@@ -24,6 +24,7 @@ import (
24
24
"github.com/coder/coder/v2/coderd/database"
25
25
"github.com/coder/coder/v2/coderd/database/dbtime"
26
26
"github.com/coder/coder/v2/coderd/httpapi/httpapiconstraints"
27
+ "github.com/coder/coder/v2/coderd/httpmw/loggermw"
27
28
"github.com/coder/coder/v2/coderd/rbac"
28
29
"github.com/coder/coder/v2/coderd/util/slice"
29
30
"github.com/coder/coder/v2/provisionersdk"
@@ -162,6 +163,7 @@ func ActorFromContext(ctx context.Context) (rbac.Subject, bool) {
162
163
163
164
var (
164
165
subjectProvisionerd = rbac.Subject {
166
+ Type :rbac .SubjectTypeProvisionerd ,
165
167
FriendlyName :"Provisioner Daemon" ,
166
168
ID :uuid .Nil .String (),
167
169
Roles :rbac .Roles ([]rbac.Role {
@@ -195,6 +197,7 @@ var (
195
197
}.WithCachedASTValue ()
196
198
197
199
subjectAutostart = rbac.Subject {
200
+ Type :rbac .SubjectTypeAutostart ,
198
201
FriendlyName :"Autostart" ,
199
202
ID :uuid .Nil .String (),
200
203
Roles :rbac .Roles ([]rbac.Role {
@@ -218,6 +221,7 @@ var (
218
221
219
222
// See unhanger package.
220
223
subjectHangDetector = rbac.Subject {
224
+ Type :rbac .SubjectTypeHangDetector ,
221
225
FriendlyName :"Hang Detector" ,
222
226
ID :uuid .Nil .String (),
223
227
Roles :rbac .Roles ([]rbac.Role {
@@ -238,6 +242,7 @@ var (
238
242
239
243
// See cryptokeys package.
240
244
subjectCryptoKeyRotator = rbac.Subject {
245
+ Type :rbac .SubjectTypeCryptoKeyRotator ,
241
246
FriendlyName :"Crypto Key Rotator" ,
242
247
ID :uuid .Nil .String (),
243
248
Roles :rbac .Roles ([]rbac.Role {
@@ -256,6 +261,7 @@ var (
256
261
257
262
// See cryptokeys package.
258
263
subjectCryptoKeyReader = rbac.Subject {
264
+ Type :rbac .SubjectTypeCryptoKeyReader ,
259
265
FriendlyName :"Crypto Key Reader" ,
260
266
ID :uuid .Nil .String (),
261
267
Roles :rbac .Roles ([]rbac.Role {
@@ -273,6 +279,7 @@ var (
273
279
}.WithCachedASTValue ()
274
280
275
281
subjectNotifier = rbac.Subject {
282
+ Type :rbac .SubjectTypeNotifier ,
276
283
FriendlyName :"Notifier" ,
277
284
ID :uuid .Nil .String (),
278
285
Roles :rbac .Roles ([]rbac.Role {
@@ -290,6 +297,7 @@ var (
290
297
}.WithCachedASTValue ()
291
298
292
299
subjectResourceMonitor = rbac.Subject {
300
+ Type :rbac .SubjectTypeResourceMonitor ,
293
301
FriendlyName :"Resource Monitor" ,
294
302
ID :uuid .Nil .String (),
295
303
Roles :rbac .Roles ([]rbac.Role {
@@ -308,6 +316,7 @@ var (
308
316
}.WithCachedASTValue ()
309
317
310
318
subjectSystemRestricted = rbac.Subject {
319
+ Type :rbac .SubjectTypeSystemRestricted ,
311
320
FriendlyName :"System" ,
312
321
ID :uuid .Nil .String (),
313
322
Roles :rbac .Roles ([]rbac.Role {
@@ -342,6 +351,7 @@ var (
342
351
}.WithCachedASTValue ()
343
352
344
353
subjectSystemReadProvisionerDaemons = rbac.Subject {
354
+ Type :rbac .SubjectTypeSystemReadProvisionerDaemons ,
345
355
FriendlyName :"Provisioner Daemons Reader" ,
346
356
ID :uuid .Nil .String (),
347
357
Roles :rbac .Roles ([]rbac.Role {
@@ -362,53 +372,53 @@ var (
362
372
// AsProvisionerd returns a context with an actor that has permissions required
363
373
// for provisionerd to function.
364
374
func AsProvisionerd (ctx context.Context ) context.Context {
365
- return context . WithValue (ctx , authContextKey {} ,subjectProvisionerd )
375
+ return As (ctx ,subjectProvisionerd )
366
376
}
367
377
368
378
// AsAutostart returns a context with an actor that has permissions required
369
379
// for autostart to function.
370
380
func AsAutostart (ctx context.Context ) context.Context {
371
- return context . WithValue (ctx , authContextKey {} ,subjectAutostart )
381
+ return As (ctx ,subjectAutostart )
372
382
}
373
383
374
384
// AsHangDetector returns a context with an actor that has permissions required
375
385
// for unhanger.Detector to function.
376
386
func AsHangDetector (ctx context.Context ) context.Context {
377
- return context . WithValue (ctx , authContextKey {} ,subjectHangDetector )
387
+ return As (ctx ,subjectHangDetector )
378
388
}
379
389
380
390
// AsKeyRotator returns a context with an actor that has permissions required for rotating crypto keys.
381
391
func AsKeyRotator (ctx context.Context ) context.Context {
382
- return context . WithValue (ctx , authContextKey {} ,subjectCryptoKeyRotator )
392
+ return As (ctx ,subjectCryptoKeyRotator )
383
393
}
384
394
385
395
// AsKeyReader returns a context with an actor that has permissions required for reading crypto keys.
386
396
func AsKeyReader (ctx context.Context ) context.Context {
387
- return context . WithValue (ctx , authContextKey {} ,subjectCryptoKeyReader )
397
+ return As (ctx ,subjectCryptoKeyReader )
388
398
}
389
399
390
400
// AsNotifier returns a context with an actor that has permissions required for
391
401
// creating/reading/updating/deleting notifications.
392
402
func AsNotifier (ctx context.Context ) context.Context {
393
- return context . WithValue (ctx , authContextKey {} ,subjectNotifier )
403
+ return As (ctx ,subjectNotifier )
394
404
}
395
405
396
406
// AsResourceMonitor returns a context with an actor that has permissions required for
397
407
// updating resource monitors.
398
408
func AsResourceMonitor (ctx context.Context ) context.Context {
399
- return context . WithValue (ctx , authContextKey {} ,subjectResourceMonitor )
409
+ return As (ctx ,subjectResourceMonitor )
400
410
}
401
411
402
412
// AsSystemRestricted returns a context with an actor that has permissions
403
413
// required for various system operations (login, logout, metrics cache).
404
414
func AsSystemRestricted (ctx context.Context ) context.Context {
405
- return context . WithValue (ctx , authContextKey {} ,subjectSystemRestricted )
415
+ return As (ctx ,subjectSystemRestricted )
406
416
}
407
417
408
418
// AsSystemReadProvisionerDaemons returns a context with an actor that has permissions
409
419
// to read provisioner daemons.
410
420
func AsSystemReadProvisionerDaemons (ctx context.Context ) context.Context {
411
- return context . WithValue (ctx , authContextKey {} ,subjectSystemReadProvisionerDaemons )
421
+ return As (ctx ,subjectSystemReadProvisionerDaemons )
412
422
}
413
423
414
424
var AsRemoveActor = rbac.Subject {
@@ -426,6 +436,9 @@ func As(ctx context.Context, actor rbac.Subject) context.Context {
426
436
// should be removed from the context.
427
437
return context .WithValue (ctx ,authContextKey {},nil )
428
438
}
439
+ if rlogger := loggermw .RequestLoggerFromContext (ctx );rlogger != nil {
440
+ rlogger .WithAuthContext (actor )
441
+ }
429
442
return context .WithValue (ctx ,authContextKey {},actor )
430
443
}
431
444