Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit82df8d6

Browse files
committed
add rbac resource for workspace agent devcontainer
1 parentb466e4e commit82df8d6

File tree

12 files changed

+89
-34
lines changed

12 files changed

+89
-34
lines changed

‎coderd/apidoc/docs.go

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/apidoc/swagger.json

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/database/dbauthz/dbauthz.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,7 @@ var (
186186
rbac.ResourceNotificationMessage.Type: {policy.ActionCreate,policy.ActionRead},
187187
// Provisionerd creates workspaces resources monitor
188188
rbac.ResourceWorkspaceAgentResourceMonitor.Type: {policy.ActionCreate},
189+
rbac.ResourceWorkspaceAgentDevcontainers.Type: {policy.ActionCreate},
189190
}),
190191
Org:map[string][]rbac.Permission{},
191192
User: []rbac.Permission{},
@@ -3399,9 +3400,7 @@ func (q *querier) InsertWorkspaceAgent(ctx context.Context, arg database.InsertW
33993400
}
34003401

34013402
func (q*querier)InsertWorkspaceAgentDevcontainers(ctx context.Context,arg database.InsertWorkspaceAgentDevcontainersParams) ([]database.WorkspaceAgentDevcontainer,error) {
3402-
// TODO: This should probably be a new RBAC resource and not rely on ResourceSystem.
3403-
// See: https://github.com/coder/coder/issues/13315
3404-
iferr:=q.authorizeContext(ctx,policy.ActionCreate,rbac.ResourceSystem);err!=nil {
3403+
iferr:=q.authorizeContext(ctx,policy.ActionCreate,rbac.ResourceWorkspaceAgentDevcontainers);err!=nil {
34053404
returnnil,err
34063405
}
34073406
returnq.db.InsertWorkspaceAgentDevcontainers(ctx,arg)

‎coderd/database/dbauthz/dbauthz_test.go

Lines changed: 42 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -3988,37 +3988,6 @@ func (s *MethodTestSuite) TestSystemFunctions() {
39883988
WorkspaceResourceID:uuid.New(),
39893989
}).Asserts(rbac.ResourceSystem,policy.ActionCreate)
39903990
}))
3991-
s.Run("InsertWorkspaceAgentDevcontainers",s.Subtest(func(db database.Store,check*expects) {
3992-
u:=dbgen.User(s.T(),db, database.User{})
3993-
o:=dbgen.Organization(s.T(),db, database.Organization{})
3994-
tpl:=dbgen.Template(s.T(),db, database.Template{
3995-
OrganizationID:o.ID,
3996-
CreatedBy:u.ID,
3997-
})
3998-
tv:=dbgen.TemplateVersion(s.T(),db, database.TemplateVersion{
3999-
TemplateID: uuid.NullUUID{UUID:tpl.ID,Valid:true},
4000-
OrganizationID:o.ID,
4001-
CreatedBy:u.ID,
4002-
})
4003-
w:=dbgen.Workspace(s.T(),db, database.WorkspaceTable{
4004-
TemplateID:tpl.ID,
4005-
OrganizationID:o.ID,
4006-
OwnerID:u.ID,
4007-
})
4008-
j:=dbgen.ProvisionerJob(s.T(),db,nil, database.ProvisionerJob{
4009-
Type:database.ProvisionerJobTypeWorkspaceBuild,
4010-
})
4011-
b:=dbgen.WorkspaceBuild(s.T(),db, database.WorkspaceBuild{
4012-
JobID:j.ID,
4013-
WorkspaceID:w.ID,
4014-
TemplateVersionID:tv.ID,
4015-
})
4016-
res:=dbgen.WorkspaceResource(s.T(),db, database.WorkspaceResource{JobID:b.JobID})
4017-
agt:=dbgen.WorkspaceAgent(s.T(),db, database.WorkspaceAgent{ResourceID:res.ID})
4018-
check.Args(database.InsertWorkspaceAgentDevcontainersParams{
4019-
WorkspaceAgentID:agt.ID,
4020-
}).Asserts(rbac.ResourceSystem,policy.ActionCreate)
4021-
}))
40223991
s.Run("UpdateWorkspaceAgentConnectionByID",s.Subtest(func(db database.Store,check*expects) {
40233992
dbtestutil.DisableForeignKeysAndTriggers(s.T(),db)
40243993
ws:=dbgen.Workspace(s.T(),db, database.WorkspaceTable{})
@@ -5082,3 +5051,45 @@ func (s *MethodTestSuite) TestResourcesMonitor() {
50825051
check.Args(agt.ID).Asserts(w,policy.ActionRead).Returns(monitors)
50835052
}))
50845053
}
5054+
5055+
func (s*MethodTestSuite)TestResourcesProvisionerdserver() {
5056+
createAgent:=func(t*testing.T,db database.Store) (database.WorkspaceAgent, database.WorkspaceTable) {
5057+
t.Helper()
5058+
5059+
u:=dbgen.User(t,db, database.User{})
5060+
o:=dbgen.Organization(t,db, database.Organization{})
5061+
tpl:=dbgen.Template(t,db, database.Template{
5062+
OrganizationID:o.ID,
5063+
CreatedBy:u.ID,
5064+
})
5065+
tv:=dbgen.TemplateVersion(t,db, database.TemplateVersion{
5066+
TemplateID: uuid.NullUUID{UUID:tpl.ID,Valid:true},
5067+
OrganizationID:o.ID,
5068+
CreatedBy:u.ID,
5069+
})
5070+
w:=dbgen.Workspace(t,db, database.WorkspaceTable{
5071+
TemplateID:tpl.ID,
5072+
OrganizationID:o.ID,
5073+
OwnerID:u.ID,
5074+
})
5075+
j:=dbgen.ProvisionerJob(t,db,nil, database.ProvisionerJob{
5076+
Type:database.ProvisionerJobTypeWorkspaceBuild,
5077+
})
5078+
b:=dbgen.WorkspaceBuild(t,db, database.WorkspaceBuild{
5079+
JobID:j.ID,
5080+
WorkspaceID:w.ID,
5081+
TemplateVersionID:tv.ID,
5082+
})
5083+
res:=dbgen.WorkspaceResource(t,db, database.WorkspaceResource{JobID:b.JobID})
5084+
agt:=dbgen.WorkspaceAgent(t,db, database.WorkspaceAgent{ResourceID:res.ID})
5085+
5086+
returnagt,w
5087+
}
5088+
5089+
s.Run("InsertWorkspaceAgentDevcontainers",s.Subtest(func(db database.Store,check*expects) {
5090+
agt,_:=createAgent(s.T(),db)
5091+
check.Args(database.InsertWorkspaceAgentDevcontainersParams{
5092+
WorkspaceAgentID:agt.ID,
5093+
}).Asserts(rbac.ResourceWorkspaceAgentDevcontainers,policy.ActionCreate)
5094+
}))
5095+
}

