Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite1b1e36

Browse files
committed
don't list prebuild user in org api queries
1 parent38436e1 commite1b1e36

File tree

8 files changed

+42
-39
lines changed

8 files changed

+42
-39
lines changed

‎coderd/database/dbauthz/dbauthz.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2373,6 +2373,9 @@ func (q *querier) GetTemplateParameterInsights(ctx context.Context, arg database
23732373
}
23742374

23752375
func (q*querier)GetTemplatePresetsWithPrebuilds(ctx context.Context,templateID uuid.NullUUID) ([]database.GetTemplatePresetsWithPrebuildsRow,error) {
2376+
// Although this fetches presets. It filters them by prebuilds and is only of use to the prebuild system.
2377+
// As such, we authorize this in line with other prebuild queries, not with other preset queries.
2378+
23762379
iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceTemplate);err!=nil {
23772380
returnnil,err
23782381
}

‎coderd/database/migrations/000302_prebuilds.down.sql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,5 +4,6 @@ DROP VIEW IF EXISTS workspace_prebuilds;
44
DROPVIEW IF EXISTS workspace_latest_build;
55

66
-- Revert user operations
7+
-- c42fdf75-3097-471c-8c33-fb52454d81c0 is the identifier for the system user responsible for prebuilds.
78
DELETEFROM user_status_changesWHERE user_id='c42fdf75-3097-471c-8c33-fb52454d81c0';
89
DELETEFROM usersWHERE id='c42fdf75-3097-471c-8c33-fb52454d81c0';

‎coderd/database/migrations/000302_prebuilds.up.sql

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ WITH default_org AS (SELECT id
1111
INSERT
1212
INTO organization_members (organization_id, user_id, created_at, updated_at)
1313
SELECTdefault_org.id,
14-
'c42fdf75-3097-471c-8c33-fb52454d81c0',
14+
'c42fdf75-3097-471c-8c33-fb52454d81c0',-- The system user responsible for prebuilds.
1515
NOW(),
1616
NOW()
1717
FROM default_org;
@@ -34,14 +34,14 @@ WITH
3434
-- All workspaces owned by the "prebuilds" user.
3535
all_prebuildsAS (SELECT w.*
3636
FROM workspaces w
37-
WHEREw.owner_id='c42fdf75-3097-471c-8c33-fb52454d81c0'),
37+
WHEREw.owner_id='c42fdf75-3097-471c-8c33-fb52454d81c0'),-- The system user responsible for prebuilds.
3838
-- All workspace agents belonging to the workspaces owned by the "prebuilds" user.
3939
workspace_agentsAS (SELECTw.idAS workspace_id,wa.idAS agent_id,wa.lifecycle_state,wa.ready_at
4040
FROM workspaces w
4141
INNER JOIN workspace_latest_build wlbONwlb.workspace_id=w.id
4242
INNER JOIN workspace_resources wrONwr.job_id=wlb.job_id
4343
INNER JOIN workspace_agents waONwa.resource_id=wr.id
44-
WHEREw.owner_id='c42fdf75-3097-471c-8c33-fb52454d81c0'
44+
WHEREw.owner_id='c42fdf75-3097-471c-8c33-fb52454d81c0'-- The system user responsible for prebuilds.
4545
GROUP BYw.id,wa.id),
4646
-- We can't rely on the template_version_preset_id in the workspace_builds table because this value is only set on the
4747
-- initial workspace creation. Subsequent stop/start transitions will not have a value for template_version_preset_id,
@@ -64,7 +64,7 @@ WITH
6464
wb.workspace_id=wbmax.workspace_id
6565
ANDwb.build_number=wbmax.max_build_number
6666
)) lpsONlps.workspace_id=w.id
67-
WHEREw.owner_id='c42fdf75-3097-471c-8c33-fb52454d81c0')
67+
WHEREw.owner_id='c42fdf75-3097-471c-8c33-fb52454d81c0')-- The system user responsible for prebuilds.
6868
SELECT p.*,a.agent_id,a.lifecycle_state,a.ready_at,cp.template_version_preset_idAS current_preset_id
6969
FROM all_prebuilds p
7070
LEFT JOIN workspace_agents aONa.workspace_id=p.id
@@ -73,4 +73,4 @@ FROM all_prebuilds p
7373
CREATEVIEWworkspace_prebuild_buildsAS
7474
SELECT*
7575
FROM workspace_builds
76-
WHERE initiator_id='c42fdf75-3097-471c-8c33-fb52454d81c0';
76+
WHERE initiator_id='c42fdf75-3097-471c-8c33-fb52454d81c0';-- The system user responsible for prebuilds.

‎coderd/database/queries.sql.go

Lines changed: 5 additions & 1 deletion
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/database/queries/organizationmembers.sql

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,9 @@ WHERE
2222
WHEN @user_id :: uuid!='00000000-0000-0000-0000-000000000000'::uuid THEN
2323
user_id= @user_id
2424
ELSE true
25-
END;
25+
END
26+
-- Filter system users
27+
AND (users.is_system ISNULLORusers.is_system= false);
2628

2729
-- name: InsertOrganizationMember :one
2830
INSERT INTO

‎coderd/database/queries/prebuilds.sql

Lines changed: 20 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,20 @@
1+
-- name: GetTemplatePresetsWithPrebuilds :many
2+
SELECTt.idAS template_id,
3+
t.nameAS template_name,
4+
tv.idAS template_version_id,
5+
tv.nameAS template_version_name,
6+
tv.id=t.active_version_idAS using_active_version,
7+
tvpp.preset_id,
8+
tvp.name,
9+
tvpp.desired_instancesAS desired_instances,
10+
t.deleted,
11+
t.deprecated!=''AS deprecated
12+
FROM templates t
13+
INNER JOIN template_versions tvONtv.template_id=t.id
14+
INNER JOIN template_version_presets tvpONtvp.template_version_id=tv.id
15+
INNER JOIN template_version_preset_prebuilds tvppONtvpp.preset_id=tvp.id
16+
WHERE (t.id=sqlc.narg('template_id')::uuidORsqlc.narg('template_id') ISNULL);
17+
118
-- name: GetRunningPrebuilds :many
219
SELECTp.idAS workspace_id,
320
p.nameAS workspace_name,
@@ -17,23 +34,6 @@ FROM workspace_prebuilds p
1734
WHERE (b.transition='start'::workspace_transition
1835
ANDpj.job_status='succeeded'::provisioner_job_status);
1936

20-
-- name: GetTemplatePresetsWithPrebuilds :many
21-
SELECTt.idAS template_id,
22-
t.nameAS template_name,
23-
tv.idAS template_version_id,
24-
tv.nameAS template_version_name,
25-
tv.id=t.active_version_idAS using_active_version,
26-
tvpp.preset_id,
27-
tvp.name,
28-
tvpp.desired_instancesAS desired_instances,
29-
t.deleted,
30-
t.deprecated!=''AS deprecated
31-
FROM templates t
32-
INNER JOIN template_versions tvONtv.template_id=t.id
33-
INNER JOIN template_version_presets tvpONtvp.template_version_id=tv.id
34-
INNER JOIN template_version_preset_prebuilds tvppONtvpp.preset_id=tvp.id
35-
WHERE (t.id=sqlc.narg('template_id')::uuidORsqlc.narg('template_id') ISNULL);
36-
3737
-- name: GetPrebuildsInProgress :many
3838
SELECTt.idAS template_id,wpb.template_version_id,wpb.transition,COUNT(wpb.transition)::intAS count
3939
FROM workspace_latest_build wlb
@@ -107,7 +107,9 @@ SELECT
107107
tvp.nameas preset_name,
108108
COUNT(*)as created_count,
109109
COUNT(*) FILTER (WHEREpj.job_status='failed'::provisioner_job_status)as failed_count,
110-
COUNT(*) FILTER (WHEREw.owner_id!='c42fdf75-3097-471c-8c33-fb52454d81c0'::uuid)as claimed_count
110+
COUNT(*) FILTER (
111+
WHEREw.owner_id!='c42fdf75-3097-471c-8c33-fb52454d81c0'::uuid-- The system user responsible for prebuilds.
112+
)as claimed_count
111113
FROM workspaces w
112114
INNER JOIN workspace_prebuild_builds wpbONwpb.workspace_id=w.id
113115
INNER JOIN templates tONt.id=w.template_id

‎coderd/members_test.go

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,6 @@ import (
66
"github.com/google/uuid"
77
"github.com/stretchr/testify/require"
88

9-
"github.com/coder/coder/v2/coderd/database/dbtestutil"
10-
"github.com/coder/coder/v2/coderd/prebuilds"
11-
129
"github.com/coder/coder/v2/coderd/coderdtest"
1310
"github.com/coder/coder/v2/coderd/database/db2sdk"
1411
"github.com/coder/coder/v2/coderd/rbac"
@@ -58,11 +55,6 @@ func TestListMembers(t *testing.T) {
5855
t.Run("OK",func(t*testing.T) {
5956
t.Parallel()
6057

61-
// TODO: we should not be returning the prebuilds user in OrganizationMembers, and this is not returned in dbmem.
62-
if!dbtestutil.WillUsePostgres() {
63-
t.Skip("This test requires postgres")
64-
}
65-
6658
owner:=coderdtest.New(t,nil)
6759
first:=coderdtest.CreateFirstUser(t,owner)
6860

@@ -71,9 +63,9 @@ func TestListMembers(t *testing.T) {
7163
ctx:=testutil.Context(t,testutil.WaitShort)
7264
members,err:=client.OrganizationMembers(ctx,first.OrganizationID)
7365
require.NoError(t,err)
74-
require.Len(t,members,3)
66+
require.Len(t,members,2)
7567
require.ElementsMatch(t,
76-
[]uuid.UUID{first.UserID,user.ID,prebuilds.OwnerID},
68+
[]uuid.UUID{first.UserID,user.ID},
7769
db2sdk.List(members,onlyIDs))
7870
})
7971
}

‎enterprise/coderd/roles_test.go

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ import (
88
"testing"
99

1010
"github.com/coder/coder/v2/coderd/database/dbtestutil"
11-
"github.com/coder/coder/v2/coderd/prebuilds"
1211

1312
"github.com/google/uuid"
1413
"github.com/stretchr/testify/require"
@@ -369,9 +368,9 @@ func TestCustomOrganizationRole(t *testing.T) {
369368
// Verify members have the custom role
370369
originalMembers,err:=orgAdmin.OrganizationMembers(ctx,first.OrganizationID)
371370
require.NoError(t,err)
372-
require.Len(t,originalMembers,6)// 3 members + org admin + owner + prebuilds user
371+
require.Len(t,originalMembers,5)// 3 members + org admin + owner
373372
for_,member:=rangeoriginalMembers {
374-
ifmember.UserID==orgAdminUser.ID||member.UserID==first.UserID||member.UserID==prebuilds.OwnerID{
373+
ifmember.UserID==orgAdminUser.ID||member.UserID==first.UserID {
375374
continue
376375
}
377376

@@ -386,7 +385,7 @@ func TestCustomOrganizationRole(t *testing.T) {
386385
// Verify the role was removed from all members
387386
members,err:=orgAdmin.OrganizationMembers(ctx,first.OrganizationID)
388387
require.NoError(t,err)
389-
require.Len(t,members,6)// 3 members + org admin + owner + prebuilds user
388+
require.Len(t,members,5)// 3 members + org admin + owner
390389
for_,member:=rangemembers {
391390
require.False(t,slices.ContainsFunc(member.Roles,func(role codersdk.SlimRole)bool {
392391
returnrole.Name==customRoleIdentifier.Name

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp