feat(coderd): add endpoint to fetch provisioner key details (#15505)

This PR is the first step aiming to resolve #15126 - Creating a new endpoint to return the details associated to a provisioner key. This is an authenticated endpoints aiming to be used by the provisioner daemons - using the provisioner key as authentication method. This endpoint is not ment to be used with PSK or User Sessions.
2025-07-09 11:45:56 +00:00 · 2024-11-20 18:04:47 +01:00
parent 593d659ec8
commit a518017a88
7 changed files with 305 additions and 8 deletions
--- a/enterprise/coderd/provisionerkeys_test.go
+++ b/enterprise/coderd/provisionerkeys_test.go
@ -134,3 +134,136 @@ func TestProvisionerKeys(t *testing.T) {
 	err = orgAdmin.DeleteProvisionerKey(ctx, owner.OrganizationID, codersdk.ProvisionerKeyNamePSK)
 	require.ErrorContains(t, err, "reserved")
 }
+
+func TestGetProvisionerKey(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name        string
+		useFakeKey  bool
+		fakeKey     string
+		success     bool
+		expectedErr string
+	}{
+		{
+			name:        "ok",
+			success:     true,
+			expectedErr: "",
+		},
+		{
+			name:        "using unknown key",
+			useFakeKey:  true,
+			fakeKey:     "unknownKey",
+			success:     false,
+			expectedErr: "provisioner daemon key invalid",
+		},
+		{
+			name:        "no key provided",
+			useFakeKey:  true,
+			fakeKey:     "",
+			success:     false,
+			expectedErr: "provisioner daemon key required",
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			ctx := testutil.Context(t, testutil.WaitShort)
+			dv := coderdtest.DeploymentValues(t)
+			client, owner := coderdenttest.New(t, &coderdenttest.Options{
+				Options: &coderdtest.Options{
+					DeploymentValues: dv,
+				},
+				LicenseOptions: &coderdenttest.LicenseOptions{
+					Features: license.Features{
+						codersdk.FeatureMultipleOrganizations:      1,
+						codersdk.FeatureExternalProvisionerDaemons: 1,
+					},
+				},
+			})
+
+			//nolint:gocritic // ignore This client is operating as the owner user, which has unrestricted permissions
+			key, err := client.CreateProvisionerKey(ctx, owner.OrganizationID, codersdk.CreateProvisionerKeyRequest{
+				Name: "my-test-key",
+				Tags: map[string]string{"key1": "value1", "key2": "value2"},
+			})
+			require.NoError(t, err)
+
+			pk := key.Key
+			if tt.useFakeKey {
+				pk = tt.fakeKey
+			}
+
+			fetchedKey, err := client.GetProvisionerKey(ctx, pk)
+			if !tt.success {
+				require.ErrorContains(t, err, tt.expectedErr)
+			} else {
+				require.NoError(t, err)
+				require.Equal(t, fetchedKey.Name, "my-test-key")
+				require.Equal(t, fetchedKey.Tags, codersdk.ProvisionerKeyTags{"key1": "value1", "key2": "value2"})
+			}
+		})
+	}
+
+	t.Run("TestPSK", func(t *testing.T) {
+		t.Parallel()
+		const testPSK = "psk-testing-purpose"
+		ctx := testutil.Context(t, testutil.WaitShort)
+		dv := coderdtest.DeploymentValues(t)
+		client, owner := coderdenttest.New(t, &coderdenttest.Options{
+			ProvisionerDaemonPSK: testPSK,
+			Options: &coderdtest.Options{
+				DeploymentValues: dv,
+			},
+			LicenseOptions: &coderdenttest.LicenseOptions{
+				Features: license.Features{
+					codersdk.FeatureMultipleOrganizations:      1,
+					codersdk.FeatureExternalProvisionerDaemons: 1,
+				},
+			},
+		})
+
+		//nolint:gocritic // ignore This client is operating as the owner user, which has unrestricted permissions
+		_, err := client.CreateProvisionerKey(ctx, owner.OrganizationID, codersdk.CreateProvisionerKeyRequest{
+			Name: "my-test-key",
+			Tags: map[string]string{"key1": "value1", "key2": "value2"},
+		})
+		require.NoError(t, err)
+
+		fetchedKey, err := client.GetProvisionerKey(ctx, testPSK)
+		require.ErrorContains(t, err, "provisioner daemon key invalid")
+		require.Empty(t, fetchedKey)
+	})
+
+	t.Run("TestSessionToken", func(t *testing.T) {
+		t.Parallel()
+
+		ctx := testutil.Context(t, testutil.WaitShort)
+		dv := coderdtest.DeploymentValues(t)
+		client, owner := coderdenttest.New(t, &coderdenttest.Options{
+			Options: &coderdtest.Options{
+				DeploymentValues: dv,
+			},
+			LicenseOptions: &coderdenttest.LicenseOptions{
+				Features: license.Features{
+					codersdk.FeatureMultipleOrganizations:      1,
+					codersdk.FeatureExternalProvisionerDaemons: 1,
+				},
+			},
+		})
+
+		//nolint:gocritic // ignore This client is operating as the owner user, which has unrestricted permissions
+		_, err := client.CreateProvisionerKey(ctx, owner.OrganizationID, codersdk.CreateProvisionerKeyRequest{
+			Name: "my-test-key",
+			Tags: map[string]string{"key1": "value1", "key2": "value2"},
+		})
+		require.NoError(t, err)
+
+		fetchedKey, err := client.GetProvisionerKey(ctx, client.SessionToken())
+		require.ErrorContains(t, err, "provisioner daemon key invalid")
+		require.Empty(t, fetchedKey)
+	})
+}