NotificationsYou must be signed in to change notification settings
Fork914
Star10.1k

Commitdb4f308

committed

remove auth, filter by owner id

1 parent5ce9631 commitdb4f308Copy full SHA for db4f308

File tree

10 files changed

+88

-188

lines changed

coderd/database
- dbauthz
  - dbauthz.go
  - dbauthz_test.go
- dbmem
  - dbmem.go
- dbmetrics
  - dbmetrics.go
- dbmock
  - dbmock.go
- modelqueries.go
- querier.go
- querier_test.go
- queries
  - workspaces.sql
- queries.sql.go

10 files changed

+88

-188

lines changed

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 2 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -2712,12 +2712,8 @@ func (q *querier) GetWorkspaces(ctx context.Context, arg database.GetWorkspacesP`
`2712`	`2712`	`returnq.db.GetAuthorizedWorkspaces(ctx,arg,prep)`
`2713`	`2713`	`}`
`2714`	`2714`
`2715`		`-func (q*querier)GetWorkspacesAndAgents(ctx context.Context) ([]database.GetWorkspacesAndAgentsRow,error) {`
`2716`		`-prep,err:=prepareSQLFilter(ctx,q.auth,policy.ActionRead,rbac.ResourceWorkspace.Type)`
`2717`		`-iferr!=nil {`
`2718`		`-returnnil,xerrors.Errorf("(dev error) prepare sql filter: %w",err)`
`2719`		`-}`
`2720`		`-returnq.db.GetAuthorizedWorkspacesAndAgents(ctx,prep)`
	`2715`	`+func (q*querier)GetWorkspacesAndAgentsByOwnerID(ctx context.Context,ownerID uuid.UUID) ([]database.GetWorkspacesAndAgentsByOwnerIDRow,error) {`
	`2716`	`+returnq.db.GetWorkspacesAndAgentsByOwnerID(ctx,ownerID)`
`2721`	`2717`	`}`
`2722`	`2718`
`2723`	`2719`	`func (q*querier)GetWorkspacesEligibleForTransition(ctx context.Context,now time.Time) ([]database.Workspace,error) {`
`@@ -4157,10 +4153,6 @@ func (q *querier) GetAuthorizedWorkspaces(ctx context.Context, arg database.GetW`
`4157`	`4153`	`returnq.GetWorkspaces(ctx,arg)`
`4158`	`4154`	`}`
`4159`	`4155`
`4160`		`-func (q*querier)GetAuthorizedWorkspacesAndAgents(ctx context.Context,_ rbac.PreparedAuthorized) ([]database.GetWorkspacesAndAgentsRow,error) {`
`4161`		`-returnq.GetWorkspacesAndAgents(ctx)`
`4162`		`-}`
`4163`		`-`
`4164`	`4156`	`// GetAuthorizedUsers is not required for dbauthz since GetUsers is already`
`4165`	`4157`	`// authenticated.`
`4166`	`4158`	`func (q*querier)GetAuthorizedUsers(ctx context.Context,arg database.GetUsersParams,_ rbac.PreparedAuthorized) ([]database.GetUsersRow,error) {`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 7 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -1484,13 +1484,13 @@ func (s *MethodTestSuite) TestWorkspace() {`
`1484`	`1484`	`// No asserts here because SQLFilter.`
`1485`	`1485`	`check.Args(database.GetWorkspacesParams{},emptyPreparedAuthorized{}).Asserts()`
`1486`	`1486`	`}))`
`1487`		`-s.Run("GetWorkspacesAndAgents",s.Subtest(func(db database.Store,check*expects) {`
`1488`		`-// No asserts here because SQLFilter.`
`1489`		`-check.Args().Asserts()`
`1490`		`-}))`
`1491`		`-s.Run("GetAuthorizedWorkspacesAndAgents",s.Subtest(func(db database.Store,check*expects) {`
`1492`		`-// No asserts here because SQLFilter.`
`1493`		`-check.Args(emptyPreparedAuthorized{}).Asserts()`
	`1487`	`+s.Run("GetWorkspacesAndAgentsByOwnerID",s.Subtest(func(db database.Store,check*expects) {`
	`1488`	`+ws:=dbgen.Workspace(s.T(),db, database.Workspace{})`
	`1489`	`+build:=dbgen.WorkspaceBuild(s.T(),db, database.WorkspaceBuild{WorkspaceID:ws.ID,JobID:uuid.New()})`
	`1490`	`+_=dbgen.ProvisionerJob(s.T(),db,nil, database.ProvisionerJob{ID:build.JobID,Type:database.ProvisionerJobTypeWorkspaceBuild})`
	`1491`	`+res:=dbgen.WorkspaceResource(s.T(),db, database.WorkspaceResource{JobID:build.JobID})`
	`1492`	`+_=dbgen.WorkspaceAgent(s.T(),db, database.WorkspaceAgent{ResourceID:res.ID})`
	`1493`	`+check.Args(ws.OwnerID).Asserts()`
`1494`	`1494`	`}))`
`1495`	`1495`	`s.Run("GetLatestWorkspaceBuildByWorkspaceID",s.Subtest(func(db database.Store,check*expects) {`
`1496`	`1496`	`ws:=dbgen.Workspace(s.T(),db, database.Workspace{})`

`‎coderd/database/dbmem/dbmem.go`

Lines changed: 53 additions & 65 deletions

Original file line number	Diff line number	Diff line change
`@@ -6731,9 +6731,59 @@ func (q *FakeQuerier) GetWorkspaces(ctx context.Context, arg database.GetWorkspa`
`6731`	`6731`	`returnworkspaceRows,err`
`6732`	`6732`	`}`
`6733`	`6733`
`6734`		`-func (q*FakeQuerier)GetWorkspacesAndAgents(ctx context.Context) ([]database.GetWorkspacesAndAgentsRow,error) {`
`6735`		`-// No auth filter.`
`6736`		`-returnq.GetAuthorizedWorkspacesAndAgents(ctx,nil)`
	`6734`	`+func (q*FakeQuerier)GetWorkspacesAndAgentsByOwnerID(ctx context.Context,ownerID uuid.UUID) ([]database.GetWorkspacesAndAgentsByOwnerIDRow,error) {`
	`6735`	`+q.mutex.RLock()`
	`6736`	`+deferq.mutex.RUnlock()`
	`6737`	`+`
	`6738`	`+workspaces:=make([]database.Workspace,0)`
	`6739`	`+for_,workspace:=rangeq.workspaces {`
	`6740`	`+ifworkspace.OwnerID==ownerID {`
	`6741`	`+workspaces=append(workspaces,workspace)`
	`6742`	`+}`
	`6743`	`+}`
	`6744`	`+`
	`6745`	`+out:=make([]database.GetWorkspacesAndAgentsByOwnerIDRow,0,len(workspaces))`
	`6746`	`+for_,w:=rangeworkspaces {`
	`6747`	`+// these always exist`
	`6748`	`+build,err:=q.getLatestWorkspaceBuildByWorkspaceIDNoLock(ctx,w.ID)`
	`6749`	`+iferr!=nil {`
	`6750`	`+returnnil,xerrors.Errorf("get latest build: %w",err)`
	`6751`	`+}`
	`6752`	`+`
	`6753`	`+job,err:=q.getProvisionerJobByIDNoLock(ctx,build.JobID)`
	`6754`	`+iferr!=nil {`
	`6755`	`+returnnil,xerrors.Errorf("get provisioner job: %w",err)`
	`6756`	`+}`
	`6757`	`+`
	`6758`	`+outAgents:=make([]database.AgentIDNamePair,0)`
	`6759`	`+resources,err:=q.getWorkspaceResourcesByJobIDNoLock(ctx,job.ID)`
	`6760`	`+iferr!=nil {`
	`6761`	`+returnnil,xerrors.Errorf("get workspace resources: %w",err)`
	`6762`	`+}`
	`6763`	`+iflen(resources)>0 {`
	`6764`	`+agents,err:=q.getWorkspaceAgentsByResourceIDsNoLock(ctx, []uuid.UUID{resources[0].ID})`
	`6765`	`+iferr!=nil {`
	`6766`	`+returnnil,xerrors.Errorf("get workspace agents: %w",err)`
	`6767`	`+}`
	`6768`	`+for_,a:=rangeagents {`
	`6769`	`+outAgents=append(outAgents, database.AgentIDNamePair{`
	`6770`	`+ID:a.ID,`
	`6771`	`+Name:a.Name,`
	`6772`	`+})`
	`6773`	`+}`
	`6774`	`+}`
	`6775`	`+`
	`6776`	`+out=append(out, database.GetWorkspacesAndAgentsByOwnerIDRow{`
	`6777`	`+ID:w.ID,`
	`6778`	`+Name:w.Name,`
	`6779`	`+OwnerID:w.OwnerID,`
	`6780`	`+JobStatus:job.JobStatus,`
	`6781`	`+Transition:build.Transition,`
	`6782`	`+Agents:outAgents,`
	`6783`	`+})`
	`6784`	`+}`
	`6785`	`+`
	`6786`	`+returnout,nil`
`6737`	`6787`	`}`
`6738`	`6788`
`6739`	`6789`	`func (q*FakeQuerier)GetWorkspacesEligibleForTransition(ctx context.Context,now time.Time) ([]database.Workspace,error) {`
`@@ -11102,68 +11152,6 @@ func (q *FakeQuerier) GetAuthorizedWorkspaces(ctx context.Context, arg database.`
