7 @@ func (r *schemaResolver) UpdateSiteConfiguration(ctx context.Context, args *stru return false, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when site config is updated if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { diff --git a/cmd/frontend/graphqlbackend/user.go b/cmd/frontend/graphqlbackend/user.go index 4c508e653348..d5d2a770f3c6 100644 --- a/cmd/frontend/graphqlbackend/user.go +++ b/cmd/frontend/graphqlbackend/user.go @@ -491,7 +491,7 @@ func (r *schemaResolver) UpdateUser(ctx context.Context, args *updateUserArgs) ( if err := r.db.Users().Update(ctx, userID, update); err != nil { return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when a user account is modified/updated if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameAccountModified, "", uint32(userID), "", "BACKEND", args); err != nil { r.logger.Error("Error logging security event", log.Error(err)) @@ -878,7 +878,7 @@ func (r *schemaResolver) SetUserCompletionsQuota(ctx context.Context, args SetUs log.Int("targetUserID", int(user.ID)), log.Intp("oldQuota", oldQuota), log.Intp("newQuota", newQuota)) - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil { r.logger.Error("Error logging security event", log.Error(err)) } @@ -920,7 +920,7 @@ func (r *schemaResolver) SetUserCodeCompletionsQuota(ctx context.Context, args S if err := r.db.Users().SetCodeCompletionsQuota(ctx, user.ID, quota); err != nil { return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when user's code completions quota is updated if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCodeCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil { diff --git a/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go b/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go index 1dbdcb2c2fae..534d03da9435 100644 --- a/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go +++ b/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go @@ -103,7 +103,7 @@ func (s dbLicenses) Create(ctx context.Context, subscriptionID, licenseKey strin return "", errors.Wrap(err, "insert") } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { arg := struct { SubscriptionID string `json:"subscriptionID"` NewUUID uuid.UUID `json:"newUUID"` @@ -390,7 +390,7 @@ ORDER BY created_at DESC results = append(results, &v) } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when liscense list is viewed in Dotcom if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", q.Args()); err != nil { logger.Warn("Error logging security event", log.Error(err)) diff --git a/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go b/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go index ee24a62d02ca..7c9755599f72 100644 --- a/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go +++ b/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go @@ -96,7 +96,7 @@ INSERT INTO product_subscriptions(id, user_id, account_number) VALUES($1, $2, $3 ).Scan(&id); err != nil { return "", errors.Wrap(err, "insert") } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when a new subscription is created. if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionCreated, "", uint32(userID), "", "BACKEND", newUUID); err != nil { logger.Warn("Error logging security event", log.Error(err)) @@ -152,7 +152,7 @@ func (s dbSubscriptions) List(ctx context.Context, opt dbSubscriptionsListOption if mocks.subscriptions.List != nil { return mocks.subscriptions.List(ctx, opt) } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when a list of subscriptions is requested. if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionsListed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", opt); err != nil { logger.Warn("Error logging security event", log.Error(err)) @@ -307,7 +307,7 @@ func (s dbSubscriptions) Update(ctx context.Context, id string, update DBSubscri if nrows == 0 { return errSubscriptionNotFound } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when a subscription is updated if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil { logger.Warn("Error logging security event", log.Error(err)) @@ -338,7 +338,7 @@ func (s dbSubscriptions) Archive(ctx context.Context, id string) error { if nrows == 0 { return errSubscriptionNotFound } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", false) { + if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { // Log an event when a subscription is archived if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionArchived, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil { logger.Warn("Error logging security event", log.Error(err)) From f189242f3ca178135de2088a4227b1f2ad8a787b Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Wed, 7 Aug 2024 16:36:01 -0400 Subject: [PATCH 02/16] removing feature flag --- client/web/src/featureFlags/featureFlags.ts | 1 - cmd/frontend/backend/user_emails.go | 56 ++++++------ .../graphqlbackend/external_services.go | 88 +++++++++---------- cmd/frontend/graphqlbackend/org.go | 26 +++--- cmd/frontend/graphqlbackend/orgs.go | 10 +-- .../graphqlbackend/outbound_requests.go | 21 ++--- cmd/frontend/graphqlbackend/site.go | 29 +++--- cmd/frontend/graphqlbackend/user.go | 27 +++--- .../dotcom/productsubscription/licenses_db.go | 32 +++---- .../productsubscription/subscriptions_db.go | 37 ++++---- 10 files changed, 141 insertions(+), 186 deletions(-) diff --git a/client/web/src/featureFlags/featureFlags.ts b/client/web/src/featureFlags/featureFlags.ts index bd1a77e39f73..d3d3dc2ce234 100644 --- a/client/web/src/featureFlags/featureFlags.ts +++ b/client/web/src/featureFlags/featureFlags.ts @@ -6,7 +6,6 @@ import type { OrgFeatureFlagOverridesResult, OrgFeatureFlagOverridesVariables } export const FEATURE_FLAGS = [ 'admin-analytics-cache-disabled', 'admin-onboarding', - 'auditlog-expansion', 'blob-page-switch-areas-shortcuts', 'cody-chat-mock-test', 'contrast-compliant-syntax-highlighting', diff --git a/cmd/frontend/backend/user_emails.go b/cmd/frontend/backend/user_emails.go index c1a0cd734827..5119ea6989b0 100644 --- a/cmd/frontend/backend/user_emails.go +++ b/cmd/frontend/backend/user_emails.go @@ -19,7 +19,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/dotcom" "github.com/sourcegraph/sourcegraph/internal/errcode" "github.com/sourcegraph/sourcegraph/internal/extsvc" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/txemail" "github.com/sourcegraph/sourcegraph/internal/txemail/txtypes" "github.com/sourcegraph/sourcegraph/internal/types" @@ -92,19 +91,16 @@ func (e *userEmails) Add(ctx context.Context, userID int32, email string) error return err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - arguments := struct { - UserID int32 `json:"UserID"` - Email string `json:"email"` - }{ - UserID: userID, - Email: email, - } - // Log action of new email being added to user profile - if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailAdded, "", uint32(userID), "", "BACKEND", arguments); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } - + arguments := struct { + UserID int32 `json:"UserID"` + Email string `json:"email"` + }{ + UserID: userID, + Email: email, + } + // Log action of new email being added to user profile + if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailAdded, "", uint32(userID), "", "BACKEND", arguments); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } if conf.EmailVerificationRequired() { @@ -147,21 +143,20 @@ func (e *userEmails) Remove(ctx context.Context, userID int32, email string) err if err := tx.UserEmails().Remove(ctx, userID, email); err != nil { return errors.Wrap(err, "removing user e-mail") } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - arguments := struct { - UserID int32 `json:"UserID"` - Email string `json:"email"` - }{ - UserID: userID, - Email: email, - } - // Log action of email being removed from user profile - if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailRemoved, "", uint32(userID), "", "BACKEND", arguments); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + arguments := struct { + UserID int32 `json:"UserID"` + Email string `json:"email"` + }{ + UserID: userID, + Email: email, + } + // Log action of email being removed from user profile + if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailRemoved, "", uint32(userID), "", "BACKEND", arguments); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + // 🚨 SECURITY: If an email is removed, invalidate any existing password reset // tokens that may have been sent to that email. if err := tx.Users().DeletePasswordResetCode(ctx, userID); err != nil { @@ -263,13 +258,12 @@ func (e *userEmails) SetVerified(ctx context.Context, userID int32, email string Email: email, Verified: verified, } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log action of email being verified/unverified - if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailVerifiedToggle, "", uint32(userID), "", "BACKEND", arguments); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + // Log action of email being verified/unverified + if err := e.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameEmailVerifiedToggle, "", uint32(userID), "", "BACKEND", arguments); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + // Eagerly attempt to sync permissions again. This needs to happen _after_ the // transaction has committed so that it takes into account any changes triggered // by changes in the verification status of the e-mail. diff --git a/cmd/frontend/graphqlbackend/external_services.go b/cmd/frontend/graphqlbackend/external_services.go index 4922fca29e33..9fd1227126f0 100644 --- a/cmd/frontend/graphqlbackend/external_services.go +++ b/cmd/frontend/graphqlbackend/external_services.go @@ -23,7 +23,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/conf" "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/extsvc" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/repos" "github.com/sourcegraph/sourcegraph/internal/repoupdater" "github.com/sourcegraph/sourcegraph/internal/trace" @@ -80,22 +79,20 @@ func (r *schemaResolver) AddExternalService(ctx context.Context, args *addExtern return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - - arg := struct { - Kind string - DisplayName string - Namespace *graphql.ID - }{ - Kind: args.Input.Kind, - DisplayName: args.Input.DisplayName, - Namespace: args.Input.Namespace, - } - // Log action of Code Host Connection being added - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionAdded, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + arg := struct { + Kind string + DisplayName string + Namespace *graphql.ID + }{ + Kind: args.Input.Kind, + DisplayName: args.Input.DisplayName, + Namespace: args.Input.Namespace, + } + // Log action of Code Host Connection being added + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionAdded, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + // Now, schedule the external service for syncing immediately. s := repos.NewStore(r.logger, r.db) err = s.EnqueueSingleSyncJob(ctx, externalService.ID) @@ -196,26 +193,24 @@ func (r *schemaResolver) UpdateExternalService(ctx context.Context, args *update logger.Warn("Failed to get new redacted config", log.Error(err)) } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - arg := struct { - ID graphql.ID - DisplayName *string - UpdaterID *int32 - PrevConfig string - LatestConfig *string - }{ - ID: args.Input.ID, - DisplayName: args.Input.DisplayName, - UpdaterID: &userID, - PrevConfig: prevConfig, - LatestConfig: &latestConfig, - } - // Log action of Code Host Connection being updated - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } - + arg := struct { + ID graphql.ID + DisplayName *string + UpdaterID *int32 + PrevConfig string + LatestConfig *string + }{ + ID: args.Input.ID, + DisplayName: args.Input.DisplayName, + UpdaterID: &userID, + PrevConfig: prevConfig, + LatestConfig: &latestConfig, + } + // Log action of Code Host Connection being updated + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + // Now, schedule the external service for syncing immediately. s := repos.NewStore(r.logger, r.db) err = s.EnqueueSingleSyncJob(ctx, es.ID) @@ -344,19 +339,18 @@ func (r *schemaResolver) DeleteExternalService(ctx context.Context, args *delete } } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - arguments := struct { - GraphQLID graphql.ID `json:"GraphQL ID"` - ExternalServiceID int64 `json:"External Service ID"` - }{ - GraphQLID: args.ExternalService, - ExternalServiceID: id, - } - // Log action of Code Host Connection being deleted - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionDeleted, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arguments); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + arguments := struct { + GraphQLID graphql.ID `json:"GraphQL ID"` + ExternalServiceID int64 `json:"External Service ID"` + }{ + GraphQLID: args.ExternalService, + ExternalServiceID: id, + } + // Log action of Code Host Connection being deleted + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameCodeHostConnectionDeleted, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arguments); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + return &EmptyResponse{}, nil } diff --git a/cmd/frontend/graphqlbackend/org.go b/cmd/frontend/graphqlbackend/org.go index ace7d44e54a1..8befb484ed49 100644 --- a/cmd/frontend/graphqlbackend/org.go +++ b/cmd/frontend/graphqlbackend/org.go @@ -16,7 +16,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/dotcom" "github.com/sourcegraph/sourcegraph/internal/errcode" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/gqlutil" "github.com/sourcegraph/sourcegraph/internal/types" "github.com/sourcegraph/sourcegraph/lib/errors" @@ -28,11 +27,9 @@ func (r *schemaResolver) Organization(ctx context.Context, args struct{ Name str return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log action for siteadmin viewing an organization's details - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + // Log action for siteadmin viewing an organization's details + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } return &OrgResolver{db: r.db, org: org}, nil @@ -273,12 +270,10 @@ func (r *schemaResolver) CreateOrganization(ctx context.Context, args *struct { return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log an event when a new organization being created - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) + // Log an event when a new organization being created + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) - } } // Add the current user as the first member of the new org. @@ -311,13 +306,12 @@ func (r *schemaResolver) UpdateOrganization(ctx context.Context, args *struct { return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log an event when organization settings are updated - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) + // Log an event when organization settings are updated + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) - } } + return &OrgResolver{db: r.db, org: