Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit4e51f20

Browse files
committed
feat(coderd): add matched provisioner daemons information to additional template-related endpoints
1 parentba944ab commit4e51f20

File tree

3 files changed

+140
-8
lines changed

3 files changed

+140
-8
lines changed

‎coderd/database/dbauthz/dbauthz.go‎

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -317,6 +317,23 @@ var (
317317
}),
318318
Scope:rbac.ScopeAll,
319319
}.WithCachedASTValue()
320+
321+
subjectSystemReadProvisionerDaemons= rbac.Subject{
322+
FriendlyName:"System",
323+
ID:uuid.Nil.String(),
324+
Roles:rbac.Roles([]rbac.Role{
325+
{
326+
Identifier: rbac.RoleIdentifier{Name:"system-read-provisioner-daemons"},
327+
DisplayName:"Coder",
328+
Site:rbac.Permissions(map[string][]policy.Action{
329+
rbac.ResourceProvisionerDaemon.Type: {policy.ActionRead},
330+
}),
331+
Org:map[string][]rbac.Permission{},
332+
User: []rbac.Permission{},
333+
},
334+
}),
335+
Scope:rbac.ScopeAll,
336+
}.WithCachedASTValue()
320337
)
321338

322339
// AsProvisionerd returns a context with an actor that has permissions required
@@ -359,6 +376,12 @@ func AsSystemRestricted(ctx context.Context) context.Context {
359376
returncontext.WithValue(ctx,authContextKey{},subjectSystemRestricted)
360377
}
361378

379+
// AsSystemReadProvisionerDaemons returns a context with an actor that has permissions
380+
// to read provisioner daemons.
381+
funcAsSystemReadProvisionerDaemons(ctx context.Context) context.Context {
382+
returncontext.WithValue(ctx,authContextKey{},subjectSystemReadProvisionerDaemons)
383+
}
384+
362385
varAsRemoveActor= rbac.Subject{
363386
ID:"remove-actor",
364387
}

‎coderd/templateversions.go‎

Lines changed: 90 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ import (
2222
"github.com/coder/coder/v2/coderd/audit"
2323
"github.com/coder/coder/v2/coderd/database"
2424
"github.com/coder/coder/v2/coderd/database/db2sdk"
25+
"github.com/coder/coder/v2/coderd/database/dbauthz"
2526
"github.com/coder/coder/v2/coderd/database/dbtime"
2627
"github.com/coder/coder/v2/coderd/database/provisionerjobs"
2728
"github.com/coder/coder/v2/coderd/externalauth"
@@ -32,6 +33,7 @@ import (
3233
"github.com/coder/coder/v2/coderd/rbac/policy"
3334
"github.com/coder/coder/v2/coderd/render"
3435
"github.com/coder/coder/v2/coderd/tracing"
36+
"github.com/coder/coder/v2/coderd/util/ptr"
3537
"github.com/coder/coder/v2/codersdk"
3638
"github.com/coder/coder/v2/examples"
3739
"github.com/coder/coder/v2/provisioner/terraform/tfparse"
@@ -60,6 +62,22 @@ func (api *API) templateVersion(rw http.ResponseWriter, r *http.Request) {
6062
return
6163
}
6264

65+
varmatchedProvisioners*codersdk.MatchedProvisioners
66+
ifjobs[0].ProvisionerJob.JobStatus==database.ProvisionerJobStatusPending {
67+
// nolint: gocritic // The user hitting this endpoint may not have
68+
// permission to read provisioner daemons, but we want to show them
69+
// information about the provisioner daemons that are available.
70+
provisioners,err:=api.Database.GetProvisionerDaemonsByOrganization(dbauthz.AsSystemReadProvisionerDaemons(ctx), database.GetProvisionerDaemonsByOrganizationParams{
71+
OrganizationID:jobs[0].ProvisionerJob.OrganizationID,
72+
WantTags:jobs[0].ProvisionerJob.Tags,
73+
})
74+
iferr!=nil {
75+
api.Logger.Error(ctx,"failed to fetch provisioners for job id",slog.F("job_id",jobs[0].ProvisionerJob.ID),slog.Error(err))
76+
}else {
77+
matchedProvisioners=ptr.Ref(db2sdk.MatchedProvisioners(provisioners,dbtime.Now(),provisionerdserver.StaleInterval))
78+
}
79+
}
80+
6381
schemas,err:=api.Database.GetParameterSchemasByJobID(ctx,jobs[0].ProvisionerJob.ID)
6482
iferrors.Is(err,sql.ErrNoRows) {
6583
err=nil
@@ -77,7 +95,7 @@ func (api *API) templateVersion(rw http.ResponseWriter, r *http.Request) {
7795
warnings=append(warnings,codersdk.TemplateVersionWarningUnsupportedWorkspaces)
7896
}
7997

80-
httpapi.Write(ctx,rw,http.StatusOK,convertTemplateVersion(templateVersion,convertProvisionerJob(jobs[0]),nil,warnings))
98+
httpapi.Write(ctx,rw,http.StatusOK,convertTemplateVersion(templateVersion,convertProvisionerJob(jobs[0]),matchedProvisioners,warnings))
8199
}
82100

83101
// @Summary Patch template version by ID
@@ -173,7 +191,23 @@ func (api *API) patchTemplateVersion(rw http.ResponseWriter, r *http.Request) {
173191
return
174192
}
175193

176-
httpapi.Write(ctx,rw,http.StatusOK,convertTemplateVersion(updatedTemplateVersion,convertProvisionerJob(jobs[0]),nil,nil))
194+
varmatchedProvisioners*codersdk.MatchedProvisioners
195+
ifjobs[0].ProvisionerJob.JobStatus==database.ProvisionerJobStatusPending {
196+
// nolint: gocritic // The user hitting this endpoint may not have
197+
// permission to read provisioner daemons, but we want to show them
198+
// information about the provisioner daemons that are available.
199+
provisioners,err:=api.Database.GetProvisionerDaemonsByOrganization(dbauthz.AsSystemReadProvisionerDaemons(ctx), database.GetProvisionerDaemonsByOrganizationParams{
200+
OrganizationID:jobs[0].ProvisionerJob.OrganizationID,
201+
WantTags:jobs[0].ProvisionerJob.Tags,
202+
})
203+
iferr!=nil {
204+
api.Logger.Error(ctx,"failed to fetch provisioners for job id",slog.F("job_id",jobs[0].ProvisionerJob.ID),slog.Error(err))
205+
}else {
206+
matchedProvisioners=ptr.Ref(db2sdk.MatchedProvisioners(provisioners,dbtime.Now(),provisionerdserver.StaleInterval))
207+
}
208+
}
209+
210+
httpapi.Write(ctx,rw,http.StatusOK,convertTemplateVersion(updatedTemplateVersion,convertProvisionerJob(jobs[0]),matchedProvisioners,nil))
177211
}
178212

179213
// @Summary Cancel template version by ID
@@ -868,8 +902,23 @@ func (api *API) templateVersionByName(rw http.ResponseWriter, r *http.Request) {
868902
})
869903
return
870904
}
905+
varmatchedProvisioners*codersdk.MatchedProvisioners
906+
ifjobs[0].ProvisionerJob.JobStatus==database.ProvisionerJobStatusPending {
907+
// nolint: gocritic // The user hitting this endpoint may not have
908+
// permission to read provisioner daemons, but we want to show them
909+
// information about the provisioner daemons that are available.
910+
provisioners,err:=api.Database.GetProvisionerDaemonsByOrganization(dbauthz.AsSystemReadProvisionerDaemons(ctx), database.GetProvisionerDaemonsByOrganizationParams{
911+
OrganizationID:jobs[0].ProvisionerJob.OrganizationID,
912+
WantTags:jobs[0].ProvisionerJob.Tags,
913+
})
914+
iferr!=nil {
915+
api.Logger.Error(ctx,"failed to fetch provisioners for job id",slog.F("job_id",jobs[0].ProvisionerJob.ID),slog.Error(err))
916+
}else {
917+
matchedProvisioners=ptr.Ref(db2sdk.MatchedProvisioners(provisioners,dbtime.Now(),provisionerdserver.StaleInterval))
918+
}
919+
}
871920

872-
httpapi.Write(ctx,rw,http.StatusOK,convertTemplateVersion(templateVersion,convertProvisionerJob(jobs[0]),nil,nil))
921+
httpapi.Write(ctx,rw,http.StatusOK,convertTemplateVersion(templateVersion,convertProvisionerJob(jobs[0]),matchedProvisioners,nil))
873922
}
874923

875924
// @Summary Get template version by organization, template, and name
@@ -934,7 +983,23 @@ func (api *API) templateVersionByOrganizationTemplateAndName(rw http.ResponseWri
934983
return
935984
}
936985

937-
httpapi.Write(ctx,rw,http.StatusOK,convertTemplateVersion(templateVersion,convertProvisionerJob(jobs[0]),nil,nil))
986+
varmatchedProvisioners*codersdk.MatchedProvisioners
987+
ifjobs[0].ProvisionerJob.JobStatus==database.ProvisionerJobStatusPending {
988+
// nolint: gocritic // The user hitting this endpoint may not have
989+
// permission to read provisioner daemons, but we want to show them
990+
// information about the provisioner daemons that are available.
991+
provisioners,err:=api.Database.GetProvisionerDaemonsByOrganization(dbauthz.AsSystemReadProvisionerDaemons(ctx), database.GetProvisionerDaemonsByOrganizationParams{
992+
OrganizationID:jobs[0].ProvisionerJob.OrganizationID,
993+
WantTags:jobs[0].ProvisionerJob.Tags,
994+
})
995+
iferr!=nil {
996+
api.Logger.Error(ctx,"failed to fetch provisioners for job id",slog.F("job_id",jobs[0].ProvisionerJob.ID),slog.Error(err))
997+
}else {
998+
matchedProvisioners=ptr.Ref(db2sdk.MatchedProvisioners(provisioners,dbtime.Now(),provisionerdserver.StaleInterval))
999+
}
1000+
}
1001+
1002+
httpapi.Write(ctx,rw,http.StatusOK,convertTemplateVersion(templateVersion,convertProvisionerJob(jobs[0]),matchedProvisioners,nil))
9381003
}
9391004

9401005
// @Summary Get previous template version by organization, template, and name
@@ -1020,7 +1085,23 @@ func (api *API) previousTemplateVersionByOrganizationTemplateAndName(rw http.Res
10201085
return
10211086
}
10221087

1023-
httpapi.Write(ctx,rw,http.StatusOK,convertTemplateVersion(previousTemplateVersion,convertProvisionerJob(jobs[0]),nil,nil))
1088+
varmatchedProvisioners*codersdk.MatchedProvisioners
1089+
ifjobs[0].ProvisionerJob.JobStatus==database.ProvisionerJobStatusPending {
1090+
// nolint: gocritic // The user hitting this endpoint may not have
1091+
// permission to read provisioner daemons, but we want to show them
1092+
// information about the provisioner daemons that are available.
1093+
provisioners,err:=api.Database.GetProvisionerDaemonsByOrganization(dbauthz.AsSystemReadProvisionerDaemons(ctx), database.GetProvisionerDaemonsByOrganizationParams{
1094+
OrganizationID:jobs[0].ProvisionerJob.OrganizationID,
1095+
WantTags:jobs[0].ProvisionerJob.Tags,
1096+
})
1097+
iferr!=nil {
1098+
api.Logger.Error(ctx,"failed to fetch provisioners for job id",slog.F("job_id",jobs[0].ProvisionerJob.ID),slog.Error(err))
1099+
}else {
1100+
matchedProvisioners=ptr.Ref(db2sdk.MatchedProvisioners(provisioners,dbtime.Now(),provisionerdserver.StaleInterval))
1101+
}
1102+
}
1103+
1104+
httpapi.Write(ctx,rw,http.StatusOK,convertTemplateVersion(previousTemplateVersion,convertProvisionerJob(jobs[0]),matchedProvisioners,nil))
10241105
}
10251106

10261107
// @Summary Archive template unused versions by template id
@@ -1540,7 +1621,10 @@ func (api *API) postTemplateVersionsByOrganization(rw http.ResponseWriter, r *ht
15401621

15411622
// Check for eligible provisioners. This allows us to return a warning to the user if they
15421623
// submit a job for which no provisioner is available.
1543-
eligibleProvisioners,err:=tx.GetProvisionerDaemonsByOrganization(ctx, database.GetProvisionerDaemonsByOrganizationParams{
1624+
// nolint: gocritic // The user hitting this endpoint may not have
1625+
// permission to read provisioner daemons, but we want to show them
1626+
// information about the provisioner daemons that are available.
1627+
eligibleProvisioners,err:=tx.GetProvisionerDaemonsByOrganization(dbauthz.AsSystemReadProvisionerDaemons(ctx), database.GetProvisionerDaemonsByOrganizationParams{
15441628
OrganizationID:organization.ID,
15451629
WantTags:provisionerJob.Tags,
15461630
})

‎coderd/templateversions_test.go‎

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,12 @@ func TestTemplateVersion(t *testing.T) {
5050
tv,err:=client.TemplateVersion(ctx,version.ID)
5151
authz.AssertChecked(t,policy.ActionRead,tv)
5252
require.NoError(t,err)
53+
ifassert.Equal(t,tv.Job.Status,codersdk.ProvisionerJobPending) {
54+
assert.NotNil(t,tv.MatchedProvisioners)
55+
assert.Zero(t,tv.MatchedProvisioners.Available)
56+
assert.Zero(t,tv.MatchedProvisioners.Count)
57+
assert.False(t,tv.MatchedProvisioners.MostRecentlySeen.Valid)
58+
}
5359

5460
assert.Equal(t,"bananas",tv.Name)
5561
assert.Equal(t,"first try",tv.Message)
@@ -87,8 +93,14 @@ func TestTemplateVersion(t *testing.T) {
8793

8894
client1,_:=coderdtest.CreateAnotherUser(t,client,user.OrganizationID)
8995

90-
_,err:=client1.TemplateVersion(ctx,version.ID)
96+
tv,err:=client1.TemplateVersion(ctx,version.ID)
9197
require.NoError(t,err)
98+
ifassert.Equal(t,tv.Job.Status,codersdk.ProvisionerJobPending) {
99+
assert.NotNil(t,tv.MatchedProvisioners)
100+
assert.Zero(t,tv.MatchedProvisioners.Available)
101+
assert.Zero(t,tv.MatchedProvisioners.Count)
102+
assert.False(t,tv.MatchedProvisioners.MostRecentlySeen.Valid)
103+
}
92104
})
93105
}
94106

@@ -158,6 +170,12 @@ func TestPostTemplateVersionsByOrganization(t *testing.T) {
158170
require.NoError(t,err)
159171
require.Equal(t,"bananas",version.Name)
160172
require.Equal(t,provisionersdk.ScopeOrganization,version.Job.Tags[provisionersdk.TagScope])
173+
ifassert.Equal(t,version.Job.Status,codersdk.ProvisionerJobPending) {
174+
assert.NotNil(t,version.MatchedProvisioners)
175+
assert.Equal(t,version.MatchedProvisioners.Available,1)
176+
assert.Equal(t,version.MatchedProvisioners.Count,1)
177+
assert.True(t,version.MatchedProvisioners.MostRecentlySeen.Valid)
178+
}
161179

162180
require.Len(t,auditor.AuditLogs(),2)
163181
assert.Equal(t,database.AuditActionCreate,auditor.AuditLogs()[1].Action)
@@ -790,8 +808,15 @@ func TestTemplateVersionByName(t *testing.T) {
790808
ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)
791809
defercancel()
792810

793-
_,err:=client.TemplateVersionByName(ctx,template.ID,version.Name)
811+
tv,err:=client.TemplateVersionByName(ctx,template.ID,version.Name)
794812
require.NoError(t,err)
813+
814+
ifassert.Equal(t,tv.Job.Status,codersdk.ProvisionerJobPending) {
815+
assert.NotNil(t,tv.MatchedProvisioners)
816+
assert.Zero(t,tv.MatchedProvisioners.Available)
817+
assert.Zero(t,tv.MatchedProvisioners.Count)
818+
assert.False(t,tv.MatchedProvisioners.MostRecentlySeen.Valid)
819+
}
795820
})
796821
}
797822

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp