Skip to content

Commit c1c56e3

Browse files
zedkippzedkipp
committed
refactor(agentapi): use slog for boundary logs
Replace fmt.Fprintf to stderr with structured slog logging for boundary audit events. This integrates with coder's existing logging infrastructure and provides better observability.
1 parent 23e55e4 commit c1c56e3

File tree

2 files changed

+25
-24
lines changed

2 files changed

+25
-24
lines changed

coderd/agentapi/api.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -220,6 +220,7 @@ func New(opts Options, workspace database.Workspace) *API {
220220
}
221221

222222
api.BoundaryLogsAPI = &BoundaryLogsAPI{
223+
Log: opts.Log,
223224
WorkspaceID: opts.WorkspaceID,
224225
}
225226

coderd/agentapi/boundary_logs.go

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -2,50 +2,50 @@ package agentapi
22

33
import (
44
"context"
5-
"fmt"
6-
"os"
75
"time"
86

97
"github.com/google/uuid"
108

9+
"cdr.dev/slog"
1110
agentproto "github.com/coder/coder/v2/agent/proto"
1211
)
1312

1413
type BoundaryLogsAPI struct {
14+
Log slog.Logger
1515
WorkspaceID uuid.UUID
1616
}
1717

18-
func (a *BoundaryLogsAPI) ReportBoundaryLogs(_ context.Context, req *agentproto.ReportBoundaryLogsRequest) (*agentproto.ReportBoundaryLogsResponse, error) {
19-
for _, log := range req.Logs {
20-
workspaceID, err := uuid.FromBytes(log.WorkspaceId)
18+
func (a *BoundaryLogsAPI) ReportBoundaryLogs(ctx context.Context, req *agentproto.ReportBoundaryLogsRequest) (*agentproto.ReportBoundaryLogsResponse, error) {
19+
for _, l := range req.Logs {
20+
workspaceID, err := uuid.FromBytes(l.WorkspaceId)
2121
if err != nil {
2222
workspaceID = a.WorkspaceID
2323
}
2424

25-
decision := "allow"
26-
level := "info"
27-
if !log.Allowed {
28-
decision = "deny"
29-
level = "warn"
30-
}
31-
3225
var logTime time.Time
33-
if log.Time != nil {
34-
logTime = log.Time.AsTime()
26+
if l.Time != nil {
27+
logTime = l.Time.AsTime()
3528
} else {
3629
logTime = time.Now()
3730
}
3831

39-
// Format: [API] 2025-12-08 20:58:46.093 [warn] boundary: workspace.id=... decision=deny http.method="GET" http.url="..." time="..."
40-
_, _ = fmt.Fprintf(os.Stderr, "[API] %s [%s] boundary: workspace.id=%s decision=%s http.method=%q http.url=%q time=%q\n",
41-
logTime.Format("2006-01-02 15:04:05.000"),
42-
level,
43-
workspaceID.String(),
44-
decision,
45-
log.HttpMethod,
46-
log.HttpUrl,
47-
logTime.Format(time.RFC3339Nano),
48-
)
32+
if l.Allowed {
33+
a.Log.Info(ctx, "boundary request allowed",
34+
slog.F("workspace_id", workspaceID.String()),
35+
slog.F("http_method", l.HttpMethod),
36+
slog.F("http_url", l.HttpUrl),
37+
slog.F("event_time", logTime.Format(time.RFC3339Nano)),
38+
slog.F("matched_rule", l.MatchedRule),
39+
)
40+
} else {
41+
a.Log.Warn(ctx, "boundary request denied",
42+
slog.F("workspace_id", workspaceID.String()),
43+
slog.F("http_method", l.HttpMethod),
44+
slog.F("http_url", l.HttpUrl),
45+
slog.F("event_time", logTime.Format(time.RFC3339Nano)),
46+
slog.F("matched_rule", l.MatchedRule),
47+
)
48+
}
4949
}
5050

5151
return &agentproto.ReportBoundaryLogsResponse{}, nil

0 commit comments

Comments
 (0)