updatedOrg}, nil } diff --git a/cmd/frontend/graphqlbackend/orgs.go b/cmd/frontend/graphqlbackend/orgs.go index 44a110e841f8..13d3e665fb72 100644 --- a/cmd/frontend/graphqlbackend/orgs.go +++ b/cmd/frontend/graphqlbackend/orgs.go @@ -9,7 +9,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/actor" "github.com/sourcegraph/sourcegraph/internal/auth" "github.com/sourcegraph/sourcegraph/internal/database" - "github.com/sourcegraph/sourcegraph/internal/featureflag" ) func (r *schemaResolver) Organizations(args *struct { @@ -47,14 +46,13 @@ func (r *orgConnectionResolver) Nodes(ctx context.Context) ([]*OrgResolver, erro org: org, }) } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log an event when listing organizations. - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgListViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { - logger.Error(err) + // Log an event when listing organizations. + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOrgListViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { + logger.Error(err) - } } + return l, nil } diff --git a/cmd/frontend/graphqlbackend/outbound_requests.go b/cmd/frontend/graphqlbackend/outbound_requests.go index a87928f7893b..fb16343aa9bd 100644 --- a/cmd/frontend/graphqlbackend/outbound_requests.go +++ b/cmd/frontend/graphqlbackend/outbound_requests.go @@ -14,7 +14,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/actor" "github.com/sourcegraph/sourcegraph/internal/auth" "github.com/sourcegraph/sourcegraph/internal/database" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/gqlutil" "github.com/sourcegraph/sourcegraph/internal/httpcli" "github.com/sourcegraph/sourcegraph/internal/types" @@ -65,13 +64,11 @@ func (r *schemaResolver) OutboundRequests(ctx context.Context, args *outboundReq after = "" } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - - // Log an even when Outbound requests are viewed - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + // Log an even when Outbound requests are viewed + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", args); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + return &outboundRequestConnectionResolver{ first: args.First, after: after, @@ -90,13 +87,11 @@ func (r *schemaResolver) outboundRequestByID(ctx context.Context, id graphql.ID) return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - - // Log an even when Outbound requests are viewed - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", graphql.ID(key)); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + // Log an even when Outbound requests are viewed + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameOutboundReqViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", graphql.ID(key)); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + item, _ := httpcli.GetOutboundRequestLogItem(key) return &OutboundRequestResolver{req: item}, nil } diff --git a/cmd/frontend/graphqlbackend/site.go b/cmd/frontend/graphqlbackend/site.go index d698677c7a9e..62ef625c6250 100644 --- a/cmd/frontend/graphqlbackend/site.go +++ b/cmd/frontend/graphqlbackend/site.go @@ -31,7 +31,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/database/migration/schemas" "github.com/sourcegraph/sourcegraph/internal/dotcom" "github.com/sourcegraph/sourcegraph/internal/env" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/gqlutil" "github.com/sourcegraph/sourcegraph/internal/insights" "github.com/sourcegraph/sourcegraph/internal/lazyregexp" @@ -112,23 +111,19 @@ func (r *siteResolver) Configuration(ctx context.Context, args *SiteConfiguratio // The only way a non-admin can access this field is when `returnSafeConfigsOnly` // is set to true. if returnSafeConfigsOnly { - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log an event when site config is viewed by non-admin user. - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigRedactedViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when site config is viewed by non-admin user. + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigRedactedViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + return &siteConfigurationResolver{db: r.db, returnSafeConfigsOnly: returnSafeConfigsOnly}, nil } return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - - // Log an event when site config is viewed by admin user. - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when site config is viewed by admin user. + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", nil); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } return &siteConfigurationResolver{db: r.db, returnSafeConfigsOnly: returnSafeConfigsOnly}, nil } @@ -340,13 +335,11 @@ func (r *schemaResolver) UpdateSiteConfiguration(ctx context.Context, args *stru return false, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - - // Log an event when site config is updated - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { - r.logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when site config is updated + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameSiteConfigUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { + r.logger.Warn("Error logging security event", log.Error(err)) } + return r.configurationServer.NeedServerRestart(), nil } diff --git a/cmd/frontend/graphqlbackend/user.go b/cmd/frontend/graphqlbackend/user.go index d5d2a770f3c6..4b00000e7505 100644 --- a/cmd/frontend/graphqlbackend/user.go +++ b/cmd/frontend/graphqlbackend/user.go @@ -24,7 +24,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/conf" "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/errcode" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/gqlutil" "github.com/sourcegraph/sourcegraph/internal/types" "github.com/sourcegraph/sourcegraph/lib/errors" @@ -491,12 +490,12 @@ func (r *schemaResolver) UpdateUser(ctx context.Context, args *updateUserArgs) ( if err := r.db.Users().Update(ctx, userID, update); err != nil { return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log an event when a user account is modified/updated - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameAccountModified, "", uint32(userID), "", "BACKEND", args); err != nil { - r.logger.Error("Error logging security event", log.Error(err)) - } + + // Log an event when a user account is modified/updated + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameAccountModified, "", uint32(userID), "", "BACKEND", args); err != nil { + r.logger.Error("Error logging security event", log.Error(err)) } + return UserByIDInt32(ctx, r.db, userID) } @@ -878,11 +877,10 @@ func (r *schemaResolver) SetUserCompletionsQuota(ctx context.Context, args SetUs log.Int("targetUserID", int(user.ID)), log.Intp("oldQuota", oldQuota), log.Intp("newQuota", newQuota)) - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil { - r.logger.Error("Error logging security event", log.Error(err)) - } + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil { + r.logger.Error("Error logging security event", log.Error(err)) } + return UserByIDInt32(ctx, r.db, user.ID) } @@ -920,13 +918,12 @@ func (r *schemaResolver) SetUserCodeCompletionsQuota(ctx context.Context, args S if err := r.db.Users().SetCodeCompletionsQuota(ctx, user.ID, quota); err != nil { return nil, err } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log an event when user's code completions quota is updated - if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCodeCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil { - r.logger.Error("Error logging security event", log.Error(err)) - } + // Log an event when user's code completions quota is updated + if err := r.