NotificationsYou must be signed in to change notification settings
Fork926
Star10.1k

Commitf96ce80

authored

feat: add owner groups to workspace data (#12841)

1 parentc4b26f3 commitf96ce80Copy full SHA for f96ce80

File tree

16 files changed

+323

-130

lines changed

coderd
- database
  - dbauthz
    - dbauthz.go
    - dbauthz_test.go
  - dbmem
    - dbmem.go
  - dbmetrics
    - dbmetrics.go
  - dbmock
    - dbmock.go
  - querier.go
  - queries
    - groups.sql
  - queries.sql.go
- provisionerdserver
  - provisionerdserver.go
  - provisionerdserver_test.go
go.mod
go.sum
provisioner/terraform
- provision.go
provisionersdk/proto
- provisioner.pb.go
- provisioner.proto
site/e2e
- provisionerGenerated.ts

16 files changed

+323

-130

lines changed

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -174,6 +174,7 @@ var (`
`174`	`174`	`// When org scoped provisioner credentials are implemented,`
`175`	`175`	`// this can be reduced to read a specific org.`
`176`	`176`	`rbac.ResourceOrganization.Type: {rbac.ActionRead},`
	`177`	`+rbac.ResourceGroup.Type: {rbac.ActionRead},`
`177`	`178`	`}),`
`178`	`179`	`Org:map[string][]rbac.Permission{},`
`179`	`180`	`User: []rbac.Permission{},`
`@@ -1141,6 +1142,10 @@ func (q *querier) GetGroupMembers(ctx context.Context, id uuid.UUID) ([]database`
`1141`	`1142`	`returnq.db.GetGroupMembers(ctx,id)`
`1142`	`1143`	`}`
`1143`	`1144`
	`1145`	`+func (q*querier)GetGroupsByOrganizationAndUserID(ctx context.Context,arg database.GetGroupsByOrganizationAndUserIDParams) ([]database.Group,error) {`
	`1146`	`+returnfetchWithPostFilter(q.auth,q.db.GetGroupsByOrganizationAndUserID)(ctx,arg)`
	`1147`	`+}`
	`1148`	`+`
`1144`	`1149`	`func (q*querier)GetGroupsByOrganizationID(ctx context.Context,organizationID uuid.UUID) ([]database.Group,error) {`
`1145`	`1150`	`returnfetchWithPostFilter(q.auth,q.db.GetGroupsByOrganizationID)(ctx,organizationID)`
`1146`	`1151`	`}`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -314,6 +314,14 @@ func (s *MethodTestSuite) TestGroup() {`
`314`	`314`	`_=dbgen.GroupMember(s.T(),db, database.GroupMember{})`
`315`	`315`	`check.Args(g.ID).Asserts(g,rbac.ActionRead)`
`316`	`316`	`}))`
	`317`	`+s.Run("GetGroupsByOrganizationAndUserID",s.Subtest(func(db database.Store,check*expects) {`
	`318`	`+g:=dbgen.Group(s.T(),db, database.Group{})`
	`319`	`+gm:=dbgen.GroupMember(s.T(),db, database.GroupMember{GroupID:g.ID})`
	`320`	`+check.Args(database.GetGroupsByOrganizationAndUserIDParams{`
	`321`	`+OrganizationID:g.OrganizationID,`
	`322`	`+UserID:gm.UserID,`
	`323`	`+}).Asserts(g,rbac.ActionRead)`
	`324`	`+}))`
`317`	`325`	`s.Run("InsertAllUsersGroup",s.Subtest(func(db database.Store,check*expects) {`
`318`	`326`	`o:=dbgen.Organization(s.T(),db, database.Organization{})`
`319`	`327`	`check.Args(o.ID).Asserts(rbac.ResourceGroup.InOrg(o.ID),rbac.ActionCreate)`

`‎coderd/database/dbmem/dbmem.go`

Lines changed: 24 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2250,6 +2250,30 @@ func (q *FakeQuerier) GetGroupMembers(_ context.Context, id uuid.UUID) ([]databa`
`2250`	`2250`	`returnusers,nil`
`2251`	`2251`	`}`
`2252`	`2252`
	`2253`	`+func (q*FakeQuerier)GetGroupsByOrganizationAndUserID(_ context.Context,arg database.GetGroupsByOrganizationAndUserIDParams) ([]database.Group,error) {`
	`2254`	`+err:=validateDatabaseType(arg)`
	`2255`	`+iferr!=nil {`
	`2256`	`+returnnil,err`
	`2257`	`+}`
	`2258`	`+`
	`2259`	`+q.mutex.RLock()`
	`2260`	`+deferq.mutex.RUnlock()`
	`2261`	`+vargroupIds []uuid.UUID`
	`2262`	`+for_,member:=rangeq.groupMembers {`
	`2263`	`+ifmember.UserID==arg.UserID {`
	`2264`	`+groupIds=append(groupIds,member.GroupID)`
	`2265`	`+}`
	`2266`	`+}`
	`2267`	`+groups:= []database.Group{}`
	`2268`	`+for_,group:=rangeq.groups {`
	`2269`	`+ifslices.Contains(groupIds,group.ID)&&group.OrganizationID==arg.OrganizationID {`
	`2270`	`+groups=append(groups,group)`
	`2271`	`+}`
	`2272`	`+}`
	`2273`	`+`
	`2274`	`+returngroups,nil`
	`2275`	`+}`
	`2276`	`+`
`2253`	`2277`	`func (q*FakeQuerier)GetGroupsByOrganizationID(_ context.Context,id uuid.UUID) ([]database.Group,error) {`
`2254`	`2278`	`q.mutex.RLock()`
`2255`	`2279`	`deferq.mutex.RUnlock()`

`‎coderd/database/dbmetrics/dbmetrics.go`

Lines changed: 7 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbmock/dbmock.go`

Lines changed: 15 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/querier.go`

Lines changed: 1 addition & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries.sql.go`

Lines changed: 61 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries/groups.sql`

Lines changed: 25 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,31 @@ FROM`
`28`	`28`	`WHERE`
`29`	`29`	`organization_id= $1;`
`30`	`30`
	`31`	`+-- name: GetGroupsByOrganizationAndUserID :many`
	`32`	`+SELECT`
	`33`	`+ groups.*`
	`34`	`+FROM`
	`35`	`+ groups`
	`36`	`+-- If the group is a user made group, then we need to check the group_members table.`
	`37`	`+LEFT JOIN`
	`38`	`+ group_members`
	`39`	`+ON`
	`40`	`+group_members.group_id=groups.idAND`
	`41`	`+group_members.user_id= @user_id`
	`42`	`+-- If it is the "Everyone" group, then we need to check the organization_members table.`
	`43`	`+LEFT JOIN`
	`44`	`+ organization_members`
	`45`	`+ON`
	`46`	`+organization_members.organization_id=groups.idAND`
	`47`	`+organization_members.user_id= @user_id`
	`48`	`+WHERE`
	`49`	`+-- In either case, the group_id will only match an org or a group.`
	`50`	`+ (group_members.user_id= @user_idORorganization_members.user_id= @user_id)`
	`51`	`+AND`
	`52`	`+-- Ensure the group or organization is the specified organization.`
	`53`	`+groups.organization_id= @organization_id;`
	`54`	`+`
	`55`	`+`
`31`	`56`	`-- name: InsertGroup :one`
`32`	`57`	`INSERT INTO groups (`
`33`	`58`	`id,`

`‎coderd/provisionerdserver/provisionerdserver.go`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -467,6 +467,17 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo`
`467`	`467`	`iferr!=nil {`
`468`	`468`	`returnnil,failJob(fmt.Sprintf("get owner: %s",err))`
`469`	`469`	`}`
	`470`	`+ownerGroups,err:=s.Database.GetGroupsByOrganizationAndUserID(ctx, database.GetGroupsByOrganizationAndUserIDParams{`
	`471`	`+UserID:owner.ID,`
	`472`	`+OrganizationID:s.OrganizationID,`
	`473`	`+})`
	`474`	`+iferr!=nil {`
	`475`	`+returnnil,failJob(fmt.Sprintf("get owner group names: %s",err))`
	`476`	`+}`
	`477`	`+ownerGroupNames:= []string{}`
	`478`	`+for_,group:=rangeownerGroups {`
	`479`	`+ownerGroupNames=append(ownerGroupNames,group.Name)`
	`480`	`+}`
`470`	`481`	`err=s.Pubsub.Publish(codersdk.WorkspaceNotifyChannel(workspace.ID), []byte{})`
`471`	`482`	`iferr!=nil {`
`472`	`483`	`returnnil,failJob(fmt.Sprintf("publish workspace update: %s",err))`
`@@ -567,6 +578,7 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo`
`567`	`578`	`WorkspaceOwner:owner.Username,`
`568`	`579`	`WorkspaceOwnerEmail:owner.Email,`
`569`	`580`	`WorkspaceOwnerName:owner.Name,`
	`581`	`+WorkspaceOwnerGroups:ownerGroupNames,`
`570`	`582`	`WorkspaceOwnerOidcAccessToken:workspaceOwnerOIDCAccessToken,`
`571`	`583`	`WorkspaceId:workspace.ID.String(),`
`572`	`584`	`WorkspaceOwnerId:owner.ID.String(),`

`‎coderd/provisionerdserver/provisionerdserver_test.go`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -182,6 +182,15 @@ func TestAcquireJob(t *testing.T) {`
`182`	`182`	`defercancel()`
`183`	`183`
`184`	`184`	`user:=dbgen.User(t,db, database.User{})`
	`185`	`+group1:=dbgen.Group(t,db, database.Group{`
	`186`	`+Name:"group1",`
	`187`	`+OrganizationID:pd.OrganizationID,`
	`188`	`+})`
	`189`	`+err:=db.InsertGroupMember(ctx, database.InsertGroupMemberParams{`
	`190`	`+UserID:user.ID,`
	`191`	`+GroupID:group1.ID,`
	`192`	`+})`
	`193`	`+require.NoError(t,err)`
`185`	`194`	`link:=dbgen.UserLink(t,db, database.UserLink{`
`186`	`195`	`LoginType:database.LoginTypeOIDC,`
`187`	`196`	`UserID:user.ID,`
`@@ -340,6 +349,7 @@ func TestAcquireJob(t *testing.T) {`
`340`	`349`	`WorkspaceOwnerEmail:user.Email,`
`341`	`350`	`WorkspaceOwnerName:user.Name,`
`342`	`351`	`WorkspaceOwnerOidcAccessToken:link.OAuthAccessToken,`
	`352`	`+WorkspaceOwnerGroups: []string{group1.Name},`
`343`	`353`	`WorkspaceId:workspace.ID.String(),`
`344`	`354`	`WorkspaceOwnerId:user.ID.String(),`
`345`	`355`	`TemplateId:template.ID.String(),`

`‎go.mod`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -104,7 +104,7 @@ require (`
`104`	`104`	`github.com/coder/flogv1.1.0`
`105`	`105`	`github.com/coder/prettyv0.0.0-20230908205945-e89ba86370e0`
`106`	`106`	`github.com/coder/retryv1.5.1`
`107`		`-github.com/coder/terraform-provider-coderv0.19.0`
	`107`	`+github.com/coder/terraform-provider-coderv0.20.1`
`108`	`108`	`github.com/coder/wgtunnelv0.1.13-0.20231127054351-578bfff9b92a`
`109`	`109`	`github.com/coreos/go-oidc/v3v3.10.0`
`110`	`110`	`github.com/coreos/go-systemdv0.0.0-20191104093116-d3cd4ed1dbcf`

`‎go.sum`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -217,8 +217,8 @@ github.com/coder/ssh v0.0.0-20231128192721-70855dedb788 h1:YoUSJ19E8AtuUFVYBpXuO`
`217`	`217`	`github.com/coder/sshv0.0.0-20231128192721-70855dedb788/go.mod h1:aGQbuCLyhRLMzZF067xc84Lh7JDs1FKwCmF1Crl9dxQ=`
`218`	`218`	`github.com/coder/tailscalev1.1.1-0.20240401202854-d329bbdb530d h1:IMvBC1GrCIiZFxpOYRQacZtdjnmsdWNAMilPz+kvdG4=`
`219`	`219`	`github.com/coder/tailscalev1.1.1-0.20240401202854-d329bbdb530d/go.mod h1:L8tPrwSi31RAMEMV8rjb0vYTGs7rXt8rAHbqY/p41j4=`
`220`		`-github.com/coder/terraform-provider-coderv0.19.0 h1:mmUXSXcar1h2wgwoHIUwdEKy9Kw0GW7fLO4Vzzf+4R4=`
`221`		`-github.com/coder/terraform-provider-coderv0.19.0/go.mod h1:pACHRoXSHBGyY696mLeQ1hR/Ag1G2wFk5bw0mT5Zp2g=`
	`220`	`+github.com/coder/terraform-provider-coderv0.20.1 h1:hz0yvDl8rDJyDgUlFH8QrGUxFKrwmyAQpOhaoTMEmtY=`
	`221`	`+github.com/coder/terraform-provider-coderv0.20.1/go.mod h1:pACHRoXSHBGyY696mLeQ1hR/Ag1G2wFk5bw0mT5Zp2g=`
`222`	`222`	`github.com/coder/wgtunnelv0.1.13-0.20231127054351-578bfff9b92a h1:KhR9LUVllMZ+e9lhubZ1HNrtJDgH5YLoTvpKwmrGag4=`
`223`	`223`	`github.com/coder/wgtunnelv0.1.13-0.20231127054351-578bfff9b92a/go.mod h1:QzfptVUdEO+XbkzMKx1kw13i9wwpJlfI1RrZ6SNZ0hA=`
`224`	`224`	`github.com/coder/wireguard-gov0.0.0-20230807234434-d825b45ccbf5 h1:eDk/42Kj4xN4yfE504LsvcFEo3dWUiCOaBiWJ2uIH2A=`

`‎provisioner/terraform/provision.go`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,12 +2,14 @@ package terraform`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"context"`
	`5`	`+"encoding/json"`
`5`	`6`	`"fmt"`
`6`	`7`	`"os"`
`7`	`8`	`"strings"`
`8`	`9`	`"time"`
`9`	`10`
`10`	`11`	`"github.com/spf13/afero"`
	`12`	`+"golang.org/x/xerrors"`
`11`	`13`
`12`	`14`	`"cdr.dev/slog"`
`13`	`15`	`"github.com/coder/terraform-provider-coder/provider"`
`@@ -186,6 +188,11 @@ func provisionEnv(`
`186`	`188`	`richParams []proto.RichParameterValue,externalAuth []proto.ExternalAuthProvider,`
`187`	`189`	`) ([]string,error) {`
`188`	`190`	`env:=safeEnviron()`
	`191`	`+ownerGroups,err:=json.Marshal(metadata.GetWorkspaceOwnerGroups())`
	`192`	`+iferr!=nil {`
	`193`	`+returnnil,xerrors.Errorf("marshal owner groups: %w",err)`
	`194`	`+}`
	`195`	`+`
`189`	`196`	`env=append(env,`
`190`	`197`	`"CODER_AGENT_URL="+metadata.GetCoderUrl(),`
`191`	`198`	`"CODER_WORKSPACE_TRANSITION="+strings.ToLower(metadata.GetWorkspaceTransition().String()),`
`@@ -194,6 +201,7 @@ func provisionEnv(`
`194`	`201`	`"CODER_WORKSPACE_OWNER_EMAIL="+metadata.GetWorkspaceOwnerEmail(),`
`195`	`202`	`"CODER_WORKSPACE_OWNER_NAME="+metadata.GetWorkspaceOwnerName(),`
`196`	`203`	`"CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN="+metadata.GetWorkspaceOwnerOidcAccessToken(),`
	`204`	`+"CODER_WORKSPACE_OWNER_GROUPS="+string(ownerGroups),`
`197`	`205`	`"CODER_WORKSPACE_ID="+metadata.GetWorkspaceId(),`
`198`	`206`	`"CODER_WORKSPACE_OWNER_ID="+metadata.GetWorkspaceOwnerId(),`
`199`	`207`	`"CODER_WORKSPACE_OWNER_SESSION_TOKEN="+metadata.GetWorkspaceOwnerSessionToken(),`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitf96ce80

File tree

16 files changed

16 files changed

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/database/dbmem/dbmem.go`

`‎coderd/database/dbmetrics/dbmetrics.go`

`‎coderd/database/dbmock/dbmock.go`

`‎coderd/database/querier.go`

`‎coderd/database/queries.sql.go`

`‎coderd/database/queries/groups.sql`

`‎coderd/provisionerdserver/provisionerdserver.go`

`‎coderd/provisionerdserver/provisionerdserver_test.go`

`‎go.mod`

`‎go.sum`

`‎provisioner/terraform/provision.go`

0 commit comments