Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit8b125d6

Browse files
authored
chore: Implement joins with golang templates (#6429)
* feat: Implement view for workspace builds to include rbac info* Removes the need to fetch the workspace to run an rbac check.* chore: Use workspace build as RBAC object* chore: Use golang templates instead of sqlc files
1 parenta666539 commit8b125d6

36 files changed

+894
-660
lines changed

‎coderd/audit/diff.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ type Auditable interface {
1414
database.User|
1515
database.Workspace|
1616
database.GitSSHKey|
17-
database.WorkspaceBuild|
17+
database.WorkspaceBuildRBAC|
1818
database.AuditableGroup|
1919
database.License
2020
}

‎coderd/audit/request.go‎

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ func ResourceTarget[T Auditable](tgt T) string {
6262
returntyped.Username
6363
case database.Workspace:
6464
returntyped.Name
65-
case database.WorkspaceBuild:
65+
case database.WorkspaceBuildRBAC:
6666
// this isn't used
6767
return""
6868
case database.GitSSHKey:
@@ -89,7 +89,7 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {
8989
returntyped.ID
9090
case database.Workspace:
9191
returntyped.ID
92-
case database.WorkspaceBuild:
92+
case database.WorkspaceBuildRBAC:
9393
returntyped.ID
9494
case database.GitSSHKey:
9595
returntyped.UserID
@@ -114,7 +114,7 @@ func ResourceType[T Auditable](tgt T) database.ResourceType {
114114
returndatabase.ResourceTypeUser
115115
case database.Workspace:
116116
returndatabase.ResourceTypeWorkspace
117-
case database.WorkspaceBuild:
117+
case database.WorkspaceBuildRBAC:
118118
returndatabase.ResourceTypeWorkspaceBuild
119119
case database.GitSSHKey:
120120
returndatabase.ResourceTypeGitSshKey

‎coderd/autobuild/executor/lifecycle_executor.go‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -204,7 +204,7 @@ func isEligibleForAutoStartStop(ws database.Workspace) bool {
204204

205205
funcgetNextTransition(
206206
ws database.Workspace,
207-
priorHistory database.WorkspaceBuild,
207+
priorHistory database.WorkspaceBuildRBAC,
208208
priorJob database.ProvisionerJob,
209209
) (
210210
validTransition database.WorkspaceTransition,
@@ -239,7 +239,7 @@ func getNextTransition(
239239

240240
// TODO(cian): this function duplicates most of api.postWorkspaceBuilds. Refactor.
241241
// See: https://github.com/coder/coder/issues/1401
242-
funcbuild(ctx context.Context,store database.Store,workspace database.Workspace,trans database.WorkspaceTransition,priorHistory database.WorkspaceBuild,priorJob database.ProvisionerJob)error {
242+
funcbuild(ctx context.Context,store database.Store,workspace database.Workspace,trans database.WorkspaceTransition,priorHistory database.WorkspaceBuildRBAC,priorJob database.ProvisionerJob)error {
243243
template,err:=store.GetTemplateByID(ctx,workspace.TemplateID)
244244
iferr!=nil {
245245
returnxerrors.Errorf("get workspace template: %w",err)

‎coderd/autobuild/executor/lifecycle_executor_test.go‎

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,17 +2,16 @@ package executor_test
22

33
import (
44
"context"
5-
"os"
65
"testing"
76
"time"
87

9-
"go.uber.org/goleak"
10-
118
"github.com/google/uuid"
9+
"go.uber.org/goleak"
1210

1311
"github.com/coder/coder/coderd/autobuild/executor"
1412
"github.com/coder/coder/coderd/coderdtest"
1513
"github.com/coder/coder/coderd/database"
14+
"github.com/coder/coder/coderd/database/dbtestutil"
1615
"github.com/coder/coder/coderd/schedule"
1716
"github.com/coder/coder/coderd/util/ptr"
1817
"github.com/coder/coder/codersdk"
@@ -493,7 +492,7 @@ func TestExecutorWorkspaceAutostopNoWaitChangedMyMind(t *testing.T) {
493492
}
494493

495494
funcTestExecutorAutostartMultipleOK(t*testing.T) {
496-
ifos.Getenv("DB")=="" {
495+
if!dbtestutil.UsingRealDatabase() {
497496
t.Skip(`This test only really works when using a "real" database, similar to a HA setup`)
498497
}
499498

‎coderd/database/db.go‎

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ import (
1616

1717
"github.com/jmoiron/sqlx"
1818
"golang.org/x/xerrors"
19+
20+
"github.com/coder/coder/coderd/database/sqlxqueries"
1921
)
2022

2123
// Store contains all queryable database functions.
@@ -37,11 +39,21 @@ type DBTX interface {
3739
QueryRowContext(context.Context,string,...interface{})*sql.Row
3840
SelectContext(ctx context.Context,destinterface{},querystring,args...interface{})error
3941
GetContext(ctx context.Context,destinterface{},querystring,args...interface{})error
42+
43+
// Extends the sqlx interface
44+
sqlx.QueryerContext
4045
}
4146