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameUserCodeCompletionQuotaUpdated, "", uint32(id), "", "BACKEND", args); err != nil { + r.logger.Error("Error logging security event", log.Error(err)) } + return UserByIDInt32(ctx, r.db, user.ID) } diff --git a/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go b/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go index 534d03da9435..e6d5dc415af6 100644 --- a/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go +++ b/cmd/frontend/internal/dotcom/productsubscription/licenses_db.go @@ -16,7 +16,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/conf" "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/database/dbutil" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/hashutil" "github.com/sourcegraph/sourcegraph/internal/license" "github.com/sourcegraph/sourcegraph/internal/slack" @@ -103,18 +102,16 @@ func (s dbLicenses) Create(ctx context.Context, subscriptionID, licenseKey strin return "", errors.Wrap(err, "insert") } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - arg := struct { - SubscriptionID string `json:"subscriptionID"` - NewUUID uuid.UUID `json:"newUUID"` - }{ - SubscriptionID: subscriptionID, - NewUUID: newUUID, - } - // Log an event when a license is created in DotCom - if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + arg := struct { + SubscriptionID string `json:"subscriptionID"` + NewUUID uuid.UUID `json:"newUUID"` + }{ + SubscriptionID: subscriptionID, + NewUUID: newUUID, + } + // Log an event when a license is created in DotCom + if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseCreated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", arg); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } postLicenseCreationToSlack(ctx, logger, subscriptionID, version, expiresAt, info) @@ -390,12 +387,11 @@ ORDER BY created_at DESC results = append(results, &v) } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log an event when liscense list is viewed in Dotcom - if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", q.Args()); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when liscense list is viewed in Dotcom + if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComLicenseViewed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", q.Args()); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + return results, nil } diff --git a/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go b/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go index 7c9755599f72..940502d3b505 100644 --- a/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go +++ b/cmd/frontend/internal/dotcom/productsubscription/subscriptions_db.go @@ -17,7 +17,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/actor" "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/database/dbutil" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/trace" "github.com/sourcegraph/sourcegraph/lib/errors" ) @@ -96,12 +95,11 @@ INSERT INTO product_subscriptions(id, user_id, account_number) VALUES($1, $2, $3 ).Scan(&id); err != nil { return "", errors.Wrap(err, "insert") } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log an event when a new subscription is created. - if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionCreated, "", uint32(userID), "", "BACKEND", newUUID); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when a new subscription is created. + if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionCreated, "", uint32(userID), "", "BACKEND", newUUID); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + return id, nil } @@ -152,12 +150,11 @@ func (s dbSubscriptions) List(ctx context.Context, opt dbSubscriptionsListOption if mocks.subscriptions.List != nil { return mocks.subscriptions.List(ctx, opt) } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log an event when a list of subscriptions is requested. - if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionsListed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", opt); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when a list of subscriptions is requested. + if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionsListed, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", opt); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + return s.list(ctx, opt.sqlConditions(), opt.LimitOffset) } @@ -307,12 +304,11 @@ func (s dbSubscriptions) Update(ctx context.Context, id string, update DBSubscri if nrows == 0 { return errSubscriptionNotFound } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log an event when a subscription is updated - if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when a subscription is updated + if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionUpdated, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + return nil } @@ -338,12 +334,11 @@ func (s dbSubscriptions) Archive(ctx context.Context, id string) error { if nrows == 0 { return errSubscriptionNotFound } - if featureflag.FromContext(ctx).GetBoolOr("auditlog-expansion", true) { - // Log an event when a subscription is archived - if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionArchived, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil { - logger.Warn("Error logging security event", log.Error(err)) - } + // Log an event when a subscription is archived + if err := s.db.SecurityEventLogs().LogSecurityEvent(ctx, database.SecurityEventNameDotComSubscriptionArchived, "", uint32(actor.FromContext(ctx).UID), "", "BACKEND", id); err != nil { + logger.Warn("Error logging security event", log.Error(err)) } + return nil } From 8c18a5341a83a37b8e37089322e5d1b0bc2a3810 Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Fri, 9 Aug 2024 13:52:27 -0400 Subject: [PATCH 03/16] fix orgs test --- cmd/frontend/graphqlbackend/orgs_test.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/cmd/frontend/graphqlbackend/orgs_test.go b/cmd/frontend/graphqlbackend/orgs_test.go index e58a52c19b7a..1d2cafdb44e2 100644 --- a/cmd/frontend/graphqlbackend/orgs_test.go +++ b/cmd/frontend/graphqlbackend/orgs_test.go @@ -3,6 +3,8 @@ package graphqlbackend import ( "testing" + mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require" + "github.com/sourcegraph/sourcegraph/internal/database/dbmocks" "github.com/sourcegraph/sourcegraph/internal/types" ) @@ -19,6 +21,10 @@ func TestOrgs(t *testing.T) { db.UsersFunc.SetDefaultReturn(users) db.OrgsFunc.SetDefaultReturn(orgs) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) + RunTests(t, []*Test{ { Schema: mustParseGraphQLSchema(t, db), @@ -47,4 +53,5 @@ func TestOrgs(t *testing.T) { `, }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) } From 2e1b1a735e4e2e5fd4fb8178622e5f1c1d6a606f Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Fri, 9 Aug 2024 14:08:43 -0400 Subject: [PATCH 04/16] Fix user tests --- cmd/frontend/graphqlbackend/user_test.go | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/cmd/frontend/graphqlbackend/user_test.go b/cmd/frontend/graphqlbackend/user_test.go index a0f087628fdd..d4a5e51fe31a 100644 --- a/cmd/frontend/graphqlbackend/user_test.go +++ b/cmd/frontend/graphqlbackend/user_test.go @@ -7,6 +7,7 @@ import ( "strings" "testing" + mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require" gqlerrors "github.com/graph-gophers/graphql-go/errors" "github.com/stretchr/testify/assert" @@ -459,7 +460,9 @@ func TestUpdateUser(t *testing.T) { users.GetByCurrentAuthUserFunc.SetDefaultReturn(mockUser, nil) users.UpdateFunc.SetDefaultReturn(nil) db.UsersFunc.SetDefaultReturn(users) - + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) RunTests(t, []*Test{ { Context: actor.WithActor(context.Background(), &actor.Actor{UID: 1}), @@ -486,6 +489,7 @@ func TestUpdateUser(t *testing.T) { `, }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) }) t.Run("scim controlled user cannot change display or username", func(t *testing.T) { @@ -907,6 +911,11 @@ func TestSchema_SetUserCompletionsQuota(t *testing.T) { users.GetByCurrentAuthUserFunc.SetDefaultReturn(mockUser, nil) users.UpdateFunc.SetDefaultReturn(nil) db.UsersFunc.SetDefaultReturn(users) + + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) + var quota *int users.SetChatCompletionsQuotaFunc.SetDefaultHook(func(ctx context.Context, i1 int32, i2 *int) error { quota = i2 @@ -941,6 +950,7 @@ func TestSchema_SetUserCompletionsQuota(t *testing.T) { `, }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) }) } @@ -983,6 +993,11 @@ func TestSchema_SetUserCodeCompletionsQuota(t *testing.T) { users.GetByCurrentAuthUserFunc.SetDefaultReturn(mockUser, nil) users.UpdateFunc.SetDefaultReturn(nil) db.UsersFunc.SetDefaultReturn(users) + + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) + var quota *int users.SetCodeCompletionsQuotaFunc.SetDefaultHook(func(ctx context.Context, i1 int32, i2 *int) error { quota = i2 @@ -1017,6 +1032,7 @@ func TestSchema_SetUserCodeCompletionsQuota(t *testing.T) { `, }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) }) } From 29d740b2ca315bf10e3a5f0cd014cae99dc0f8ab Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Fri, 9 Aug 2024 14:23:01 -0400 Subject: [PATCH 05/16] fix org tests --- cmd/frontend/graphqlbackend/org_test.go | 29 +++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/cmd/frontend/graphqlbackend/org_test.go b/cmd/frontend/graphqlbackend/org_test.go index 00a387e458ce..bd955693efad 100644 --- a/cmd/frontend/graphqlbackend/org_test.go +++ b/cmd/frontend/graphqlbackend/org_test.go @@ -6,6 +6,7 @@ import ( "strconv" "testing" + mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require" gqlerrors "github.com/graph-gophers/graphql-go/errors" "github.com/graph-gophers/graphql-go/relay" "github.com/stretchr/testify/assert" @@ -38,10 +39,20 @@ func TestOrganization(t *testing.T) { orgs.GetByNameFunc.SetDefaultReturn(&mockedOrg, nil) orgs.GetByIDFunc.SetDefaultReturn(&mockedOrg, nil) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + // securityLogEvents.LogSecurityEventFunc.SetDefaultHook(func(ctx context.Context, eventName database.SecurityEventName, url string, userID uint32, anonymousUserID string, source string, arguments any) error { + // if want := database.SecurityEventNameOrgViewed; eventName != want { + // t.Errorf("got %q, want %q", eventName, want) + // } + // return nil + // }) + db := dbmocks.NewMockDB() db.OrgsFunc.SetDefaultReturn(orgs) db.UsersFunc.SetDefaultReturn(users) db.OrgMembersFunc.SetDefaultReturn(orgMembers) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) t.Run("can access organizations", func(t *testing.T) { RunTests(t, []*Test{ @@ -64,6 +75,8 @@ func TestOrganization(t *testing.T) { }, }) }) + mockrequire.CalledN(t, securityLogEvents.LogSecurityEventFunc, 1) + } func TestOrganizationMembers(t *testing.T) { @@ -85,10 +98,14 @@ func TestOrganizationMembers(t *testing.T) { mockedOrg := types.Org{ID: 1, Name: "acme"} orgs.GetByNameFunc.SetDefaultReturn(&mockedOrg, nil) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db := dbmocks.NewMockDB() db.OrgsFunc.SetDefaultReturn(orgs) db.UsersFunc.SetDefaultReturn(users) db.OrgMembersFunc.SetDefaultReturn(orgMembers) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) t.Run("org members can list members", func(t *testing.T) { users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{Username: "alice", ID: 1}, nil) @@ -120,6 +137,7 @@ func TestOrganizationMembers(t *testing.T) { }) }) } + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) }) t.Run("non-members", func(t *testing.T) { @@ -208,6 +226,8 @@ func TestOrganizationMembers(t *testing.T) { }, }) }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) + }) } @@ -224,10 +244,14 @@ func TestCreateOrganization(t *testing.T) { orgMembers := dbmocks.NewMockOrgMemberStore() orgMembers.CreateFunc.SetDefaultReturn(&types.OrgMembership{OrgID: mockedOrg.ID, UserID: userID}, nil) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db := dbmocks.NewMockDB() db.OrgsFunc.SetDefaultReturn(orgs) db.UsersFunc.SetDefaultReturn(users) db.OrgMembersFunc.SetDefaultReturn(orgMembers) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) ctx := actor.WithActor(context.Background(), &actor.Actor{UID: userID}) @@ -253,6 +277,7 @@ func TestCreateOrganization(t *testing.T) { "name": "acme", }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) }) t.Run("Fails for unauthenticated user", func(t *testing.T) { @@ -335,11 +360,15 @@ func TestAddOrganizationMember(t *testing.T) { permssync.MockSchedulePermsSync = func(_ context.Context, logger log.Logger, _ database.DB, _ permssync.ScheduleSyncOpts) {} defer func() { permssync.MockSchedulePermsSync = nil }() + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db := dbmocks.NewMockDB() db.OrgsFunc.SetDefaultReturn(orgs) db.UsersFunc.SetDefaultReturn(users) db.OrgMembersFunc.SetDefaultReturn(orgMembers) db.FeatureFlagsFunc.SetDefaultReturn(featureFlags) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) ctx := actor.WithActor(context.Background(), &actor.Actor{UID: 1}) From f49ea98aed358ff286e2f5c6b8228367edc65fcd Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Fri, 9 Aug 2024 14:37:16 -0400 Subject: [PATCH 06/16] fix external services tests --- .../graphqlbackend/external_services_test.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/cmd/frontend/graphqlbackend/external_services_test.go b/cmd/frontend/graphqlbackend/external_services_test.go index 87070ac30c28..8c2403e6aab3 100644 --- a/cmd/frontend/graphqlbackend/external_services_test.go +++ b/cmd/frontend/graphqlbackend/external_services_test.go @@ -7,6 +7,7 @@ import ( "testing" "time" + mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require" "github.com/google/go-cmp/cmp" "github.com/graph-gophers/graphql-go" gqlerrors "github.com/graph-gophers/graphql-go/errors" @@ -70,6 +71,9 @@ func TestAddExternalService(t *testing.T) { db.UsersFunc.SetDefaultReturn(users) db.ExternalServicesFunc.SetDefaultReturn(externalServices) db.HandleFunc.SetDefaultReturn(&handle{db}) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) RunTests(t, []*Test{ { @@ -98,6 +102,7 @@ func TestAddExternalService(t *testing.T) { `, }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) } func TestUpdateExternalService(t *testing.T) { @@ -205,6 +210,10 @@ func TestUpdateExternalService(t *testing.T) { es := backend.NewStrictMockExternalServicesService() es.ValidateConnectionFunc.SetDefaultReturn(nil) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) + mockExternalServicesService = es t.Cleanup(func() { mockExternalServicesService = nil }) @@ -233,6 +242,7 @@ func TestUpdateExternalService(t *testing.T) { `, Context: actor.WithActor(context.Background(), &actor.Actor{UID: 1}), }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) } func TestExcludeRepoFromExternalServices_ExternalServiceDoesntSupportRepoExclusion(t *testing.T) { @@ -568,6 +578,9 @@ func