NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit335eb05

authored

feat: add keys to organization provision daemons (#14627)

1 parent4afce19 commit335eb05Copy full SHA for 335eb05

File tree

32 files changed

+728

-72

lines changed

coderd
- apidoc
  - docs.go
  - swagger.json
- coderd.go
- database
  - db2sdk
    - db2sdk.go
  - dbauthz
    - dbauthz.go
    - dbauthz_test.go
  - dbmem
    - dbmem.go
  - dbmetrics
    - dbmetrics.go
  - dbmock
    - dbmock.go
  - dbpurge
    - dbpurge_test.go
  - dump.sql
  - foreign_key_constraint.go
  - migrations
    - 000250_built_in_psk_provisioner_keys.down.sql
    - 000250_built_in_psk_provisioner_keys.up.sql
  - models.go
  - querier.go
  - queries
    - provisionerdaemons.sql
    - provisionerkeys.sql
  - queries.sql.go
- healthcheck
  - provisioner.go
- provisionerdserver
  - provisionerdserver_test.go
codersdk
- provisionerdaemons.go
docs/reference/api
enterprise/coderd
site/src
- api
  - typesGenerated.ts
- testHelpers
  - entities.ts

32 files changed

+728

-72

lines changed

`‎coderd/apidoc/docs.go`

Lines changed: 55 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/apidoc/swagger.json`

Lines changed: 51 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/coderd.go`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1491,6 +1491,11 @@ func (api *API) CreateInMemoryTaggedProvisionerDaemon(dialCtx context.Context, n`
`1491`	`1491`	`dbTypes=append(dbTypes,database.ProvisionerType(tp))`
`1492`	`1492`	`}`
`1493`	`1493`
	`1494`	`+keyID,err:=uuid.Parse(string(codersdk.ProvisionerKeyIDBuiltIn))`
	`1495`	`+iferr!=nil {`
	`1496`	`+returnnil,xerrors.Errorf("failed to parse built-in provisioner key ID: %w",err)`
	`1497`	`+}`
	`1498`	`+`
`1494`	`1499`	`//nolint:gocritic // in-memory provisioners are owned by system`
`1495`	`1500`	`daemon,err:=api.Database.UpsertProvisionerDaemon(dbauthz.AsSystemRestricted(dialCtx), database.UpsertProvisionerDaemonParams{`
`1496`	`1501`	`Name:name,`
`@@ -1501,6 +1506,7 @@ func (api *API) CreateInMemoryTaggedProvisionerDaemon(dialCtx context.Context, n`
`1501`	`1506`	`LastSeenAt: sql.NullTime{Time:dbtime.Now(),Valid:true},`
`1502`	`1507`	`Version:buildinfo.Version(),`
`1503`	`1508`	`APIVersion:proto.CurrentVersion.String(),`
	`1509`	`+KeyID:keyID,`
`1504`	`1510`	`})`
`1505`	`1511`	`iferr!=nil {`
`1506`	`1512`	`returnnil,xerrors.Errorf("failed to create in-memory provisioner daemon: %w",err)`

`‎coderd/database/db2sdk/db2sdk.go`

Lines changed: 25 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -533,13 +533,38 @@ func ProvisionerDaemon(dbDaemon database.ProvisionerDaemon) codersdk.Provisioner`
`533`	`533`	`Tags:dbDaemon.Tags,`
`534`	`534`	`Version:dbDaemon.Version,`
`535`	`535`	`APIVersion:dbDaemon.APIVersion,`
	`536`	`+KeyID:dbDaemon.KeyID,`
`536`	`537`	`}`
`537`	`538`	`for_,provisionerType:=rangedbDaemon.Provisioners {`
`538`	`539`	`result.Provisioners=append(result.Provisioners,codersdk.ProvisionerType(provisionerType))`
`539`	`540`	`}`
`540`	`541`	`returnresult`
`541`	`542`	`}`
`542`	`543`
	`544`	`+funcRecentProvisionerDaemons(now time.Time,staleInterval time.Duration,daemons []database.ProvisionerDaemon) []codersdk.ProvisionerDaemon {`
	`545`	`+results:= []codersdk.ProvisionerDaemon{}`
	`546`	`+`
	`547`	`+for_,daemon:=rangedaemons {`
	`548`	`+// Daemon never connected, skip.`
	`549`	`+if!daemon.LastSeenAt.Valid {`
	`550`	`+continue`
	`551`	`+}`
	`552`	`+// Daemon has gone away, skip.`
	`553`	`+ifnow.Sub(daemon.LastSeenAt.Time)>staleInterval {`
	`554`	`+continue`
	`555`	`+}`
	`556`	`+`
	`557`	`+results=append(results,ProvisionerDaemon(daemon))`
	`558`	`+}`
	`559`	`+`
	`560`	`+// Ensure stable order for display and for tests`
	`561`	`+sort.Slice(results,func(i,jint)bool {`
	`562`	`+returnresults[i].Name<results[j].Name`
	`563`	`+})`
	`564`	`+`
	`565`	`+returnresults`
	`566`	`+}`
	`567`	`+`
`543`	`568`	`funcSlimRole(role rbac.Role) codersdk.SlimRole {`
`544`	`569`	`orgID:=""`
`545`	`570`	`ifrole.Identifier.OrganizationID!=uuid.Nil {`