4247
// New creates a new database store using a SQL database connection.
4348
funcNew(sdb*sql.DB)Store {
4449
dbx:=sqlx.NewDb(sdb,"postgres")
50+
// Load the embedded queries. If this fails, some of our queries
51+
// will never work. This is a fatal developer error that should never
52+
// happen.
53+
_,err:=sqlxqueries.LoadQueries()
54+
iferr!=nil {
55+
panic(xerrors.Errorf("load queries: %w",err))
56+
}
4557
return&sqlQuerier{
4658
db:dbx,
4759
sdb:dbx,

‎coderd/database/dbauthz/querier.go‎

Lines changed: 25 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -1167,25 +1167,12 @@ func (q *querier) GetWorkspaces(ctx context.Context, arg database.GetWorkspacesP
11671167
returnq.db.GetAuthorizedWorkspaces(ctx,arg,prep)
11681168
}
11691169

1170-
func (q*querier)GetLatestWorkspaceBuildByWorkspaceID(ctx context.Context,workspaceID uuid.UUID) (database.WorkspaceBuild,error) {
1171-
if_,err:=q.GetWorkspaceByID(ctx,workspaceID);err!=nil {
1172-
return database.WorkspaceBuild{},err
1173-
}
1174-
returnq.db.GetLatestWorkspaceBuildByWorkspaceID(ctx,workspaceID)
1170+
func (q*querier)GetLatestWorkspaceBuildByWorkspaceID(ctx context.Context,workspaceID uuid.UUID) (database.WorkspaceBuildRBAC,error) {
1171+
returnfetch(q.log,q.auth,q.db.GetLatestWorkspaceBuildByWorkspaceID)(ctx,workspaceID)
11751172
}
11761173

1177-
func (q*querier)GetLatestWorkspaceBuildsByWorkspaceIDs(ctx context.Context,ids []uuid.UUID) ([]database.WorkspaceBuild,error) {
1178-
// This is not ideal as not all builds will be returned if the workspace cannot be read.
1179-
// This should probably be handled differently? Maybe join workspace builds with workspace
1180-
// ownership properties and filter on that.
1181-
for_,id:=rangeids {
1182-
_,err:=q.GetWorkspaceByID(ctx,id)
1183-
iferr!=nil {
1184-
returnnil,err
1185-
}
1186-
}
1187-
1188-
returnq.db.GetLatestWorkspaceBuildsByWorkspaceIDs(ctx,ids)
1174+
func (q*querier)GetLatestWorkspaceBuildsByWorkspaceIDs(ctx context.Context,ids []uuid.UUID) ([]database.WorkspaceBuildRBAC,error) {
1175+
returnfetchWithPostFilter(q.auth,q.db.GetLatestWorkspaceBuildsByWorkspaceIDs)(ctx,ids)
11891176
}
11901177

11911178
func (q*querier)GetWorkspaceAgentByID(ctx context.Context,id uuid.UUID) (database.WorkspaceAgent,error) {
@@ -1263,35 +1250,16 @@ func (q *querier) GetWorkspaceAppsByAgentID(ctx context.Context, agentID uuid.UU
12631250
returnq.db.GetWorkspaceAppsByAgentID(ctx,agentID)
12641251
}
12651252

1266-
func (q*querier)GetWorkspaceBuildByID(ctx context.Context,buildID uuid.UUID) (database.WorkspaceBuild,error) {
1267-
build,err:=q.db.GetWorkspaceBuildByID(ctx,buildID)
1268-
iferr!=nil {
1269-
return database.WorkspaceBuild{},err
1270-
}
1271-
if_,err:=q.GetWorkspaceByID(ctx,build.WorkspaceID);err!=nil {
1272-
return database.WorkspaceBuild{},err
1273-
}
1274-
returnbuild,nil
1253+
func (q*querier)GetWorkspaceBuildByID(ctx context.Context,buildID uuid.UUID) (database.WorkspaceBuildRBAC,error) {
1254+
returnfetch(q.log,q.auth,q.db.GetWorkspaceBuildByID)(ctx,buildID)
12751255
}
12761256

1277-
func (q*querier)GetWorkspaceBuildByJobID(ctx context.Context,jobID uuid.UUID) (database.WorkspaceBuild,error) {
1278-
build,err:=q.db.GetWorkspaceBuildByJobID(ctx,jobID)
1279-
iferr!=nil {
1280-
return database.WorkspaceBuild{},err
1281-
}
1282-
// Authorized fetch
1283-
_,err=q.GetWorkspaceByID(ctx,build.WorkspaceID)
1284-
iferr!=nil {
1285-
return database.WorkspaceBuild{},err
1286-
}
1287-
returnbuild,nil
1257+
func (q*querier)GetWorkspaceBuildByJobID(ctx context.Context,jobID uuid.UUID) (database.WorkspaceBuildRBAC,error) {
1258+
returnfetch(q.log,q.auth,q.db.GetWorkspaceBuildByJobID)(ctx,jobID)
12881259
}
12891260