TestDeleteExternalService(t *testing.T) { db := dbmocks.NewMockDB() db.UsersFunc.SetDefaultReturn(users) db.ExternalServicesFunc.SetDefaultReturn(externalServices) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) RunTests(t, []*Test{ { @@ -589,6 +602,7 @@ func TestDeleteExternalService(t *testing.T) { Context: actor.WithActor(context.Background(), &actor.Actor{UID: 1}), }, }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) } func TestExternalServicesResolver(t *testing.T) { From ba34dfb01fd0efa0c6704ccdccf33febb1383b68 Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Fri, 9 Aug 2024 17:01:53 -0400 Subject: [PATCH 07/16] fix site tests --- cmd/frontend/graphqlbackend/site_test.go | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/cmd/frontend/graphqlbackend/site_test.go b/cmd/frontend/graphqlbackend/site_test.go index be247130e51b..b98655137c4e 100644 --- a/cmd/frontend/graphqlbackend/site_test.go +++ b/cmd/frontend/graphqlbackend/site_test.go @@ -5,6 +5,7 @@ import ( "sort" "testing" + mockrequire "github.com/derision-test/go-mockgen/v2/testutil/require" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" "github.com/hexops/autogold/v2" @@ -30,6 +31,9 @@ func TestSiteConfiguration(t *testing.T) { users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{}, nil) db := dbmocks.NewMockDB() db.UsersFunc.SetDefaultReturn(users) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) ctx := actor.WithActor(context.Background(), &actor.Actor{UID: 1}) _, err := newSchemaResolver(db, gitserver.NewTestClient(t), nil).Site().Configuration(ctx, &SiteConfigurationArgs{ @@ -39,6 +43,7 @@ func TestSiteConfiguration(t *testing.T) { if err == nil || !errors.Is(err, auth.ErrMustBeSiteAdmin) { t.Fatalf("err: want %q but got %v", auth.ErrMustBeSiteAdmin, err) } + mockrequire.CalledN(t, securityLogEvents.LogSecurityEventFunc, 0) }) t.Run("ReturnSafeConfigsOnly is true", func(t *testing.T) { @@ -46,6 +51,9 @@ func TestSiteConfiguration(t *testing.T) { users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{}, nil) db := dbmocks.NewMockDB() db.UsersFunc.SetDefaultReturn(users) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) ctx := actor.WithActor(context.Background(), &actor.Actor{UID: 1}) r, err := newSchemaResolver(db, gitserver.NewTestClient(t), nil).Site().Configuration(ctx, &SiteConfigurationArgs{ @@ -75,6 +83,8 @@ func TestSiteConfiguration(t *testing.T) { if err != nil { t.Fatalf("err: want nil but got %v", err) } + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) + }) }) @@ -97,7 +107,9 @@ func TestSiteConfiguration(t *testing.T) { db := dbmocks.NewMockDB() db.UsersFunc.SetDefaultReturn(users) db.ConfFunc.SetDefaultReturn(conf) - + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) ctx := actor.WithActor(context.Background(), &actor.Actor{UID: 1}) t.Run("ReturnSafeConfigsOnly is false", func(t *testing.T) { @@ -160,12 +172,18 @@ func TestSiteConfiguration(t *testing.T) { t.Fatalf("err: want nil but got %v", err) } }) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) + }) + } func TestSiteConfigurationHistory(t *testing.T) { stubs := setupSiteConfigStubs(t) - + users := dbmocks.NewMockUserStore() + users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{}, nil) + db := dbmocks.NewMockDB() + db.UsersFunc.SetDefaultReturn(users) ctx := actor.WithActor(context.Background(), &actor.Actor{UID: stubs.users[0].ID}) schemaResolver, err := newSchemaResolver(stubs.db, gitserver.NewTestClient(t), nil).Site().Configuration(ctx, &SiteConfigurationArgs{}) if err != nil { From 1f4d0e9a447a5a10bdbfb0495651aa3b0a344b8b Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Fri, 9 Aug 2024 17:27:18 -0400 Subject: [PATCH 08/16] fix user emails test --- cmd/frontend/graphqlbackend/user_emails_test.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cmd/frontend/graphqlbackend/user_emails_test.go b/cmd/frontend/graphqlbackend/user_emails_test.go index dd52323802bb..2f388b843ae9 100644 --- a/cmd/frontend/graphqlbackend/user_emails_test.go +++ b/cmd/frontend/graphqlbackend/user_emails_test.go @@ -253,6 +253,10 @@ func TestSetUserEmailVerified(t *testing.T) { db.UserExternalAccountsFunc.SetDefaultReturn(userExternalAccounts) db.SubRepoPermsFunc.SetDefaultReturn(dbmocks.NewMockSubRepoPermsStore()) + securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() + securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) + db.SecurityEventLogsFunc.SetDefaultReturn(securityLogEvents) + RunTests(t, test.gqlTests(db)) if test.expectCalledGrantPendingPermissions { @@ -260,6 +264,7 @@ func TestSetUserEmailVerified(t *testing.T) { } else { mockrequire.NotCalled(t, authz.GrantPendingPermissionsFunc) } + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) }) } } From 128a87fa452986d117c553c530961b3193493ea8 Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Mon, 12 Aug 2024 10:20:08 -0400 Subject: [PATCH 09/16] bazel configure --- cmd/frontend/backend/BUILD.bazel | 1 - 1 file changed, 1 deletion(-) diff --git a/cmd/frontend/backend/BUILD.bazel b/cmd/frontend/backend/BUILD.bazel index 629b59a26f37..3a8b810fc632 100644 --- a/cmd/frontend/backend/BUILD.bazel +++ b/cmd/frontend/backend/BUILD.bazel @@ -45,7 +45,6 @@ go_library( "//internal/extsvc/github", "//internal/extsvc/gitlab", "//internal/extsvc/gitolite", - "//internal/featureflag", "//internal/gitserver", "//internal/gitserver/gitdomain", "//internal/httpcli", From 0434717bc8f2ac7733ece8246fa61f7342d3402b Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Mon, 12 Aug 2024 14:33:10 -0400 Subject: [PATCH 10/16] fix imports --- cmd/frontend/graphqlbackend/external_services.go | 1 - cmd/frontend/graphqlbackend/orgs.go | 1 - 2 files changed, 2 deletions(-) diff --git a/cmd/frontend/graphqlbackend/external_services.go b/cmd/frontend/graphqlbackend/external_services.go index a1e2852514e4..49d2181c1cca 100644 --- a/cmd/frontend/graphqlbackend/external_services.go +++ b/cmd/frontend/graphqlbackend/external_services.go @@ -22,7 +22,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/conf" "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/extsvc" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/gqlutil" "github.com/sourcegraph/sourcegraph/internal/repos" "github.com/sourcegraph/sourcegraph/internal/repoupdater" diff --git a/cmd/frontend/graphqlbackend/orgs.go b/cmd/frontend/graphqlbackend/orgs.go index 376e873ec429..807518b91f59 100644 --- a/cmd/frontend/graphqlbackend/orgs.go +++ b/cmd/frontend/graphqlbackend/orgs.go @@ -8,7 +8,6 @@ import ( "github.com/sourcegraph/sourcegraph/internal/actor" "github.com/sourcegraph/sourcegraph/internal/auth" "github.com/sourcegraph/sourcegraph/internal/database" - "github.com/sourcegraph/sourcegraph/internal/featureflag" "github.com/sourcegraph/sourcegraph/internal/gqlutil" ) From e415014e63710844fd79925c00b148e281fd1245 Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Mon, 12 Aug 2024 14:38:50 -0400 Subject: [PATCH 11/16] fix test --- cmd/frontend/graphqlbackend/org_test.go | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/cmd/frontend/graphqlbackend/org_test.go b/cmd/frontend/graphqlbackend/org_test.go index df424c79708b..4c151da725d2 100644 --- a/cmd/frontend/graphqlbackend/org_test.go +++ b/cmd/frontend/graphqlbackend/org_test.go @@ -41,12 +41,6 @@ func TestOrganization(t *testing.T) { securityLogEvents := dbmocks.NewMockSecurityEventLogsStore() securityLogEvents.LogSecurityEventFunc.SetDefaultReturn(nil) - // securityLogEvents.LogSecurityEventFunc.SetDefaultHook(func(ctx