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3066,6 +3066,10 @@ func (q *querier) ListProvisionerKeysByOrganization(ctx context.Context, organiz`
`3066`	`3066`	`returnfetchWithPostFilter(q.auth,policy.ActionRead,q.db.ListProvisionerKeysByOrganization)(ctx,organizationID)`
`3067`	`3067`	`}`
`3068`	`3068`
	`3069`	`+func (q*querier)ListProvisionerKeysByOrganizationExcludeReserved(ctx context.Context,organizationID uuid.UUID) ([]database.ProvisionerKey,error) {`
	`3070`	`+returnfetchWithPostFilter(q.auth,policy.ActionRead,q.db.ListProvisionerKeysByOrganizationExcludeReserved)(ctx,organizationID)`
	`3071`	`+}`
	`3072`	`+`
`3069`	`3073`	`func (q*querier)ListWorkspaceAgentPortShares(ctx context.Context,workspaceID uuid.UUID) ([]database.WorkspaceAgentPortShare,error) {`
`3070`	`3074`	`workspace,err:=q.db.GetWorkspaceByID(ctx,workspaceID)`
`3071`	`3075`	`iferr!=nil {`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2020,6 +2020,19 @@ func (s *MethodTestSuite) TestProvisionerKeys() {`
`2020`	`2020`	`}`
`2021`	`2021`	`check.Args(org.ID).Asserts(pk,policy.ActionRead).Returns(pks)`
`2022`	`2022`	`}))`
	`2023`	`+s.Run("ListProvisionerKeysByOrganizationExcludeReserved",s.Subtest(func(db database.Store,check*expects) {`
	`2024`	`+org:=dbgen.Organization(s.T(),db, database.Organization{})`
	`2025`	`+pk:=dbgen.ProvisionerKey(s.T(),db, database.ProvisionerKey{OrganizationID:org.ID})`
	`2026`	`+pks:= []database.ProvisionerKey{`
	`2027`	`+{`
	`2028`	`+ID:pk.ID,`
	`2029`	`+CreatedAt:pk.CreatedAt,`
	`2030`	`+OrganizationID:pk.OrganizationID,`
	`2031`	`+Name:pk.Name,`
	`2032`	`+},`
	`2033`	`+}`
	`2034`	`+check.Args(org.ID).Asserts(pk,policy.ActionRead).Returns(pks)`
	`2035`	`+}))`
`2023`	`2036`	`s.Run("DeleteProvisionerKey",s.Subtest(func(db database.Store,check*expects) {`
`2024`	`2037`	`org:=dbgen.Organization(s.T(),db, database.Organization{})`
`2025`	`2038`	`pk:=dbgen.ProvisionerKey(s.T(),db, database.ProvisionerKey{OrganizationID:org.ID})`