`11102`	`11152`	`returnq.convertToWorkspaceRowsNoLock(ctx,workspaces,int64(beforePageCount),arg.WithSummary),nil`
`11103`	`11153`	`}`
`11104`	`11154`
`11105`		`-func (q*FakeQuerier)GetAuthorizedWorkspacesAndAgents(ctx context.Context,prepared rbac.PreparedAuthorized) ([]database.GetWorkspacesAndAgentsRow,error) {`
`11106`		`-q.mutex.RLock()`
`11107`		`-deferq.mutex.RUnlock()`
`11108`		`-`
`11109`		`-ifprepared!=nil {`
`11110`		`-// Call this to match the same function calls as the SQL implementation.`
`11111`		`-_,err:=prepared.CompileToSQL(ctx,rbac.ConfigWithoutACL())`
`11112`		`-iferr!=nil {`
`11113`		`-returnnil,err`
`11114`		`-}`
`11115`		`-}`
`11116`		`-workspaces:=make([]database.Workspace,0)`
`11117`		`-for_,workspace:=rangeq.workspaces {`
`11118`		`-ifprepared!=nil&&prepared.Authorize(ctx,workspace.RBACObject())==nil {`
`11119`		`-workspaces=append(workspaces,workspace)`
`11120`		`-}`
`11121`		`-}`
`11122`		`-`
`11123`		`-out:=make([]database.GetWorkspacesAndAgentsRow,0,len(workspaces))`
`11124`		`-for_,w:=rangeworkspaces {`
`11125`		`-// these always exist`
`11126`		`-build,err:=q.getLatestWorkspaceBuildByWorkspaceIDNoLock(ctx,w.ID)`
`11127`		`-iferr!=nil {`
`11128`		`-returnnil,xerrors.Errorf("get latest build: %w",err)`
`11129`		`-}`
`11130`		`-`
`11131`		`-job,err:=q.getProvisionerJobByIDNoLock(ctx,build.JobID)`
`11132`		`-iferr!=nil {`
`11133`		`-returnnil,xerrors.Errorf("get provisioner job: %w",err)`
`11134`		`-}`
`11135`		`-`
`11136`		`-outAgents:=make([]database.AgentIDNamePair,0)`
`11137`		`-resources,err:=q.getWorkspaceResourcesByJobIDNoLock(ctx,job.ID)`
`11138`		`-iferr!=nil {`
`11139`		`-returnnil,xerrors.Errorf("get workspace resources: %w",err)`
`11140`		`-}`
`11141`		`-iflen(resources)>0 {`
`11142`		`-agents,err:=q.getWorkspaceAgentsByResourceIDsNoLock(ctx, []uuid.UUID{resources[0].ID})`
`11143`		`-iferr!=nil {`
`11144`		`-returnnil,xerrors.Errorf("get workspace agents: %w",err)`
`11145`		`-}`
`11146`		`-for_,a:=rangeagents {`
`11147`		`-outAgents=append(outAgents, database.AgentIDNamePair{`
`11148`		`-ID:a.ID,`
`11149`		`-Name:a.Name,`
`11150`		`-})`
`11151`		`-}`
`11152`		`-}`
`11153`		`-`
`11154`		`-out=append(out, database.GetWorkspacesAndAgentsRow{`
`11155`		`-ID:w.ID,`
`11156`		`-Name:w.Name,`
`11157`		`-OwnerID:w.OwnerID,`
`11158`		`-JobStatus:job.JobStatus,`
`11159`		`-Transition:build.Transition,`
`11160`		`-Agents:outAgents,`
`11161`		`-})`
`11162`		`-}`
`11163`		`-`
`11164`		`-returnout,nil`
`11165`		`-}`
`11166`		`-`
`11167`	`11155`	`func (q*FakeQuerier)GetAuthorizedUsers(ctx context.Context,arg database.GetUsersParams,prepared rbac.PreparedAuthorized) ([]database.GetUsersRow,error) {`
`11168`	`11156`	`iferr:=validateDatabaseType(arg);err!=nil {`
`11169`	`11157`	`returnnil,err`