context.Context, eventName database.SecurityEventName, url string, userID uint32, anonymousUserID string, source string, arguments any) error { - // if want := database.SecurityEventNameOrgViewed; eventName != want { - // t.Errorf("got %q, want %q", eventName, want) - // } - // return nil - // }) db := dbmocks.NewMockDB() db.OrgsFunc.SetDefaultReturn(orgs) @@ -75,7 +69,7 @@ func TestOrganization(t *testing.T) { }, }) }) - mockrequire.CalledN(t, securityLogEvents.LogSecurityEventFunc, 1) + mockrequire.Called(t, securityLogEvents.LogSecurityEventFunc) } From 6d89a034504b334f6c758ca6e9c7cbdd629ca242 Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Mon, 12 Aug 2024 14:51:38 -0400 Subject: [PATCH 12/16] clarification comment --- cmd/frontend/graphqlbackend/site_test.go | 38 +++++++++++------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/cmd/frontend/graphqlbackend/site_test.go b/cmd/frontend/graphqlbackend/site_test.go index 5f472595a3f2..7d745d10675f 100644 --- a/cmd/frontend/graphqlbackend/site_test.go +++ b/cmd/frontend/graphqlbackend/site_test.go @@ -12,12 +12,12 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/sourcegraph/sourcegraph/cmd/frontend/graphqlbackend/graphqlutil" "github.com/sourcegraph/sourcegraph/internal/actor" "github.com/sourcegraph/sourcegraph/internal/auth" "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/database/dbmocks" "github.com/sourcegraph/sourcegraph/internal/gitserver" - "github.com/sourcegraph/sourcegraph/internal/gqlutil" "github.com/sourcegraph/sourcegraph/internal/oobmigration" "github.com/sourcegraph/sourcegraph/internal/types" "github.com/sourcegraph/sourcegraph/lib/errors" @@ -43,6 +43,7 @@ func TestSiteConfiguration(t *testing.T) { if err == nil || !errors.Is(err, auth.ErrMustBeSiteAdmin) { t.Fatalf("err: want %q but got %v", auth.ErrMustBeSiteAdmin, err) } + //Log functions is not called since non-admin user will not get the site config when ReturnSafeConfigsOnly is false mockrequire.CalledN(t, securityLogEvents.LogSecurityEventFunc, 0) }) @@ -180,10 +181,7 @@ func TestSiteConfiguration(t *testing.T) { func TestSiteConfigurationHistory(t *testing.T) { stubs := setupSiteConfigStubs(t) - users := dbmocks.NewMockUserStore() - users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{}, nil) - db := dbmocks.NewMockDB() - db.UsersFunc.SetDefaultReturn(users) + ctx := actor.WithActor(context.Background(), &actor.Actor{UID: stubs.users[0].ID}) schemaResolver, err := newSchemaResolver(stubs.db, gitserver.NewTestClient(t), nil).Site().Configuration(ctx, &SiteConfigurationArgs{}) if err != nil { @@ -192,42 +190,42 @@ func TestSiteConfigurationHistory(t *testing.T) { testCases := []struct { name string - args *gqlutil.ConnectionResolverArgs + args *graphqlutil.ConnectionResolverArgs expectedSiteConfigIDs []int32 }{ { name: "first: 2", - args: &gqlutil.ConnectionResolverArgs{First: pointers.Ptr(int32(2))}, + args: &graphqlutil.ConnectionResolverArgs{First: pointers.Ptr(int32(2))}, expectedSiteConfigIDs: []int32{6, 4}, }, { name: "first: 6 (exact number of items that exist in the database)", - args: &gqlutil.ConnectionResolverArgs{First: pointers.Ptr(int32(6))}, + args: &graphqlutil.ConnectionResolverArgs{First: pointers.Ptr(int32(6))}, expectedSiteConfigIDs: []int32{6, 4, 3, 2, 1}, }, { name: "first: 20 (more items than what exists in the database)", - args: &gqlutil.ConnectionResolverArgs{First: pointers.Ptr(int32(20))}, + args: &graphqlutil.ConnectionResolverArgs{First: pointers.Ptr(int32(20))}, expectedSiteConfigIDs: []int32{6, 4, 3, 2, 1}, }, { name: "last: 2", - args: &gqlutil.ConnectionResolverArgs{Last: pointers.Ptr(int32(2))}, + args: &graphqlutil.ConnectionResolverArgs{Last: pointers.Ptr(int32(2))}, expectedSiteConfigIDs: []int32{2, 1}, }, { name: "last: 6 (exact number of items that exist in the database)", - args: &gqlutil.ConnectionResolverArgs{Last: pointers.Ptr(int32(6))}, + args: &graphqlutil.ConnectionResolverArgs{Last: pointers.Ptr(int32(6))}, expectedSiteConfigIDs: []int32{6, 4, 3, 2, 1}, }, { name: "last: 20 (more items than what exists in the database)", - args: &gqlutil.ConnectionResolverArgs{Last: pointers.Ptr(int32(20))}, + args: &graphqlutil.ConnectionResolverArgs{Last: pointers.Ptr(int32(20))}, expectedSiteConfigIDs: []int32{6, 4, 3, 2, 1}, }, { name: "first: 2, after: 4", - args: &gqlutil.ConnectionResolverArgs{ + args: &graphqlutil.ConnectionResolverArgs{ First: pointers.Ptr(int32(2)), After: pointers.Ptr(string(marshalSiteConfigurationChangeID(4))), }, @@ -235,7 +233,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "first: 10, after: 4 (overflow)", - args: &gqlutil.ConnectionResolverArgs{ + args: &graphqlutil.ConnectionResolverArgs{ First: pointers.Ptr(int32(10)), After: pointers.Ptr(string(marshalSiteConfigurationChangeID(4))), }, @@ -243,7 +241,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "first: 10, after: 7 (same as get all items, but latest ID in DB is 6)", - args: &gqlutil.ConnectionResolverArgs{ + args: &graphqlutil.ConnectionResolverArgs{ First: pointers.Ptr(int32(10)), After: pointers.Ptr(string(marshalSiteConfigurationChangeID(7))), }, @@ -251,7 +249,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "first: 10, after: 1 (beyond the last cursor in DB which is 1)", - args: &gqlutil.ConnectionResolverArgs{ + args: &graphqlutil.ConnectionResolverArgs{ First: pointers.Ptr(int32(10)), After: pointers.Ptr(string(marshalSiteConfigurationChangeID(1))), }, @@ -259,7 +257,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "last: 2, before: 1", - args: &gqlutil.ConnectionResolverArgs{ + args: &graphqlutil.ConnectionResolverArgs{ Last: pointers.Ptr(int32(2)), Before: pointers.Ptr(string(marshalSiteConfigurationChangeID(1))), }, @@ -267,7 +265,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "last: 10, before: 1 (overflow)", - args: &gqlutil.ConnectionResolverArgs{ + args: &graphqlutil.ConnectionResolverArgs{ Last: pointers.Ptr(int32(10)), Before: pointers.Ptr(string(marshalSiteConfigurationChangeID(1))), }, @@ -275,7 +273,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "last: 10, before: 0 (same as get all items, but oldest ID in DB is 1)", - args: &gqlutil.ConnectionResolverArgs{ + args: &graphqlutil.ConnectionResolverArgs{ Last: pointers.Ptr(int32(10)), Before: pointers.Ptr(string(marshalSiteConfigurationChangeID(0))), }, @@ -283,7 +281,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "last: 10, before: 7 (beyond the latest cursor in DB which is 6)", - args: &gqlutil.ConnectionResolverArgs{ + args: &graphqlutil.ConnectionResolverArgs{ Last: pointers.Ptr(int32(10)), Before: pointers.Ptr(string(marshalSiteConfigurationChangeID(7))), }, From 29159aaf5f0a5bbd70ed8b0b494f882b9c12eff4 Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Mon, 12 Aug 2024 15:07:17 -0400 Subject: [PATCH 13/16] revert --- cmd/frontend/graphqlbackend/site_test.go | 34 ++++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/cmd/frontend/graphqlbackend/site_test.go b/cmd/frontend/graphqlbackend/site_test.go index 7d745d10675f..4a28ded614d2 100644 --- a/cmd/frontend/graphqlbackend/site_test.go +++ b/cmd/frontend/graphqlbackend/site_test.go @@ -1,4 +1,4 @@ -package graphqlbackend +package phqlbackend import ( "context" @@ -12,12 +12,12 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/sourcegraph/sourcegraph/cmd/frontend/graphqlbackend/graphqlutil" "github.com/sourcegraph/sourcegraph/internal/actor" "github.com/sourcegraph/sourcegraph/internal/auth" "github.com/sourcegraph/sourcegraph/internal/database" "github.com/sourcegraph/sourcegraph/internal/database/dbmocks" "github.com/sourcegraph/sourcegraph/internal/gitserver" + "github.com/sourcegraph/sourcegraph/internal/gqlutil" "github.com/sourcegraph/sourcegraph/internal/oobmigration" "github.com/sourcegraph/sourcegraph/internal/types" "github.com/sourcegraph/sourcegraph/lib/errors" @@ -190,42 +190,42 @@ func TestSiteConfigurationHistory(t *testing.T) { testCases := []struct { name string - args *graphqlutil.ConnectionResolverArgs + args *gqlutil.ConnectionResolverArgs expectedSiteConfigIDs []int32 }{ { name: "first: 2", - args: &graphqlutil.ConnectionResolverArgs{First: pointers.Ptr(int32(2))}, + args: &gqlutil.ConnectionResolverArgs{First: pointers.Ptr(int32(2))}, expectedSiteConfigIDs: []int32{6, 4}, }, { name: "first: 6 (exact number of items that exist in the database)", - args: &graphqlutil.ConnectionResolverArgs{First: pointers.Ptr(int32(6))}, + args: &gqlutil.ConnectionResolverArgs{First: pointers.Ptr(int32(6))}, expectedSiteConfigIDs: []int32{6, 4, 3, 2, 1}, }, { name: "first: 20 (more items than what exists in the database)", - args: &graphqlutil.ConnectionResolverArgs{First: pointers.Ptr(int32(20))}, + args: &gqlutil.ConnectionResolverArgs{First: pointers.Ptr(int32(20))}, expectedSiteConfigIDs: []int32{6, 4, 3, 2, 1}, }, { name: "last: 2", - args: &graphqlutil.ConnectionResolverArgs{Last: pointers.Ptr(int32(2))}, + args: &gqlutil.ConnectionResolverArgs{Last: pointers.Ptr(int32(2))}, expectedSiteConfigIDs: []int32{2, 1}, }, { name: "last: 6 (exact number of items that exist in the database)", - args: &graphqlutil.ConnectionResolverArgs{Last: pointers.Ptr(int32(6))}, + args: &gqlutil.ConnectionResolverArgs{Last: pointers.Ptr(int32(6))}, expectedSiteConfigIDs: []int32{6, 4, 3, 2, 1}, }, { name: "last: 20 (more items than what exists in the database)", - args: &graphqlutil.ConnectionResolverArgs{Last: pointers.Ptr(int32(20))}, + args: &gqlutil.ConnectionResolverArgs{Last: pointers.Ptr(int32(20))}, expectedSiteConfigIDs: []int32{6, 4, 3, 2, 1}, }, { name: "first: 2, after: 4", - args: &graphqlutil.ConnectionResolverArgs{ + args: &gqlutil.ConnectionResolverArgs{ First: pointers.Ptr(int32(2)), After: pointers.Ptr(string(marshalSiteConfigurationChangeID(4))), }, @@ -233,7 +233,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "first: 10, after: 4 (overflow)", - args: &graphqlutil.ConnectionResolverArgs{ + args: &gqlutil.ConnectionResolverArgs{ First: pointers.Ptr(int32(10)), After: pointers.Ptr(string(marshalSiteConfigurationChangeID(4))), }, @@ -241,7 +241,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "first: 10, after: 7 (same as get all items, but latest ID in DB is 6)", - args: &graphqlutil.ConnectionResolverArgs{ + args: &gqlutil.ConnectionResolverArgs{ First: pointers.Ptr(int32(10)), After: pointers.Ptr(string(marshalSiteConfigurationChangeID(7))), }, @@ -249,7 +249,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "first: 10, after: 1 (beyond the last cursor in DB which is 1)", - args: &graphqlutil.ConnectionResolverArgs{ + args: &gqlutil.ConnectionResolverArgs{ First: pointers.Ptr(int32(10)), After: pointers.Ptr(string(marshalSiteConfigurationChangeID(1))), }, @@ -257,7 +257,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "last: 2, before: 1", - args: &graphqlutil.ConnectionResolverArgs{ + args: &gqlutil.ConnectionResolverArgs{ Last: pointers.Ptr(int32(2)), Before: pointers.Ptr(string(marshalSiteConfigurationChangeID(1))), }, @@ -265,7 +265,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "last: 10, before: 1 (overflow)", - args: &graphqlutil.ConnectionResolverArgs{ + args: &gqlutil.ConnectionResolverArgs{ Last: pointers.Ptr(int32(10)), Before: pointers.Ptr(string(marshalSiteConfigurationChangeID(1))), }, @@ -273,7 +273,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "last: 10, before: 0 (same as get all items, but oldest ID in DB is 1)", - args: &graphqlutil.ConnectionResolverArgs{ + args: &gqlutil.ConnectionResolverArgs{ Last: pointers.Ptr(int32(10)), Before: pointers.Ptr(string(marshalSiteConfigurationChangeID(0))), }, @@ -281,7 +281,7 @@ func TestSiteConfigurationHistory(t *testing.T) { }, { name: "last: 10, before: 7 (beyond the latest cursor in DB which is 6)", - args: &graphqlutil.ConnectionResolverArgs{ + args: &gqlutil.ConnectionResolverArgs{ Last: pointers.Ptr(int32(10)), Before: pointers.Ptr(string(marshalSiteConfigurationChangeID(7))), }, From 3e59ef2c9957cf563f2d575baf23c46eaa12d2e2 Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Mon, 12 Aug 2024 15:12:04 -0400 Subject: [PATCH 14/16] bazel configure --- cmd/frontend/graphqlbackend/BUILD.bazel | 3 --- 1 file changed, 3 deletions(-) diff --git a/cmd/frontend/graphqlbackend/BUILD.bazel b/cmd/frontend/graphqlbackend/BUILD.bazel index c867ddb4bb88..61a019770fcc 100644 --- a/cmd/frontend/graphqlbackend/BUILD.bazel +++ b/cmd/frontend/graphqlbackend/BUILD.bazel @@ -449,7 +449,6 @@ go_test( "site_alerts_test.go", "site_config_change_connection_test.go", "site_config_change_test.go", - "site_test.go", "slow_requests_tracer_test.go", "status_messages_test.go", "teams_test.go", @@ -511,7 +510,6 @@ go_test( "//internal/gitserver/protocol", "//internal/gqlutil", "//internal/observation", - "//internal/oobmigration", "//internal/ratelimit", "//internal/rbac", "//internal/rbac/types", @@ -546,7 +544,6 @@ go_test( "@com_github_derision_test_go_mockgen_v2//testutil/require", "@com_github_golang_jwt_jwt_v4//:jwt", "@com_github_google_go_cmp//cmp", - "@com_github_google_go_cmp//cmp/cmpopts", "@com_github_grafana_regexp//:regexp", "@com_github_graph_gophers_graphql_go//:graphql-go", "@com_github_graph_gophers_graphql_go//errors", From ba19e6d49667ee92fe45a60b218a5a19090e739a Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Mon, 12 Aug 2024 15:19:10 -0400 Subject: [PATCH 15/16] revert --- cmd/frontend/graphqlbackend/site_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/frontend/graphqlbackend/site_test.go b/cmd/frontend/graphqlbackend/site_test.go index 4a28ded614d2..99cbc9034d3f 100644 --- a/cmd/frontend/graphqlbackend/site_test.go +++ b/cmd/frontend/graphqlbackend/site_test.go @@ -1,4 +1,4 @@ -package phqlbackend +package graphqlbackend import ( "context" From 637b906de7717627379510828f528ab5b1b63311 Mon Sep 17 00:00:00 2001 From: Mohammad Umer Alam Date: Mon, 12 Aug 2024 15:20:43 -0400 Subject: [PATCH 16/16] bazel configure --- cmd/frontend/graphqlbackend/BUILD.bazel | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cmd/frontend/graphqlbackend/BUILD.bazel b/cmd/frontend/graphqlbackend/BUILD.bazel index 61a019770fcc..c867ddb4bb88 100644 --- a/cmd/frontend/graphqlbackend/BUILD.bazel +++ b/cmd/frontend/graphqlbackend/BUILD.bazel @@ -449,6 +449,7 @@ go_test( "site_alerts_test.go", "site_config_change_connection_test.go", "site_config_change_test.go", + "site_test.go", "slow_requests_tracer_test.go", "status_messages_test.go", "teams_test.go", @@ -510,6 +511,7 @@ go_test( "//internal/gitserver/protocol", "//internal/gqlutil", "//internal/observation", + "//internal/oobmigration", "//internal/ratelimit", "//internal/rbac", "//internal/rbac/types", @@ -544,6 +546,7 @@ go_test( "@com_github_derision_test_go_mockgen_v2//testutil/require", "@com_github_golang_jwt_jwt_v4//:jwt", "@com_github_google_go_cmp//cmp", + "@com_github_google_go_cmp//cmp/cmpopts", "@com_github_grafana_regexp//:regexp", "@com_github_graph_gophers_graphql_go//:graphql-go", "@com_github_graph_gophers_graphql_go//errors",