- Notifications
You must be signed in to change notification settings - Fork928
feat: Add initial AuthzQuerier implementation#5919
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes fromall commits
Commits
Show all changes
384 commits Select commitHold shift + click to select a range
7d0fad4 Fix typo
Emyrkefe7f93 Merge remote-tracking branch 'origin/main' into authzquerier_layer
johnstcn923219a make RecordingAuthorizer wrap another rbac.Authorizer
johnstcnf97ca2a fix FakeAuthorizer
johnstcnad6ff52 skip TestAuthorizeAllEndpoints if authz_querier experiment is enabled
johnstcn0e3b9ff lock more things
johnstcnfeb7689 Merge remote-tracking branch 'origin/main' into authzquerier_layer
johnstcn083bcf2 rbac/builtin.go: remove consts
johnstcn161842d extract getAgentSubject()
johnstcn11983ab Merge remote-tracking branch 'origin/main' into authzquerier_layer
johnstcnab9c049 use systemCtx in API.oauthLogin()
johnstcn04e32bc workspaceagents: fetch request ctx after httpmw.WorkspaceAgent sets a…
johnstcn21d0f97 httpmw: pass systemCtx to getAgentSubject, add OwnerID to workspace a…
johnstcn76a490e authzquery: workspace: fix GetWorkspaceAppByAgentIDAndSlug and GetWor…
johnstcnfa399d6 steven said its ok to remove this
johnstcncb9a2c5 Fix recursive test
Emyrk9aa7835 Move experiment init below authz init
Emyrk8f6265b add httpmw.SystemAuthCtx to api.handleSubdomainApplications
johnstcnbfa91c1 REVERT THIS COMMIT BEFORE MERGING !!!!
johnstcn13710c6 ALSO DO NOT MERGE THIS COMMIT
johnstcn467646d authzquery: fix InsertAgentStat
johnstcn32c8af1 activitybump: use systemCtx for activityBumpWorkspace
johnstcn11ef507 Merge remote-tracking branch 'origin/main' into authzquerier_layer
Emyrkb08fc44 remove unused function
Emyrk69a6346 authzquery: fixes to templates and parameters
johnstcn4967fe6 Fix fetch dry run template version from job id
Emyrk6a7b053 Pass actor to follow logs for subscriber listen
Emyrkfc992cd gerge remote-tracking branch 'origin/main' into authzquerier_layer
johnstcnd599753 rbac: add IsUnauthorizedError, return 404 if UnauthorizedError in org…
johnstcn0ce75c6 goimports
johnstcn357b05d Implemented first draft testing framework
Emyrk6bb2e1c authzquery: fixes in workspaces.go
johnstcn8a8ce06 Merge remote-tracking branch 'origin/authzquerier_layer' into authzqu…
johnstcn300f6dc Add test method accounting to ensure all functions are called
Emyrk9f7d276 fixup! authzquery: fixes in workspaces.go
johnstcnd37379d Merge remote-tracking branch 'origin/authzquerier_layer' into authzqu…
johnstcn6cc14b4 Add rbac checks
Emyrk2107b74 Fix scim unit tests
Emyrk53f7a5d authzquery: update UpdateTemplateDeletedByID to call SoftDeleteTempla…
johnstcn44ca906 Merge remote-tracking branch 'origin/authzquerier_layer' into authzqu…
johnstcn73655ab Fix scim and workspace agent unit tests
Emyrk0d6f6a0 Fix getTemplateVersionsByID
Emyrk32a9e12 Fix more unit tests
Emyrk85ff5f1 Fix license unit test
Emyrke152d5f authzquery: add some more convenience methods, comments etc.
johnstcnef1deb5 Merge remote-tracking branch 'origin/authzquerier_layer' into authzqu…
johnstcn4848481 Add sentinel errors for unauth authz errors
Emyrkb583a1e Use sentinal error that returns a 404
Emyrk75747f5 Use sentinel error always
Emyrkadd77c6 add slice.New util function
johnstcn4357a3c RecordingAuthorizer: AllAsserted: provide more information on missed …
johnstcn9dbc6bf Merge remote-tracking branch 'origin/authzquerier_layer' into authzqu…
johnstcnc285f6f skip GetAuthorizedWorkspaces
johnstcn58261fe Add admin context to provisonerd
Emyrka4a2994 Merge remote-tracking branch 'origin/main' into authzquerier_layer
Emyrk874e9da Fix Delte group
Emyrkd878e71 remove excess comments
Emyrk10ac765 typos and lint
Emyrke353c4d Fix template admin permissions
Emyrkdb647ba Fix rbac unit test
Emyrkf45a170 Call compileToSQL in getWorkspaces
Emyrkb4beb38 Call compileToSQL in getWorkspaces
Emyrkd9d23b6 Fix compile issue
Emyrk8780e4e Handle nil prepared case
Emyrke6d5c2f Linting
Emyrk672b2e0 fix GetLatestWorkspaceBuildsByWorkspaceIDs
johnstcn5a0e5a2 add existing workspace tests
johnstcn016c56d Check returned error from db call
Emyrke086e51 Fix build number to be 1 indexed
Emyrk390a284 more tests
johnstcn53fcf79 generate random AuthInstanceID, more unit tests
johnstcn0add01a Test all api key methods
Emyrk6191561 Test audit methods
Emyrke8ab762 Add group and file unit tests
Emyrk837f66a Add template unit test
Emyrk88d422f Add system functions
Emyrka32b4f3 Merge remote-tracking branch 'origin/main' into authzquerier_layer
Emyrkd3affdc Fix merge compile issues
Emyrk338e300 Jobs, orgs, and extra methods implemented
Emyrkf5c4040 Merge remote-tracking branch 'origin/main' into authzquerier_layer
Emyrka7899cf :
Emyrk0da03c6 Implement parameters tests
Emyrk4415b6b Start license unit tests
Emyrkfb8973c Merge remote-tracking branch 'origin/main' into authzquerier_layer
Emyrk6763fbf Finish license tests
Emyrkd1b948d Add workspace tests
Emyrk13a4fab chore: Add WorkspaceApps to dbgen
Emyrk607e428 Add user unit tests
Emyrk592a62b GitSSHKey, UserLink, GitAuthLink
Emyrk102af8a Fix user unit tests
Emyrkd2b1f41 Merge remote-tracking branch 'origin/main' into authzquerier_layer
johnstcnb6afc2a rm unused-import
johnstcnd1cfa73 authzquery: implement group and system methods
johnstcnb7cd5a5 fixup! authzquery: implement group and system methods
johnstcnf34c61b fixup! authzquery: implement group and system methods
johnstcne53d709 ineffasign
johnstcncb4d92f unshadow, unused-reciever
johnstcn13a8445 unused-param
johnstcne1ce04e finish testing template methods
johnstcn7fde8fb Rename logger-> log, database->db, authorizer->auth, remove "authoriz…
Emyrk7ba3482 Rename fetchSet to fetchWithPostFilter
Emyrkcf763cb Verify the correct error is returned on disallow auth
Emyrk64e80fb Linting
Emyrk432a261 database: add missing argument to GetAuthorizedWorkspaces
johnstcn8134d1b Refactor recording authorizer
Emyrk29e7c46 Address incorrect errors
Emyrka37fead Support asserting outputs in authzquery test
Emyrk2e435cf Require outputs to be asserted
Emyrk792cbb6 Fix comment
Emyrk1336e28 allow skipping outputs
Emyrk0923780 Fix user tests to expect outputs
Emyrk92f89ec fix api key unit tests to expect outputs
Emyrkacae52b values audit_test.go
johnstcn764b0a0 Implement outputs for workspace tests
Emyrk0cee453 Some system outputs
Emyrkd1e3214 values file_test.go
johnstcne799713 values group_test.go
johnstcncbb4502 Template outputs
Emyrk83a31cb System outputs
Emyrk9010ad7 values job_test.go, methods_test.go
johnstcn912c97a Add organization output
Emyrka3f67bb values license_test.go
johnstcn7d31209 Merge remote-tracking branch 'origin/authzquerier_layer' into authzqu…
johnstcn2c906e5 Add parameters ooutput
Emyrk5e92648 Api key and audit fix
Emyrk04cce68 Fix file outputs
Emyrk712c0f4 Fix groups
Emyrk8f92a77 Fix job, license, and org
Emyrk3df9848 System done
Emyrk90a9d87 Fix templates
Emyrk8b39d7e Fix most users
Emyrka621743 Linting
Emyrk2c002bd workspace_test.go values fix
johnstcncbd5cb4 nolint unreachable
johnstcn6fed479 Fix all user method tests
Emyrk5928c37 Add unit tests for InTx and Ping
Emyrk46b8366 Add AuthorizedXX tests
Emyrk21a6f6a api: skip Authorize if codersdk.ExperimentAuthzQuerier enabled
johnstcnd6810de Merge remote-tracking branch 'origin/authzquerier_layer' into authzqu…
johnstcn889b650 Only abort early on checks that should be removed
Emyrk72ed503 remove authorizedQuery
Emyrk94ff5ef authzquery: use GetProvisionerJobById to auth GetWorkspaceResourceByID
johnstcn38a90de Merge remote-tracking branch 'origin/authzquerier_layer' into authzqu…
johnstcnc962897 All insert generic functions use rbac.ActionCreate
Emyrk62e3fa0 Fix unit tests that use create over update
Emyrka0725b9 un-skip TestAuthorizeAllEndpoints and remove always-true conditional …
johnstcna4c4489 Merge remote-tracking branch 'origin/authzquerier_layer' into authzqu…
johnstcn567cfa4 Merge remote-tracking branch 'origin/main' into authzquerier_layer
johnstcn91910af fixup! un-skip TestAuthorizeAllEndpoints and remove always-true condi…
johnstcndce10b5 where my members at yo
johnstcn58b71f9 Allow out of order slicing
Emyrk833bbc2 Use slice.New()
Emyrkfcfdb4e paralalalaleleleel
johnstcn8858fd3 Ordering of users in fetch
Emyrk64e0f8c Add actual scope to workspace agent ctx
Emyrk9d6ab90 Merge remote-tracking branch 'origin/main' into authzquerier_layer
Emyrk1821dcb RBAC UserData should use the correct rbac resource
Emyrk7c9f686 Remove workspace IDs filter arg
Emyrkeda4e0a rename authzquery.NewAuthzQuerier to authzquery.New
johnstcn073aa2c Start removing QueryByRelated
Emyrk4fe26e9 Start removing QueryByRelated
Emyrk13f1c9f remove queryWithRelated
johnstcnba172ea Fixup generic func comments
Emyrk509ebdc fixup! remove queryWithRelated
johnstcn802272b remove todo
Emyrk57cde94 Improve readability of generics and arguments
Emyrk4daa878 Update fetchAndQuery comment
Emyrk4608462 Fix comment about system functions
Emyrk2767264 remove insert() function
johnstcnfc3ae4b insertWithReturn is the new insert
johnstcnbf653b6 Merge remote-tracking branch 'origin/authzquerier_layer' into authzqu…
johnstcnca68db2 Remove duplicate workspace agent scope
Emyrkf1f05cc Pass agent ctx into activityBumpWorkspace
Emyrkeb38c0d remove panic
johnstcnb96bb21 Merge remote-tracking branch 'origin/authzquerier_layer' into authzqu…
johnstcn0a061be Remove uneeded comments
Emyrk8295eb3 Use 's' for all suite methods
Emyrkc2bc20e Reduce LoC by using setup and teardown test
Emyrk3bd3e89 Remove nested "RunMethodTest", use new assertions
Emyrk052c531 Start converting tests to the new format
Emyrk6aa55ac refactor out error test
Emyrk72d0a4e Update unit test teardown to include NoActorError
Emyrk4c68562 Attempt a new style of subtest
Emyrkfdfdd73 Fix user tests to use new subtest strategy
Emyrkc902715 Fix unit tests names
Emyrkf5dbd3e Convert more tests to new format
Emyrk97ad3df Convert all unit tests
Emyrkb369c99 Add comments
Emyrk03d42d3 remove unused code
Emyrk69d1aa3 rename MethodCase to expects
Emyrk3861a43 Merge remote-tracking branch 'origin/main' into authzquerier_layer
Emyrk9e7ff9a DB function was renamed/changed
Emyrk9dc357e imports
johnstcnad6ad36 authzquery -> database/dbauthz
johnstcn0985060 conditionally skip TestAuthorizeAllEndpoints
johnstcnd4e1124 userauth: use systemCtx when setting user groups
johnstcn4e6b43f Merge branch 'cj/dbauthz' into authzquerier_layer
johnstcn22e1057 fixup! authzquery -> database/dbauthz
johnstcnc5346ad rm todo
johnstcn7a14b64 Condense into 1 file
Emyrkb89b430 doc.go
Emyrk21532a6 Update coderd/database/dbauthz/doc.go
Emyrk6a7970f Move files around, consolidate to dbauthz.go
Emyrk399241a Merge remote-tracking branch 'origin/main' into authzquerier_layer
Emyrk924ef9c fix unit test to work with dbauthz
Emyrk2cf0fb2 Consolidate files
Emyrkd1bb7cf goimports
johnstcnef97e4b rename methods.go -> querier.go
johnstcn951d74f Do not export the authzQuerier
Emyrk2cf1cad Rename to "querier", add unit test for double wrap protection
Emyrka9f2581 remove duplicate dbauthz init
johnstcn832d91a use codersdk experiment value instead of hard-coded string
johnstcn0ddee07 Merge remote-tracking branch 'origin/main' into authzquerier_layer
johnstcncc76887 Merge remote-tracking branch 'origin/main' into authzquerier_layer
johnstcn002f354 Remove rbac ctx from provisionerd
Emyrk039e1e2 fixup! Remove rbac ctx from provisionerd
Emyrkb509b8f wip: dbauthz.WithAuthorizeSystemContext -> dbauthz.AsSystem()
johnstcn524394f Add lint rule to prevent system ctx abuse
Emyrkf666e13 fixup! wip: dbauthz.WithAuthorizeSystemContext -> dbauthz.AsSystem()
johnstcn1a97843 Merge remote-tracking branch 'origin/authzquerier_layer' into authzqu…
johnstcn4b292e2 fix autobuild/executor unit tests
johnstcnbebe638 Add middleware for using system ctx in middlewares
Emyrkf99c778 fix compile errors
johnstcn84bc12f set system ctx in provisionerdserver
johnstcnc5e69fa Unit test the AsAuthzSystem mw
Emyrka93c2d5 Update unit tests to cover the no actor case
Emyrkf7023a4 Typo
Emyrk035609b remove todo
Emyrkbbe4f18 User proper rbac errors in unit test
Emyrkf0bbaaf Add unit test to cover prepareSQL error case
Emyrk51a2dae NullUUID is empty, so takeFirst fails
Emyrk00955e0 Add AsSystem
Emyrk2289f4d Fix internal error logging
Emyrk106d58b Remove error noise in unit tests
Emyrk2724dfd Use AsSystem for decrypting encrypted api keys
Emyrk2c34f6d fix linter errors
johnstcnc54afc5 userauth: create API key as user instead of as system
johnstcnd282e9c Merge remote-tracking branch 'origin/main' into authzquerier_layer
johnstcn7334046 Remove unused file
Emyrk3dbbc71 Use system context to set a disconnected agent
Emyrkcd6096f Log error on failed agent disconnect update
Emyrkeb2497a Merge remote-tracking branch 'origin/main' into authzquerier_layer
Emyrkd2c7a1f Unit tests do not handle error log well
Emyrk99fa810 Merge remote-tracking branch 'origin/main' into authzquerier_layer
Emyrk1dfa287 Fix license uuid in merge
Emyrk57ab200 Fix unit test error logging
Emyrk306c591 Correct the returned error from not authorized
Emyrkf39cee0 Fix if/else logic
Emyrk2ed5588 fixup! Fix if/else logic
Emyrkc09b077 Merge remote-tracking branch 'origin/main' into authzquerier_layer
johnstcnFile filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
13 changes: 8 additions & 5 deletionscoderd/activitybump.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletionscoderd/authorize.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
4 changes: 3 additions & 1 deletioncoderd/autobuild/executor/lifecycle_executor.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
34 changes: 20 additions & 14 deletionscoderd/coderd.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
17 changes: 6 additions & 11 deletionscoderd/coderdtest/authorize.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
6 changes: 6 additions & 0 deletionscoderd/coderdtest/authorize_test.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
15 changes: 9 additions & 6 deletionscoderd/coderdtest/coderdtest.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Oops, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.