`‎coderd/database/dbmem/dbmem.go`

Lines changed: 56 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,7 @@ func New() database.Store {`
`68`	`68`	`notificationPreferences:make([]database.NotificationPreference,0),`
`69`	`69`	`parameterSchemas:make([]database.ParameterSchema,0),`
`70`	`70`	`provisionerDaemons:make([]database.ProvisionerDaemon,0),`
	`71`	`+provisionerKeys:make([]database.ProvisionerKey,0),`
`71`	`72`	`workspaceAgents:make([]database.WorkspaceAgent,0),`
`72`	`73`	`provisionerJobLogs:make([]database.ProvisionerJobLog,0),`
`73`	`74`	`workspaceResources:make([]database.WorkspaceResource,0),`
`@@ -108,6 +109,41 @@ func New() database.Store {`
`108`	`109`
`109`	`110`	`q.defaultProxyDisplayName="Default"`
`110`	`111`	`q.defaultProxyIconURL="/emojis/1f3e1.png"`
	`112`	`+`
	`113`	`+_,err=q.InsertProvisionerKey(context.Background(), database.InsertProvisionerKeyParams{`
	`114`	`+ID:uuid.MustParse(codersdk.ProvisionerKeyIDBuiltIn),`
	`115`	`+OrganizationID:defaultOrg.ID,`
	`116`	`+CreatedAt:dbtime.Now(),`
	`117`	`+HashedSecret: []byte{},`
	`118`	`+Name:codersdk.ProvisionerKeyNameBuiltIn,`
	`119`	`+Tags:map[string]string{},`
	`120`	`+})`
	`121`	`+iferr!=nil {`
	`122`	`+panic(xerrors.Errorf("failed to create built-in provisioner key: %w",err))`
	`123`	`+}`
	`124`	`+_,err=q.InsertProvisionerKey(context.Background(), database.InsertProvisionerKeyParams{`
	`125`	`+ID:uuid.MustParse(codersdk.ProvisionerKeyIDUserAuth),`
	`126`	`+OrganizationID:defaultOrg.ID,`
	`127`	`+CreatedAt:dbtime.Now(),`
	`128`	`+HashedSecret: []byte{},`
	`129`	`+Name:codersdk.ProvisionerKeyNameUserAuth,`
	`130`	`+Tags:map[string]string{},`
	`131`	`+})`
	`132`	`+iferr!=nil {`
	`133`	`+panic(xerrors.Errorf("failed to create user-auth provisioner key: %w",err))`
	`134`	`+}`
	`135`	`+_,err=q.InsertProvisionerKey(context.Background(), database.InsertProvisionerKeyParams{`
	`136`	`+ID:uuid.MustParse(codersdk.ProvisionerKeyIDPSK),`
	`137`	`+OrganizationID:defaultOrg.ID,`
	`138`	`+CreatedAt:dbtime.Now(),`
	`139`	`+HashedSecret: []byte{},`
	`140`	`+Name:codersdk.ProvisionerKeyNamePSK,`
	`141`	`+Tags:map[string]string{},`
	`142`	`+})`
	`143`	`+iferr!=nil {`
	`144`	`+panic(xerrors.Errorf("failed to create psk provisioner key: %w",err))`
	`145`	`+}`
	`146`	`+`
`111`	`147`	`returnq`
`112`	`148`	`}`
`113`	`149`
`@@ -7582,6 +7618,25 @@ func (q *FakeQuerier) ListProvisionerKeysByOrganization(_ context.Context, organ`
`7582`	`7618`	`returnkeys,nil`
`7583`	`7619`	`}`
`7584`	`7620`
	`7621`	`+func (q*FakeQuerier)ListProvisionerKeysByOrganizationExcludeReserved(_ context.Context,organizationID uuid.UUID) ([]database.ProvisionerKey,error) {`
	`7622`	`+q.mutex.RLock()`
	`7623`	`+deferq.mutex.RUnlock()`
	`7624`	`+`
	`7625`	`+keys:=make([]database.ProvisionerKey,0)`
	`7626`	`+for_,key:=rangeq.provisionerKeys {`
	`7627`	`+ifkey.ID.String()==codersdk.ProvisionerKeyIDBuiltIn\|\|`
	`7628`	`+key.ID.String()==codersdk.ProvisionerKeyIDUserAuth\|\|`
	`7629`	`+key.ID.String()==codersdk.ProvisionerKeyIDPSK {`
	`7630`	`+continue`
	`7631`	`+}`
	`7632`	`+ifkey.OrganizationID==organizationID {`
	`7633`	`+keys=append(keys,key)`
	`7634`	`+}`
	`7635`	`+}`
	`7636`	`+`
	`7637`	`+returnkeys,nil`
	`7638`	`+}`
	`7639`	`+`
`7585`	`7640`	`func (q*FakeQuerier)ListWorkspaceAgentPortShares(_ context.Context,workspaceID uuid.UUID) ([]database.WorkspaceAgentPortShare,error) {`
`7586`	`7641`	`q.mutex.Lock()`
`7587`	`7642`	`deferq.mutex.Unlock()`
`@@ -9311,6 +9366,7 @@ func (q *FakeQuerier) UpsertProvisionerDaemon(_ context.Context, arg database.Up`
`9311`	`9366`	`Version:arg.Version,`
`9312`	`9367`	`APIVersion:arg.APIVersion,`
`9313`	`9368`	`OrganizationID:arg.OrganizationID,`
	`9369`	`+KeyID:arg.KeyID,`
`9314`	`9370`	`}`
`9315`	`9371`	`q.provisionerDaemons=append(q.provisionerDaemons,d)`
`9316`	`9372`	`returnd,nil`