`‎coderd/database/dbmetrics/dbmetrics.go`

Lines changed: 3 additions & 10 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbmock/dbmock.go`

Lines changed: 7 additions & 22 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/modelqueries.go`

Lines changed: 0 additions & 41 deletions

Original file line number	Diff line number	Diff line change
`@@ -221,7 +221,6 @@ func (q *sqlQuerier) GetTemplateGroupRoles(ctx context.Context, id uuid.UUID) ([`
`221`	`221`
`222`	`222`	`typeworkspaceQuerierinterface {`
`223`	`223`	`GetAuthorizedWorkspaces(ctx context.Context,argGetWorkspacesParams,prepared rbac.PreparedAuthorized) ([]GetWorkspacesRow,error)`
`224`		`-GetAuthorizedWorkspacesAndAgents(ctx context.Context,prepared rbac.PreparedAuthorized) ([]GetWorkspacesAndAgentsRow,error)`
`225`	`224`	`}`
`226`	`225`
`227`	`226`	`// GetAuthorizedWorkspaces returns all workspaces that the user is authorized to access.`
`@@ -313,46 +312,6 @@ func (q *sqlQuerier) GetAuthorizedWorkspaces(ctx context.Context, arg GetWorkspa`
`313`	`312`	`returnitems,nil`
`314`	`313`	`}`
`315`	`314`
`316`		`-func (q*sqlQuerier)GetAuthorizedWorkspacesAndAgents(ctx context.Context,prepared rbac.PreparedAuthorized) ([]GetWorkspacesAndAgentsRow,error) {`
`317`		`-authorizedFilter,err:=prepared.CompileToSQL(ctx,rbac.ConfigWorkspaces())`
`318`		`-iferr!=nil {`
`319`		`-returnnil,xerrors.Errorf("compile authorized filter: %w",err)`
`320`		`-}`
`321`		`-filtered,err:=insertAuthorizedFilter(getWorkspacesAndAgents,fmt.Sprintf(" WHERE %s",authorizedFilter))`
`322`		`-iferr!=nil {`
`323`		`-returnnil,xerrors.Errorf("insert authorized filter: %w",err)`
`324`		`-}`
`325`		`-`
`326`		`-query:=fmt.Sprintf("-- name: GetAuthorizedWorkspaces :many\n%s",filtered)`
`327`		`-rows,err:=q.db.QueryContext(ctx,query)`
`328`		`-iferr!=nil {`
`329`		`-returnnil,err`
`330`		`-}`
`331`		`-deferrows.Close()`
`332`		`-varitems []GetWorkspacesAndAgentsRow`
`333`		`-forrows.Next() {`
`334`		`-variGetWorkspacesAndAgentsRow`
`335`		`-iferr:=rows.Scan(`
`336`		`-&i.ID,`
`337`		`-&i.Name,`
`338`		`-&i.OwnerID,`
`339`		`-&i.JobStatus,`
`340`		`-&i.Transition,`
`341`		`-pq.Array(&i.Agents),`
`342`		`-);err!=nil {`
`343`		`-returnnil,err`
`344`		`-}`
`345`		`-items=append(items,i)`
`346`		`-}`
`347`		`-iferr:=rows.Close();err!=nil {`
`348`		`-returnnil,err`
`349`		`-}`
`350`		`-iferr:=rows.Err();err!=nil {`
`351`		`-returnnil,err`
`352`		`-}`
`353`		`-returnitems,nil`
`354`		`-}`
`355`		`-`
`356`	`315`	`typeuserQuerierinterface {`
`357`	`316`	`GetAuthorizedUsers(ctx context.Context,argGetUsersParams,prepared rbac.PreparedAuthorized) ([]GetUsersRow,error)`
`358`	`317`	`}`

`‎coderd/database/querier.go`

Lines changed: 1 addition & 1 deletion

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/querier_test.go`

Lines changed: 2 additions & 21 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,9 +24,7 @@ import (`
`24`	`24`	`"github.com/coder/coder/v2/coderd/database/dbtestutil"`
`25`	`25`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
`26`	`26`	`"github.com/coder/coder/v2/coderd/database/migrations"`
`27`		`-"github.com/coder/coder/v2/coderd/httpmw"`
`28`	`27`	`"github.com/coder/coder/v2/coderd/rbac"`
`29`		`-"github.com/coder/coder/v2/coderd/rbac/policy"`
`30`	`28`	`"github.com/coder/coder/v2/testutil"`
`31`	`29`	`)`
`32`	`30`
`@@ -614,7 +612,7 @@ func TestGetWorkspaceAgentUsageStatsAndLabels(t *testing.T) {`
`614`	`612`	`})`
`615`	`613`	`}`
`616`	`614`
`617`		`-funcTestGetAuthorizedWorkspacesAndAgents(t*testing.T) {`
	`615`	`+funcTestGetWorkspacesAndAgentsByOwnerID(t*testing.T) {`
`618`	`616`	`t.Parallel()`
`619`	`617`	`iftesting.Short() {`
`620`	`618`	`t.SkipNow()`
`@@ -630,7 +628,6 @@ func TestGetAuthorizedWorkspacesAndAgents(t *testing.T) {`
`630`	`628`	`owner:=dbgen.User(t,db, database.User{`
`631`	`629`	`RBACRoles: []string{rbac.RoleOwner().String()},`
`632`	`630`	`})`
`633`		`-user:=dbgen.User(t,db, database.User{})`
`634`	`631`	`tpl:=dbgen.Template(t,db, database.Template{`
`635`	`632`	`OrganizationID:org.ID,`
`636`	`633`	`CreatedBy:owner.ID,`
`@@ -669,23 +666,7 @@ func TestGetAuthorizedWorkspacesAndAgents(t *testing.T) {`
`669`	`666`	`CreateAgent:false,`
`670`	`667`	`})`
`671`	`668`
`672`		`-authorizer:=rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())`
`673`		`-`
`674`		`-userSubject,_,err:=httpmw.UserRBACSubject(ctx,db,user.ID,rbac.ExpandableScope(rbac.ScopeAll))`
`675`		`-require.NoError(t,err)`
`676`		`-preparedUser,err:=authorizer.Prepare(ctx,userSubject,policy.ActionRead,rbac.ResourceWorkspace.Type)`
`677`		`-require.NoError(t,err)`
`678`		`-userCtx:=dbauthz.As(ctx,userSubject)`
`679`		`-userRows,err:=db.GetAuthorizedWorkspacesAndAgents(userCtx,preparedUser)`
`680`		`-require.NoError(t,err)`
`681`		`-require.Len(t,userRows,0)`
`682`		`-`
`683`		`-ownerSubject,_,err:=httpmw.UserRBACSubject(ctx,db,owner.ID,rbac.ExpandableScope(rbac.ScopeAll))`
`684`		`-require.NoError(t,err)`
`685`		`-preparedOwner,err:=authorizer.Prepare(ctx,ownerSubject,policy.ActionRead,rbac.ResourceWorkspace.Type)`
`686`		`-require.NoError(t,err)`
`687`		`-ownerCtx:=dbauthz.As(ctx,ownerSubject)`
`688`		`-ownerRows,err:=db.GetAuthorizedWorkspacesAndAgents(ownerCtx,preparedOwner)`
	`669`	`+ownerRows,err:=db.GetWorkspacesAndAgentsByOwnerID(ctx,owner.ID)`
`689`	`670`	`require.NoError(t,err)`
`690`	`671`	`require.Len(t,ownerRows,4)`
`691`	`672`	`for_,row:=rangeownerRows {`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitdb4f308

File tree

10 files changed

10 files changed

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/database/dbmem/dbmem.go`

`‎coderd/database/dbmetrics/dbmetrics.go`

`‎coderd/database/dbmock/dbmock.go`

`‎coderd/database/modelqueries.go`

`‎coderd/database/querier.go`

`‎coderd/database/querier_test.go`

0 commit comments