feat(coder): add authz_querier experiment (#5858)

* feat(coderd): add authz_querier experiment * coderdtest: wire up authz_querier * wire up AuthzQuerier in coderd * remove things that do not yet exist in this timeline * add newline * comment unreachable code
2025-07-09 11:45:56 +00:00 · 2023-01-25 21:35:53 +00:00
parent 1cd5f38cb0
commit 8735f51047
8 changed files with 66 additions and 11 deletions
--- a/coderd/apidoc/docs.go
+++ b/coderd/apidoc/docs.go
@ -430,7 +430,7 @@ const docTemplate = `{
                        "schema": {
                            "type": "array",
                            "items": {
-                                "type": "string"
+                                "$ref": "#/definitions/codersdk.Experiment"
                            }
                        }
                    }
@ -6195,6 +6195,15 @@ const docTemplate = `{
                }
            }
        },
+        "codersdk.Experiment": {
+            "type": "string",
+            "enum": [
+                "authz_querier"
+            ],
+            "x-enum-varnames": [
+                "ExperimentAuthzQuerier"
+            ]
+        },
        "codersdk.Feature": {
            "type": "object",
            "properties": {
--- a/coderd/apidoc/swagger.json
+++ b/coderd/apidoc/swagger.json
@ -364,7 +364,7 @@
            "schema": {
              "type": "array",
              "items": {
-                "type": "string"
+                "$ref": "#/definitions/codersdk.Experiment"
              }
            }
          }
@ -5528,6 +5528,11 @@
        }
      }
    },
+    "codersdk.Experiment": {
+      "type": "string",
+      "enum": ["authz_querier"],
+      "x-enum-varnames": ["ExperimentAuthzQuerier"]
+    },
    "codersdk.Feature": {
      "type": "object",
      "properties": {
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@ -154,6 +154,14 @@ func New(options *Options) *API {
 	if options == nil {
 		options = &Options{}
 	}
+	experiments := initExperiments(options.Logger, options.DeploymentConfig.Experiments.Value, options.DeploymentConfig.Experimental.Value)
+	// TODO: remove this once we promote authz_querier out of experiments.
+	if experiments.Enabled(codersdk.ExperimentAuthzQuerier) {
+		panic("Coming soon!")
+		// if _, ok := (options.Database).(*authzquery.AuthzQuerier); !ok {
+		// 	options.Database = authzquery.NewAuthzQuerier(options.Database, options.Authorizer)
+		// }
+	}
 	if options.AppHostname != "" && options.AppHostnameRegex == nil || options.AppHostname == "" && options.AppHostnameRegex != nil {
 		panic("coderd: both AppHostname and AppHostnameRegex must be set or unset")
 	}
@ -222,7 +230,7 @@ func New(options *Options) *API {
 		},
 		metricsCache: metricsCache,
 		Auditor:      atomic.Pointer[audit.Auditor]{},
-		Experiments:  initExperiments(options.Logger, options.DeploymentConfig.Experiments.Value, options.DeploymentConfig.Experimental.Value),
+		Experiments:  experiments,
 	}
 	if options.UpdateCheckOptions != nil {
 		api.updateChecker = updatecheck.New(
--- a/coderd/coderdtest/coderdtest.go
+++ b/coderd/coderdtest/coderdtest.go
@ -21,6 +21,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"net/url"
+	"os"
 	"regexp"
 	"strconv"
 	"strings"
@ -176,6 +177,14 @@ func NewOptions(t *testing.T, options *Options) (func(http.Handler), context.Can
 	if options.Database == nil {
 		options.Database, options.Pubsub = dbtestutil.NewDB(t)
 	}
+	// TODO: remove this once we're ready to enable authz querier by default.
+	if strings.Contains(os.Getenv("CODER_EXPERIMENTS_TEST"), "authz_querier") {
+		panic("Coming soon!")
+		// if options.Authorizer != nil {
+		// 	options.Authorizer = &RecordingAuthorizer{}
+		// }
+		// options.Database = authzquery.NewAuthzQuerier(options.Database, options.Authorizer)
+	}
 	if options.DeploymentConfig == nil {
 		options.DeploymentConfig = DeploymentConfig(t)
 	}