1290-
func (q*querier)GetWorkspaceBuildByWorkspaceIDAndBuildNumber(ctx context.Context,arg database.GetWorkspaceBuildByWorkspaceIDAndBuildNumberParams) (database.WorkspaceBuild,error) {
1291-
if_,err:=q.GetWorkspaceByID(ctx,arg.WorkspaceID);err!=nil {
1292-
return database.WorkspaceBuild{},err
1293-
}
1294-
returnq.db.GetWorkspaceBuildByWorkspaceIDAndBuildNumber(ctx,arg)
1261+
func (q*querier)GetWorkspaceBuildByWorkspaceIDAndBuildNumber(ctx context.Context,arg database.GetWorkspaceBuildByWorkspaceIDAndBuildNumberParams) (database.WorkspaceBuildRBAC,error) {
1262+
returnfetch(q.log,q.auth,q.db.GetWorkspaceBuildByWorkspaceIDAndBuildNumber)(ctx,arg)
12951263
}
12961264

12971265
func (q*querier)GetWorkspaceBuildParameters(ctx context.Context,workspaceBuildID uuid.UUID) ([]database.WorkspaceBuildParameter,error) {
@@ -1305,11 +1273,20 @@ func (q *querier) GetWorkspaceBuildParameters(ctx context.Context, workspaceBuil
13051273
returnq.db.GetWorkspaceBuildParameters(ctx,workspaceBuildID)
13061274
}
13071275

1308-
func (q*querier)GetWorkspaceBuildsByWorkspaceID(ctx context.Context,arg database.GetWorkspaceBuildsByWorkspaceIDParams) ([]database.WorkspaceBuild,error) {
1309-
if_,err:=q.GetWorkspaceByID(ctx,arg.WorkspaceID);err!=nil {
1276+
func (q*querier)GetWorkspaceBuildsByWorkspaceID(ctx context.Context,arg database.GetWorkspaceBuildsByWorkspaceIDParams) ([]database.WorkspaceBuildRBAC,error) {
1277+
builds,err:=q.db.GetWorkspaceBuildsByWorkspaceID(ctx,arg)
1278+
iferr!=nil {
1279+
returnnil,err
1280+
}
1281+
iflen(builds)==0 {
1282+
return []database.WorkspaceBuildRBAC{},nil
1283+
}
1284+
// All builds come from the same workspace, so we only need to check the first one.
1285+
err=q.authorizeContext(ctx,rbac.ActionRead,builds[0])
1286+
iferr!=nil {
13101287
returnnil,err
13111288
}
1312-
returnq.db.GetWorkspaceBuildsByWorkspaceID(ctx,arg)
1289+
returnbuilds,nil
13131290
}
13141291

13151292
func (q*querier)GetWorkspaceByAgentID(ctx context.Context,agentID uuid.UUID) (database.Workspace,error) {
@@ -1369,11 +1346,7 @@ func (q *querier) GetWorkspaceResourcesByJobID(ctx context.Context, jobID uuid.U
13691346
iferr!=nil {
13701347
returnnil,err
13711348
}
1372-
workspace,err:=q.db.GetWorkspaceByID(ctx,build.WorkspaceID)
1373-
iferr!=nil {
1374-
returnnil,err
1375-
}
1376-
obj=workspace
1349+
obj=build
13771350
default:
13781351
returnnil,xerrors.Errorf("unknown job type: %s",job.Type)
13791352
}
@@ -1414,12 +1387,7 @@ func (q *querier) InsertWorkspaceBuildParameters(ctx context.Context, arg databa
14141387
returnerr
14151388
}
14161389

1417-
workspace,err:=q.db.GetWorkspaceByID(ctx,build.WorkspaceID)
1418-
iferr!=nil {
1419-
returnerr
1420-
}
1421-
1422-
err=q.authorizeContext(ctx,rbac.ActionUpdate,workspace)
1390+
err=q.authorizeContext(ctx,rbac.ActionUpdate,build)
14231391
iferr!=nil {
14241392
returnerr
14251393
}
@@ -1483,11 +1451,7 @@ func (q *querier) UpdateWorkspaceBuildByID(ctx context.Context, arg database.Upd
14831451
return database.WorkspaceBuild{},err
14841452
}
14851453

1486-
workspace,err:=q.db.GetWorkspaceByID(ctx,build.WorkspaceID)
1487-
iferr!=nil {
1488-
return database.WorkspaceBuild{},err
1489-
}
1490-
err=q.authorizeContext(ctx,rbac.ActionUpdate,workspace.RBACObject())
1454+
err=q.authorizeContext(ctx,rbac.ActionUpdate,build)
14911455
iferr!=nil {
14921456
return database.WorkspaceBuild{},err
14931457
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp