Commitb4531c4

Emyrk

and

jaaydenh

authored

feat: make dynamic parameters respect owner in form (#18013)

Closes#18012---------Co-authored-by: Jaayden Halko <jaayden.halko@gmail.com>

1 parent5b9c404 commitb4531c4Copy full SHA for b4531c4

File tree

13 files changed

+264

-189

lines changed

coderd
- apidoc
  - docs.go
  - swagger.json
- coderd.go
- parameters.go
- parameters_test.go
codersdk
- parameters.go
docs/reference/api
- templates.md
enterprise/coderd
- parameters_test.go
site/src
- api
  - api.ts
  - typesGenerated.ts
- pages
  - CreateWorkspacePage
    - CreateWorkspacePageExperimental.tsx
    - CreateWorkspacePageViewExperimental.tsx
  - WorkspaceSettingsPage/WorkspaceParametersPage
    - WorkspaceParametersPageExperimental.tsx

13 files changed

+264

-189

lines changed

`‎coderd/apidoc/docs.go`

Lines changed: 37 additions & 37 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/apidoc/swagger.json`

Lines changed: 35 additions & 35 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/coderd.go`

Lines changed: 8 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -1122,6 +1122,7 @@ func New(options Options) API {`
`1122`	`1122`	`})`
`1123`	`1123`	`})`
`1124`	`1124`	`})`
	`1125`	`+`
`1125`	`1126`	`r.Route("/templateversions/{templateversion}",func(r chi.Router) {`
`1126`	`1127`	`r.Use(`
`1127`	`1128`	`apiKeyMiddleware,`
`@@ -1150,6 +1151,13 @@ func New(options Options) API {`
`1150`	`1151`	`r.Get("/{jobID}/matched-provisioners",api.templateVersionDryRunMatchedProvisioners)`
`1151`	`1152`	`r.Patch("/{jobID}/cancel",api.patchTemplateVersionDryRunCancel)`
`1152`	`1153`	`})`
	`1154`	`+`
	`1155`	`+r.Group(func(r chi.Router) {`
	`1156`	`+r.Use(`
	`1157`	`+httpmw.RequireExperiment(api.Experiments,codersdk.ExperimentDynamicParameters),`
	`1158`	`+)`
	`1159`	`+r.Get("/dynamic-parameters",api.templateVersionDynamicParameters)`
	`1160`	`+})`
`1153`	`1161`	`})`
`1154`	`1162`	`r.Route("/users",func(r chi.Router) {`
`1155`	`1163`	`r.Get("/first",api.firstUser)`
`@@ -1210,19 +1218,6 @@ func New(options Options) API {`
`1210`	`1218`	`r.Group(func(r chi.Router) {`
`1211`	`1219`	`r.Use(httpmw.ExtractUserParam(options.Database))`
`1212`	`1220`
`1213`		`-// Similarly to creating a workspace, evaluating parameters for a`
`1214`		`-// new workspace should also match the authz story of`
`1215`		`-// postWorkspacesByOrganization`
`1216`		`-// TODO: Do not require site wide read user permission. Make this work`
`1217`		`-// with org member permissions.`
`1218`		`-r.Route("/templateversions/{templateversion}",func(r chi.Router) {`
`1219`		`-r.Use(`
`1220`		`-httpmw.ExtractTemplateVersionParam(options.Database),`
`1221`		`-httpmw.RequireExperiment(api.Experiments,codersdk.ExperimentDynamicParameters),`
`1222`		`-)`
`1223`		`-r.Get("/parameters",api.templateVersionDynamicParameters)`
`1224`		`-})`
`1225`		`-`
`1226`	`1221`	`r.Post("/convert-login",api.postConvertLoginType)`
`1227`	`1222`	`r.Delete("/",api.deleteUser)`
`1228`	`1223`	`r.Get("/",api.userByName)`

`‎coderd/parameters.go`

Lines changed: 59 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ import (`
`36`	`36`	`// @Param user path string true "Template version ID" format(uuid)`
`37`	`37`	`// @Param templateversion path string true "Template version ID" format(uuid)`
`38`	`38`	`// @Success 101`
`39`		`-// @Router /users/{user}/templateversions/{templateversion}/parameters [get]`
	`39`	`+// @Router /templateversions/{templateversion}/dynamic-parameters [get]`
`40`	`40`	`func (apiAPI)templateVersionDynamicParameters(rw http.ResponseWriter,rhttp.Request) {`
`41`	`41`	`ctx:=r.Context()`
`42`	`42`	`templateVersion:=httpmw.TemplateVersionParam(r)`
`@@ -77,12 +77,12 @@ func (api API) templateVersionDynamicParameters(rw http.ResponseWriter, r http`
`77`	`77`	`}`
`78`	`78`	`}`
`79`	`79`
`80`		`-typepreviewFunctionfunc(ctx context.Context,valuesmap[string]string) (*preview.Output, hcl.Diagnostics)`
	`80`	`+typepreviewFunctionfunc(ctx context.Context,ownerID uuid.UUID,valuesmap[string]string) (*preview.Output, hcl.Diagnostics)`
`81`	`81`
`82`	`82`	`func (apiAPI)handleDynamicParameters(rw http.ResponseWriter,rhttp.Request,tf database.TemplateVersionTerraformValue,templateVersion database.TemplateVersion) {`
`83`	`83`	`var (`
`84`		`-ctx=r.Context()`
`85`		`-user=httpmw.UserParam(r)`
	`84`	`+ctx=r.Context()`
	`85`	`+apikey=httpmw.APIKey(r)`
`86`	`86`	`)`
`87`	`87`
`88`	`88`	`// nolint:gocritic // We need to fetch the templates files for the Terraform`
`@@ -130,7 +130,7 @@ func (api API) handleDynamicParameters(rw http.ResponseWriter, r http.Request,`
`130`	`130`	`templateFS=files.NewOverlayFS(templateFS, []files.Overlay{{Path:".terraform/modules",FS:moduleFilesFS}})`
`131`	`131`	`}`
`132`	`132`
`133`		`-owner,err:=getWorkspaceOwnerData(ctx,api.Database,user,templateVersion.OrganizationID)`
	`133`	`+owner,err:=getWorkspaceOwnerData(ctx,api.Database,apikey.UserID,templateVersion.OrganizationID)`
`134`	`134`	`iferr!=nil {`
`135`	`135`	`httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{`
`136`	`136`	`Message:"Internal error fetching workspace owner.",`
`@@ -145,10 +145,46 @@ func (api API) handleDynamicParameters(rw http.ResponseWriter, r http.Request,`
`145`	`145`	`Owner:owner,`
`146`	`146`	`}`
`147`	`147`
`148`		`-api.handleParameterWebsocket(rw,r,func(ctx context.Context,valuesmap[string]string) (*preview.Output, hcl.Diagnostics) {`
	`148`	`+// failedOwners keeps track of which owners failed to fetch from the database.`
	`149`	`+// This prevents db spam on repeated requests for the same failed owner.`
	`150`	`+failedOwners:=make(map[uuid.UUID]error)`
	`151`	`+failedOwnerDiag:= hcl.Diagnostics{`
	`152`	`+{`
	`153`	`+Severity:hcl.DiagError,`
	`154`	`+Summary:"Failed to fetch workspace owner",`
	`155`	`+Detail:"Please check your permissions or the user may not exist.",`
	`156`	`+Extra: previewtypes.DiagnosticExtra{`
	`157`	`+Code:"owner_not_found",`
	`158`	`+},`
	`159`	`+},`
	`160`	`+}`
	`161`	`+`
	`162`	`+api.handleParameterWebsocket(rw,r,apikey.UserID,func(ctx context.Context,ownerID uuid.UUID,valuesmap[string]string) (*preview.Output, hcl.Diagnostics) {`
	`163`	`+ifownerID==uuid.Nil {`
	`164`	`+// Default to the authenticated user`
	`165`	`+// Nice for testing`
	`166`	`+ownerID=apikey.UserID`
	`167`	`+}`
	`168`	`+`
	`169`	`+if_,ok:=failedOwners[ownerID];ok {`
	`170`	`+// If it has failed once, assume it will fail always.`
	`171`	`+// Re-open the websocket to try again.`
	`172`	`+returnnil,failedOwnerDiag`
	`173`	`+}`
	`174`	`+`
`149`	`175`	`// Update the input values with the new values.`
`150`		`-// The rest of the input is unchanged.`
`151`	`176`	`input.ParameterValues=values`
	`177`	`+`
	`178`	`+// Update the owner if there is a change`
	`179`	`+ifinput.Owner.ID!=ownerID.String() {`
	`180`	`+owner,err=getWorkspaceOwnerData(ctx,api.Database,ownerID,templateVersion.OrganizationID)`
	`181`	`+iferr!=nil {`
	`182`	`+failedOwners[ownerID]=err`
	`183`	`+returnnil,failedOwnerDiag`
	`184`	`+}`
	`185`	`+input.Owner=owner`
	`186`	`+}`
	`187`	`+`
`152`	`188`	`returnpreview.Preview(ctx,input,templateFS)`
`153`	`189`	`})`
`154`	`190`	`}`
`@@ -239,7 +275,7 @@ func (api API) handleStaticParameters(rw http.ResponseWriter, r http.Request,`
`239`	`275`	`params=append(params,param)`
`240`	`276`	`}`
`241`	`277`
`242`		`-api.handleParameterWebsocket(rw,r,func(_ context.Context,valuesmap[string]string) (*preview.Output, hcl.Diagnostics) {`
	`278`	`+api.handleParameterWebsocket(rw,r,uuid.Nil,func(_ context.Context,_ uuid.UUID,valuesmap[string]string) (*preview.Output, hcl.Diagnostics) {`
`243`	`279`	`fori:=rangeparams {`
`244`	`280`	`param:=&params[i]`
`245`	`281`	`paramValue,ok:=values[param.Name]`
`@@ -264,7 +300,7 @@ func (api API) handleStaticParameters(rw http.ResponseWriter, r http.Request,`
`264`	`300`	`})`
`265`	`301`	`}`
`266`	`302`
`267`		`-func (apiAPI)handleParameterWebsocket(rw http.ResponseWriter,rhttp.Request,renderpreviewFunction) {`
	`303`	`+func (apiAPI)handleParameterWebsocket(rw http.ResponseWriter,rhttp.Request,ownerID uuid.UUID,renderpreviewFunction) {`
`268`	`304`	`ctx,cancel:=context.WithTimeout(r.Context(),30*time.Minute)`
`269`	`305`	`defercancel()`
`270`	`306`
`@@ -284,7 +320,7 @@ func (api API) handleParameterWebsocket(rw http.ResponseWriter, r http.Request`
`284`	`320`	`)`
`285`	`321`
`286`	`322`	`// Send an initial form state, computed without any user input.`
`287`		`-result,diagnostics:=render(ctx,map[string]string{})`
	`323`	`+result,diagnostics:=render(ctx,ownerID,map[string]string{})`
`288`	`324`	`response:= codersdk.DynamicParametersResponse{`
`289`	`325`	`ID:-1,// Always start with -1.`
`290`	`326`	`Diagnostics:db2sdk.HCLDiagnostics(diagnostics),`
`@@ -312,7 +348,7 @@ func (api API) handleParameterWebsocket(rw http.ResponseWriter, r http.Request`
`312`	`348`	`return`
`313`	`349`	`}`
`314`	`350`
`315`		`-result,diagnostics:=render(ctx,update.Inputs)`
	`351`	`+result,diagnostics:=render(ctx,update.OwnerID,update.Inputs)`
`316`	`352`	`response:= codersdk.DynamicParametersResponse{`
`317`	`353`	`ID:update.ID,`
`318`	`354`	`Diagnostics:db2sdk.HCLDiagnostics(diagnostics),`
`@@ -332,17 +368,24 @@ func (api API) handleParameterWebsocket(rw http.ResponseWriter, r http.Request`
`332`	`368`	`funcgetWorkspaceOwnerData(`
`333`	`369`	`ctx context.Context,`
`334`	`370`	`db database.Store,`
`335`		`-user database.User,`
	`371`	`+ownerID uuid.UUID,`
`336`	`372`	`organizationID uuid.UUID,`
`337`	`373`	`) (previewtypes.WorkspaceOwner,error) {`
`338`	`374`	`varg errgroup.Group`
`339`	`375`
	`376`	`+// TODO: @emyrk we should only need read access on the org member, not the`
	`377`	`+// site wide user object. Figure out a better way to handle this.`
	`378`	`+user,err:=db.GetUserByID(ctx,ownerID)`
	`379`	`+iferr!=nil {`
	`380`	`+return previewtypes.WorkspaceOwner{},xerrors.Errorf("fetch user: %w",err)`
	`381`	`+}`
	`382`	`+`
`340`	`383`	`varownerRoles []previewtypes.WorkspaceOwnerRBACRole`
`341`	`384`	`g.Go(func()error {`
`342`	`385`	`// nolint:gocritic // This is kind of the wrong query to use here, but it`
`343`	`386`	`// matches how the provisioner currently works. We should figure out`
`344`	`387`	`// something that needs less escalation but has the correct behavior.`
`345`		`-row,err:=db.GetAuthorizationUserRoles(dbauthz.AsSystemRestricted(ctx),user.ID)`
	`388`	`+row,err:=db.GetAuthorizationUserRoles(dbauthz.AsSystemRestricted(ctx),ownerID)`
`346`	`389`	`iferr!=nil {`
`347`	`390`	`returnerr`
`348`	`391`	`}`
`@@ -372,7 +415,7 @@ func getWorkspaceOwnerData(`
`372`	`415`	`// The correct public key has to be sent. This will not be leaked`
`373`	`416`	`// unless the template leaks it.`
`374`	`417`	`// nolint:gocritic`
`375`		`-key,err:=db.GetGitSSHKey(dbauthz.AsSystemRestricted(ctx),user.ID)`
	`418`	`+key,err:=db.GetGitSSHKey(dbauthz.AsSystemRestricted(ctx),ownerID)`
`376`	`419`	`iferr!=nil {`
`377`	`420`	`returnerr`
`378`	`421`	`}`
`@@ -388,7 +431,7 @@ func getWorkspaceOwnerData(`
`388`	`431`	`// nolint:gocritic`
`389`	`432`	`groups,err:=db.GetGroups(dbauthz.AsSystemRestricted(ctx), database.GetGroupsParams{`
`390`	`433`	`OrganizationID:organizationID,`
`391`		`-HasMemberID:user.ID,`
	`434`	`+HasMemberID:ownerID,`
`392`	`435`	`})`
`393`	`436`	`iferr!=nil {`
`394`	`437`	`returnerr`
`@@ -400,7 +443,7 @@ func getWorkspaceOwnerData(`
`400`	`443`	`returnnil`
`401`	`444`	`})`
`402`	`445`
`403`		`-err:=g.Wait()`
	`446`	`+err=g.Wait()`
`404`	`447`	`iferr!=nil {`
`405`	`448`	`return previewtypes.WorkspaceOwner{},err`
`406`	`449`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb4531c4

File tree

13 files changed

13 files changed

`‎coderd/apidoc/docs.go`

`‎coderd/apidoc/swagger.json`

`‎coderd/coderd.go`

`‎coderd/parameters.go`

0 commit comments