‎coderd/rbac/object_gen.go

Lines changed: 8 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/rbac/policy/policy.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -309,4 +309,9 @@ var RBACPermissions = map[string]PermissionDefinition{
309309
ActionUpdate:actDef("update workspace agent resource monitor"),
310310
},
311311
},
312+
"workspace_agent_devcontainers": {
313+
Actions:map[Action]ActionDefinition{
314+
ActionCreate:actDef("create workspace agent devcontainers"),
315+
},
316+
},
312317
}

‎coderd/rbac/roles_test.go

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -806,6 +806,21 @@ func TestRolePermissions(t *testing.T) {
806806
},
807807
},
808808
},
809+
{
810+
Name:"WorkspaceAgentDevcontainers",
811+
Actions: []policy.Action{policy.ActionCreate},
812+
Resource:rbac.ResourceWorkspaceAgentDevcontainers,
813+
AuthorizeMap:map[bool][]hasAuthSubjects{
814+
true: {owner},
815+
false: {
816+
memberMe,orgMemberMe,otherOrgMember,
817+
orgAdmin,otherOrgAdmin,
818+
orgAuditor,otherOrgAuditor,
819+
templateAdmin,orgTemplateAdmin,otherOrgTemplateAdmin,
820+
userAdmin,orgUserAdmin,otherOrgUserAdmin,
821+
},
822+
},
823+
},
809824
}
810825

811826
// We expect every permission to be tested above.

‎codersdk/rbacresources_gen.go

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎docs/reference/api/members.md

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎docs/reference/api/schemas.md

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎site/src/api/rbacresourcesGenerated.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -167,6 +167,9 @@ export const RBACResourceActions: Partial<
167167
stop:"allows stopping a workspace",
168168
update:"edit workspace settings (scheduling, permissions, parameters)",
169169
},
170+
workspace_agent_devcontainers:{
171+
create:"create workspace agent devcontainers",
172+
},
170173
workspace_agent_resource_monitor:{
171174
create:"create workspace agent resource monitor",
172175
read:"read workspace agent resource monitor",

‎site/src/api/typesGenerated.ts

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp