mirror of
https://github.com/coder/coder.git
synced 2025-07-13 21:36:50 +00:00
feat: add keys to organization provision daemons (#14627)
This commit is contained in:
Garrett Delfosse
GitHub
@ -3,10 +3,15 @@ package coderd
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"slices"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/coder/coder/v2/coderd/database"
|
||||
"github.com/coder/coder/v2/coderd/database/db2sdk"
|
||||
"github.com/coder/coder/v2/coderd/httpapi"
|
||||
"github.com/coder/coder/v2/coderd/httpmw"
|
||||
"github.com/coder/coder/v2/coderd/provisionerdserver"
|
||||
"github.com/coder/coder/v2/coderd/provisionerkey"
|
||||
"github.com/coder/coder/v2/codersdk"
|
||||
)
|
||||
@ -54,6 +59,21 @@ func (api *API) postProvisionerKey(rw http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
if slices.ContainsFunc(codersdk.ReservedProvisionerKeyNames(), func(s string) bool {
|
||||
return strings.EqualFold(req.Name, s)
|
||||
}) {
|
||||
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
|
||||
Message: fmt.Sprintf("Name cannot be reserved name '%s'", req.Name),
|
||||
Validations: []codersdk.ValidationError{
|
||||
{
|
||||
Field: "name",
|
||||
Detail: fmt.Sprintf("Name cannot be reserved name '%s'", req.Name),
|
||||
},
|
||||
},
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
params, token, err := provisionerkey.New(organization.ID, req.Name, req.Tags)
|
||||
if err != nil {
|
||||
httpapi.InternalServerError(rw, err)
|
||||
@ -89,7 +109,7 @@ func (api *API) provisionerKeys(rw http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
organization := httpmw.OrganizationParam(r)
|
||||
|
||||
pks, err := api.Database.ListProvisionerKeysByOrganization(ctx, organization.ID)
|
||||
pks, err := api.Database.ListProvisionerKeysByOrganizationExcludeReserved(ctx, organization.ID)
|
||||
if err != nil {
|
||||
httpapi.InternalServerError(rw, err)
|
||||
return
|
||||
@ -98,6 +118,54 @@ func (api *API) provisionerKeys(rw http.ResponseWriter, r *http.Request) {
|
||||
httpapi.Write(ctx, rw, http.StatusOK, convertProvisionerKeys(pks))
|
||||
}
|
||||
|
||||
// @Summary List provisioner key daemons
|
||||
// @ID list-provisioner-key-daemons
|
||||
// @Security CoderSessionToken
|
||||
// @Produce json
|
||||
// @Tags Enterprise
|
||||
// @Param organization path string true "Organization ID"
|
||||
// @Success 200 {object} []codersdk.ProvisionerKeyDaemons
|
||||
// @Router /organizations/{organization}/provisionerkeys/daemons [get]
|
||||
func (api *API) provisionerKeyDaemons(rw http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
organization := httpmw.OrganizationParam(r)
|
||||
|
||||
pks, err := api.Database.ListProvisionerKeysByOrganization(ctx, organization.ID)
|
||||
if err != nil {
|
||||
httpapi.InternalServerError(rw, err)
|
||||
return
|
||||
}
|
||||
sdkKeys := convertProvisionerKeys(pks)
|
||||
|
||||
daemons, err := api.Database.GetProvisionerDaemonsByOrganization(ctx, organization.ID)
|
||||
if err != nil {
|
||||
httpapi.InternalServerError(rw, err)
|
||||
return
|
||||
}
|
||||
// provisionerdserver.DefaultHeartbeatInterval*3 matches the healthcheck report staleInterval.
|
||||
recentDaemons := db2sdk.RecentProvisionerDaemons(time.Now(), provisionerdserver.DefaultHeartbeatInterval*3, daemons)
|
||||
|
||||
pkDaemons := []codersdk.ProvisionerKeyDaemons{}
|
||||
for _, key := range sdkKeys {
|
||||
// currently we exclude user-auth from this list
|
||||
if key.ID.String() == codersdk.ProvisionerKeyIDUserAuth {
|
||||
continue
|
||||
}
|
||||
daemons := []codersdk.ProvisionerDaemon{}
|
||||
for _, daemon := range recentDaemons {
|
||||
if daemon.KeyID == key.ID {
|
||||
daemons = append(daemons, daemon)
|
||||
}
|
||||
}
|
||||
pkDaemons = append(pkDaemons, codersdk.ProvisionerKeyDaemons{
|
||||
Key: key,
|
||||
Daemons: daemons,
|
||||
})
|
||||
}
|
||||
|
||||
httpapi.Write(ctx, rw, http.StatusOK, pkDaemons)
|
||||
}
|
||||
|
||||
// @Summary Delete provisioner key
|
||||
// @ID delete-provisioner-key
|
||||
// @Security CoderSessionToken
|
||||
@ -108,24 +176,18 @@ func (api *API) provisionerKeys(rw http.ResponseWriter, r *http.Request) {
|
||||
// @Router /organizations/{organization}/provisionerkeys/{provisionerkey} [delete]
|
||||
func (api *API) deleteProvisionerKey(rw http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
organization := httpmw.OrganizationParam(r)
|
||||
provisionerKey := httpmw.ProvisionerKeyParam(r)
|
||||
|
||||
pk, err := api.Database.GetProvisionerKeyByName(ctx, database.GetProvisionerKeyByNameParams{
|
||||
OrganizationID: organization.ID,
|
||||
Name: provisionerKey.Name,
|
||||
})
|
||||
if err != nil {
|
||||
if httpapi.Is404Error(err) {
|
||||
httpapi.ResourceNotFound(rw)
|
||||
return
|
||||
}
|
||||
|
||||
httpapi.InternalServerError(rw, err)
|
||||
if provisionerKey.ID.String() == codersdk.ProvisionerKeyIDBuiltIn ||
|
||||
provisionerKey.ID.String() == codersdk.ProvisionerKeyIDUserAuth ||
|
||||
provisionerKey.ID.String() == codersdk.ProvisionerKeyIDPSK {
|
||||
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
|
||||
Message: fmt.Sprintf("Cannot delete reserved '%s' provisioner key", provisionerKey.Name),
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
err = api.Database.DeleteProvisionerKey(ctx, pk.ID)
|
||||
err := api.Database.DeleteProvisionerKey(ctx, provisionerKey.ID)
|
||||
if err != nil {
|
||||
httpapi.InternalServerError(rw, err)
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user