mirror of
https://github.com/coder/coder.git
synced 2026-06-03 04:58:23 +00:00
Zach
7dfa33b410
feat: add boundary usage telemetry database schema and RBAC
Adds the foundation for tracking boundary usage telemetry across Coder
replicas. This includes:
- Database schema: `boundary_usage_stats` table with per-replica stats
(unique workspaces, unique users, allowed/denied request counts)
- Database queries: upsert stats, get aggregated summary, reset stats,
delete by replica ID
- RBAC: `boundary_usage` resource type with read/update/delete actions,
accessible only via system `BoundaryUsageTracker` subject (not regular
user roles)
- Tracker skeleton + docs: stub implementation in `coderd/boundaryusage/`
The tracker accumulates stats in memory and periodically flushes to the
database. Stats are aggregated across replicas for telemetry reporting,
then reset when a new reporting period begins. The tracker implementation
and plumbing will be done in a subsequent commit/PR.
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
30 lines
1.9 KiB
SQL
30 lines
1.9 KiB
SQL
CREATE TABLE boundary_usage_stats (
|
|
replica_id UUID PRIMARY KEY,
|
|
unique_workspaces_count BIGINT NOT NULL DEFAULT 0,
|
|
unique_users_count BIGINT NOT NULL DEFAULT 0,
|
|
allowed_requests BIGINT NOT NULL DEFAULT 0,
|
|
denied_requests BIGINT NOT NULL DEFAULT 0,
|
|
window_start TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
|
|
);
|
|
|
|
COMMENT ON TABLE boundary_usage_stats IS 'Per-replica boundary usage statistics for telemetry aggregation.';
|
|
COMMENT ON COLUMN boundary_usage_stats.replica_id IS 'The unique identifier of the replica reporting stats.';
|
|
COMMENT ON COLUMN boundary_usage_stats.unique_workspaces_count IS 'Count of unique workspaces that used boundary on this replica.';
|
|
COMMENT ON COLUMN boundary_usage_stats.unique_users_count IS 'Count of unique users that used boundary on this replica.';
|
|
COMMENT ON COLUMN boundary_usage_stats.allowed_requests IS 'Total allowed requests through boundary on this replica.';
|
|
COMMENT ON COLUMN boundary_usage_stats.denied_requests IS 'Total denied requests through boundary on this replica.';
|
|
COMMENT ON COLUMN boundary_usage_stats.window_start IS 'Start of the time window for these stats, set on first flush after reset.';
|
|
COMMENT ON COLUMN boundary_usage_stats.updated_at IS 'Timestamp of the last update to this row.';
|
|
|
|
-- Add boundary_usage_summary to the telemetry_locks event_type constraint.
|
|
ALTER TABLE telemetry_locks DROP CONSTRAINT telemetry_lock_event_type_constraint;
|
|
ALTER TABLE telemetry_locks ADD CONSTRAINT telemetry_lock_event_type_constraint
|
|
CHECK (event_type IN ('aibridge_interceptions_summary', 'boundary_usage_summary'));
|
|
|
|
-- Add boundary_usage scopes for RBAC.
|
|
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'boundary_usage:*';
|
|
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'boundary_usage:delete';
|
|
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'boundary_usage:read';
|
|
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'boundary_usage:update';
|