feat(coder): add authz_querier experiment (#5858)

* feat(coderd): add authz_querier experiment

* coderdtest: wire up authz_querier

* wire up AuthzQuerier in coderd

* remove things that do not yet exist in this timeline

* add newline

* comment unreachable code
This commit is contained in:
Cian Johnston
2023-01-25 21:35:53 +00:00
committed by GitHub
parent 1cd5f38cb0
commit 8735f51047
8 changed files with 66 additions and 11 deletions

11
coderd/apidoc/docs.go generated
View File

@ -430,7 +430,7 @@ const docTemplate = `{
"schema": {
"type": "array",
"items": {
"type": "string"
"$ref": "#/definitions/codersdk.Experiment"
}
}
}
@ -6195,6 +6195,15 @@ const docTemplate = `{
}
}
},
"codersdk.Experiment": {
"type": "string",
"enum": [
"authz_querier"
],
"x-enum-varnames": [
"ExperimentAuthzQuerier"
]
},
"codersdk.Feature": {
"type": "object",
"properties": {

View File

@ -364,7 +364,7 @@
"schema": {
"type": "array",
"items": {
"type": "string"
"$ref": "#/definitions/codersdk.Experiment"
}
}
}
@ -5528,6 +5528,11 @@
}
}
},
"codersdk.Experiment": {
"type": "string",
"enum": ["authz_querier"],
"x-enum-varnames": ["ExperimentAuthzQuerier"]
},
"codersdk.Feature": {
"type": "object",
"properties": {

View File

@ -154,6 +154,14 @@ func New(options *Options) *API {
if options == nil {
options = &Options{}
}
experiments := initExperiments(options.Logger, options.DeploymentConfig.Experiments.Value, options.DeploymentConfig.Experimental.Value)
// TODO: remove this once we promote authz_querier out of experiments.
if experiments.Enabled(codersdk.ExperimentAuthzQuerier) {
panic("Coming soon!")
// if _, ok := (options.Database).(*authzquery.AuthzQuerier); !ok {
// options.Database = authzquery.NewAuthzQuerier(options.Database, options.Authorizer)
// }
}
if options.AppHostname != "" && options.AppHostnameRegex == nil || options.AppHostname == "" && options.AppHostnameRegex != nil {
panic("coderd: both AppHostname and AppHostnameRegex must be set or unset")
}
@ -222,7 +230,7 @@ func New(options *Options) *API {
},
metricsCache: metricsCache,
Auditor: atomic.Pointer[audit.Auditor]{},
Experiments: initExperiments(options.Logger, options.DeploymentConfig.Experiments.Value, options.DeploymentConfig.Experimental.Value),
Experiments: experiments,
}
if options.UpdateCheckOptions != nil {
api.updateChecker = updatecheck.New(

View File

@ -21,6 +21,7 @@ import (
"net/http"
"net/http/httptest"
"net/url"
"os"
"regexp"
"strconv"
"strings"
@ -176,6 +177,14 @@ func NewOptions(t *testing.T, options *Options) (func(http.Handler), context.Can
if options.Database == nil {
options.Database, options.Pubsub = dbtestutil.NewDB(t)
}
// TODO: remove this once we're ready to enable authz querier by default.
if strings.Contains(os.Getenv("CODER_EXPERIMENTS_TEST"), "authz_querier") {
panic("Coming soon!")
// if options.Authorizer != nil {
// options.Authorizer = &RecordingAuthorizer{}
// }
// options.Database = authzquery.NewAuthzQuerier(options.Database, options.Authorizer)
}
if options.DeploymentConfig == nil {
options.DeploymentConfig = DeploymentConfig(t)
}