`‎coderd/database/dbmetrics/dbmetrics.go`

Lines changed: 7 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbmock/dbmock.go`

Lines changed: 15 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbpurge/dbpurge_test.go`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ import (`
`26`	`26`	`"github.com/coder/coder/v2/coderd/database/dbrollup"`
`27`	`27`	`"github.com/coder/coder/v2/coderd/database/dbtestutil"`
`28`	`28`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
	`29`	`+"github.com/coder/coder/v2/codersdk"`
`29`	`30`	`"github.com/coder/coder/v2/provisionerd/proto"`
`30`	`31`	`"github.com/coder/coder/v2/provisionersdk"`
`31`	`32`	`"github.com/coder/coder/v2/testutil"`
`@@ -412,6 +413,7 @@ func TestDeleteOldProvisionerDaemons(t *testing.T) {`
`412`	`413`	`Version:"1.0.0",`
`413`	`414`	`APIVersion:proto.CurrentVersion.String(),`
`414`	`415`	`OrganizationID:defaultOrg.ID,`
	`416`	`+KeyID:uuid.MustParse(codersdk.ProvisionerKeyIDBuiltIn),`
`415`	`417`	`})`
`416`	`418`	`require.NoError(t,err)`
`417`	`419`	`_,err=db.UpsertProvisionerDaemon(ctx, database.UpsertProvisionerDaemonParams{`
`@@ -424,6 +426,7 @@ func TestDeleteOldProvisionerDaemons(t *testing.T) {`
`424`	`426`	`Version:"1.0.0",`
`425`	`427`	`APIVersion:proto.CurrentVersion.String(),`
`426`	`428`	`OrganizationID:defaultOrg.ID,`
	`429`	`+KeyID:uuid.MustParse(codersdk.ProvisionerKeyIDBuiltIn),`
`427`	`430`	`})`
`428`	`431`	`require.NoError(t,err)`
`429`	`432`	`_,err=db.UpsertProvisionerDaemon(ctx, database.UpsertProvisionerDaemonParams{`
`@@ -438,6 +441,7 @@ func TestDeleteOldProvisionerDaemons(t *testing.T) {`
`438`	`441`	`Version:"1.0.0",`
`439`	`442`	`APIVersion:proto.CurrentVersion.String(),`
`440`	`443`	`OrganizationID:defaultOrg.ID,`
	`444`	`+KeyID:uuid.MustParse(codersdk.ProvisionerKeyIDBuiltIn),`
`441`	`445`	`})`
`442`	`446`	`require.NoError(t,err)`
`443`	`447`	`_,err=db.UpsertProvisionerDaemon(ctx, database.UpsertProvisionerDaemonParams{`
`@@ -453,6 +457,7 @@ func TestDeleteOldProvisionerDaemons(t *testing.T) {`
`453`	`457`	`Version:"1.0.0",`
`454`	`458`	`APIVersion:proto.CurrentVersion.String(),`
`455`	`459`	`OrganizationID:defaultOrg.ID,`
	`460`	`+KeyID:uuid.MustParse(codersdk.ProvisionerKeyIDBuiltIn),`
`456`	`461`	`})`
`457`	`462`	`require.NoError(t,err)`
`458`	`463`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit335eb05

File tree

32 files changed

32 files changed

`‎coderd/apidoc/docs.go`

`‎coderd/apidoc/swagger.json`

`‎coderd/coderd.go`

`‎coderd/database/db2sdk/db2sdk.go`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/database/dbmem/dbmem.go`

`‎coderd/database/dbmetrics/dbmetrics.go`

`‎coderd/database/dbmock/dbmock.go`

`‎coderd/database/dbpurge/dbpurge_test.go`

0 commit comments