Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Add agent API key scope to restrict access to user data#391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Conversation

ThomasK33
Copy link
Member

@ThomasK33ThomasK33 commentedMay 6, 2025
edited
Loading

Part ofcoder/coder#17649

Add API Key Scope Control for Coder Agents

This PR introduces a newapi_key_scope parameter for thecoder_agent resource, allowing administrators to control what API routes an agent token can access. This feature enhances security by providing the option to restrict sensitive user data access.

The new parameter supports two options:

  • all: Full API access (this is the default value)
  • no_user_data: Blocks access to/external-auth,/gitsshkey, and/gitauth routes

Changes:

  • Added theapi_key_scope field to the agent resource schema with validation
  • Updated documentation to reflect the new parameter
  • Added comprehensive tests for valid transitions and invalid values
  • Updated examples to demonstrate usage

Development Environment:

  • Added direnv configuration for improved developer experience
  • Updated Nix flake to use Go 1.24 and nixpkgs 24.11

This change is backward compatible as the default behavior remains unchanged.

@ThomasK33Graphite App
Copy link
MemberAuthor

This stack of pull requests is managed byGraphite. Learn more aboutstacking.

@ThomasK33ThomasK33 requested a review fromCopilotMay 6, 2025 09:13
Copy link

@CopilotCopilotAI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Pull Request Overview

This pull request adds an "api_key_scope" parameter to the coder agent resource, enabling administrators to restrict agent token access to sensitive routes.

  • Added a new "api_key_scope" field with validation in the provider schema.
  • Integrated comprehensive tests for valid and invalid parameter values.
  • Updated documentation examples to include the new parameter.

Reviewed Changes

Copilot reviewed 5 out of 8 changed files in this pull request and generated no comments.

FileDescription
provider/agent_test.goAdded tests for valid transitions and error handling for the new "api_key_scope".
provider/agent.goUpdated the schema for coder_agent with the new "api_key_scope" field and validation.
docs/resources/agent.mdUpdated documentation to demonstrate the usage of the new "api_key_scope" parameter.
Files not reviewed (3)
  • .envrc: Language not supported
  • examples/resources/coder_agent/resource.tf: Language not supported
  • flake.nix: Language not supported

@ThomasK33ThomasK33 marked this pull request as ready for reviewMay 7, 2025 13:58
@ThomasK33ThomasK33 requested a review fromEmyrkMay 7, 2025 14:07
@ThomasK33ThomasK33force-pushed thethomask33/05-06-feat_agent_add_api_key_scope_to_control_agent_token_permissions branch 2 times, most recently from9861bbd tofa0fe79CompareMay 7, 2025 22:44
Change-Id: I90dd87756b47b589bf0a363e22de70d2cffd44faSigned-off-by: Thomas Kosiewski <tk@coder.com>
@ThomasK33ThomasK33force-pushed thethomask33/05-06-feat_agent_add_api_key_scope_to_control_agent_token_permissions branch fromfa0fe79 tobcd6a7cCompareMay 8, 2025 19:48
@ThomasK33ThomasK33 merged commit01334b6 intomainMay 15, 2025
7 checks passed
@ThomasK33ThomasK33 deleted the thomask33/05-06-feat_agent_add_api_key_scope_to_control_agent_token_permissions branchMay 15, 2025 14:33
@github-actionsgithub-actionsbot locked and limited conversation to collaboratorsMay 15, 2025
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Reviewers

Copilot code reviewCopilotCopilot left review comments

@EmyrkEmyrkEmyrk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

2 participants
@ThomasK33@Emyrk
[8]ページ先頭
©2009-2025 Movatter.jp