mirror of
https://github.com/coder/coder.git
synced 2025-07-08 11:39:50 +00:00
feat!: drop support for legacy parameters (#7663)
This commit is contained in:
Marcin Tojek
GitHub
@ -526,100 +526,6 @@ func (q *querier) canAssignRoles(ctx context.Context, orgID *uuid.UUID, added, r
|
||||
return nil
|
||||
}
|
||||
|
||||
func (q *querier) parameterRBACResource(ctx context.Context, scope database.ParameterScope, scopeID uuid.UUID) (rbac.Objecter, error) {
|
||||
var resource rbac.Objecter
|
||||
var err error
|
||||
switch scope {
|
||||
case database.ParameterScopeWorkspace:
|
||||
return q.db.GetWorkspaceByID(ctx, scopeID)
|
||||
case database.ParameterScopeImportJob:
|
||||
var version database.TemplateVersion
|
||||
version, err = q.db.GetTemplateVersionByJobID(ctx, scopeID)
|
||||
if err != nil && !errors.Is(err, sql.ErrNoRows) {
|
||||
return nil, err
|
||||
}
|
||||
resource = version.RBACObjectNoTemplate()
|
||||
|
||||
var template database.Template
|
||||
template, err = q.db.GetTemplateByID(ctx, version.TemplateID.UUID)
|
||||
if err == nil {
|
||||
resource = version.RBACObject(template)
|
||||
} else if err != nil && !xerrors.Is(err, sql.ErrNoRows) {
|
||||
return nil, err
|
||||
}
|
||||
return resource, nil
|
||||
case database.ParameterScopeTemplate:
|
||||
return q.db.GetTemplateByID(ctx, scopeID)
|
||||
default:
|
||||
return nil, xerrors.Errorf("Parameter scope %q unsupported", scope)
|
||||
}
|
||||
}
|
||||
|
||||
func (q *querier) InsertParameterValue(ctx context.Context, arg database.InsertParameterValueParams) (database.ParameterValue, error) {
|
||||
resource, err := q.parameterRBACResource(ctx, arg.Scope, arg.ScopeID)
|
||||
if err != nil {
|
||||
return database.ParameterValue{}, err
|
||||
}
|
||||
|
||||
err = q.authorizeContext(ctx, rbac.ActionUpdate, resource)
|
||||
if err != nil {
|
||||
return database.ParameterValue{}, err
|
||||
}
|
||||
|
||||
return q.db.InsertParameterValue(ctx, arg)
|
||||
}
|
||||
|
||||
func (q *querier) ParameterValue(ctx context.Context, id uuid.UUID) (database.ParameterValue, error) {
|
||||
parameter, err := q.db.ParameterValue(ctx, id)
|
||||
if err != nil {
|
||||
return database.ParameterValue{}, err
|
||||
}
|
||||
|
||||
resource, err := q.parameterRBACResource(ctx, parameter.Scope, parameter.ScopeID)
|
||||
if err != nil {
|
||||
return database.ParameterValue{}, err
|
||||
}
|
||||
|
||||
err = q.authorizeContext(ctx, rbac.ActionRead, resource)
|
||||
if err != nil {
|
||||
return database.ParameterValue{}, err
|
||||
}
|
||||
|
||||
return parameter, nil
|
||||
}
|
||||
|
||||
// ParameterValues is implemented as an all or nothing query. If the user is not
|
||||
// able to read a single parameter value, then the entire query is denied.
|
||||
// This should likely be revisited and see if the usage of this function cannot be changed.
|
||||
func (q *querier) ParameterValues(ctx context.Context, arg database.ParameterValuesParams) ([]database.ParameterValue, error) {
|
||||
// This is a bit of a special case. Each parameter value returned might have a different scope. This could likely
|
||||
// be implemented in a more efficient manner.
|
||||
values, err := q.db.ParameterValues(ctx, arg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
cached := make(map[uuid.UUID]bool)
|
||||
for _, value := range values {
|
||||
// If we already checked this scopeID, then we can skip it.
|
||||
// All scope ids are uuids of objects and universally unique.
|
||||
if allowed := cached[value.ScopeID]; allowed {
|
||||
continue
|
||||
}
|
||||
rbacObj, err := q.parameterRBACResource(ctx, value.Scope, value.ScopeID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = q.authorizeContext(ctx, rbac.ActionRead, rbacObj)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cached[value.ScopeID] = true
|
||||
}
|
||||
|
||||
return values, nil
|
||||
}
|
||||
|
||||
func (q *querier) GetParameterSchemasByJobID(ctx context.Context, jobID uuid.UUID) ([]database.ParameterSchema, error) {
|
||||
version, err := q.db.GetTemplateVersionByJobID(ctx, jobID)
|
||||
if err != nil {
|
||||
@ -641,40 +547,6 @@ func (q *querier) GetParameterSchemasByJobID(ctx context.Context, jobID uuid.UUI
|
||||
return q.db.GetParameterSchemasByJobID(ctx, jobID)
|
||||
}
|
||||
|
||||
func (q *querier) GetParameterValueByScopeAndName(ctx context.Context, arg database.GetParameterValueByScopeAndNameParams) (database.ParameterValue, error) {
|
||||
resource, err := q.parameterRBACResource(ctx, arg.Scope, arg.ScopeID)
|
||||
if err != nil {
|
||||
return database.ParameterValue{}, err
|
||||
}
|
||||
|
||||
err = q.authorizeContext(ctx, rbac.ActionRead, resource)
|
||||
if err != nil {
|
||||
return database.ParameterValue{}, err
|
||||
}
|
||||
|
||||
return q.db.GetParameterValueByScopeAndName(ctx, arg)
|
||||
}
|
||||
|
||||
func (q *querier) DeleteParameterValueByID(ctx context.Context, id uuid.UUID) error {
|
||||
parameter, err := q.db.ParameterValue(ctx, id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
resource, err := q.parameterRBACResource(ctx, parameter.Scope, parameter.ScopeID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// A deleted param is still updating the underlying resource for the scope.
|
||||
err = q.authorizeContext(ctx, rbac.ActionUpdate, resource)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return q.db.DeleteParameterValueByID(ctx, id)
|
||||
}
|
||||
|
||||
func (q *querier) GetPreviousTemplateVersion(ctx context.Context, arg database.GetPreviousTemplateVersionParams) (database.TemplateVersion, error) {
|
||||
// An actor can read the previous template version if they can read the related template.
|
||||
// If no linked template exists, we check if the actor can read *a* template.
|
||||
|
||||
@ -468,106 +468,6 @@ func (s *MethodTestSuite) TestWorkspaceProxy() {
|
||||
}))
|
||||
}
|
||||
|
||||
func (s *MethodTestSuite) TestParameters() {
|
||||
s.Run("Workspace/InsertParameterValue", s.Subtest(func(db database.Store, check *expects) {
|
||||
w := dbgen.Workspace(s.T(), db, database.Workspace{})
|
||||
check.Args(database.InsertParameterValueParams{
|
||||
ScopeID: w.ID,
|
||||
Scope: database.ParameterScopeWorkspace,
|
||||
SourceScheme: database.ParameterSourceSchemeNone,
|
||||
DestinationScheme: database.ParameterDestinationSchemeNone,
|
||||
}).Asserts(w, rbac.ActionUpdate)
|
||||
}))
|
||||
s.Run("TemplateVersionNoTemplate/InsertParameterValue", s.Subtest(func(db database.Store, check *expects) {
|
||||
j := dbgen.ProvisionerJob(s.T(), db, database.ProvisionerJob{})
|
||||
v := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{JobID: j.ID, TemplateID: uuid.NullUUID{Valid: false}})
|
||||
check.Args(database.InsertParameterValueParams{
|
||||
ScopeID: j.ID,
|
||||
Scope: database.ParameterScopeImportJob,
|
||||
SourceScheme: database.ParameterSourceSchemeNone,
|
||||
DestinationScheme: database.ParameterDestinationSchemeNone,
|
||||
}).Asserts(v.RBACObjectNoTemplate(), rbac.ActionUpdate)
|
||||
}))
|
||||
s.Run("TemplateVersionTemplate/InsertParameterValue", s.Subtest(func(db database.Store, check *expects) {
|
||||
j := dbgen.ProvisionerJob(s.T(), db, database.ProvisionerJob{})
|
||||
tpl := dbgen.Template(s.T(), db, database.Template{})
|
||||
v := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{
|
||||
JobID: j.ID,
|
||||
TemplateID: uuid.NullUUID{
|
||||
UUID: tpl.ID,
|
||||
Valid: true,
|
||||
},
|
||||
},
|
||||
)
|
||||
check.Args(database.InsertParameterValueParams{
|
||||
ScopeID: j.ID,
|
||||
Scope: database.ParameterScopeImportJob,
|
||||
SourceScheme: database.ParameterSourceSchemeNone,
|
||||
DestinationScheme: database.ParameterDestinationSchemeNone,
|
||||
}).Asserts(v.RBACObject(tpl), rbac.ActionUpdate)
|
||||
}))
|
||||
s.Run("Template/InsertParameterValue", s.Subtest(func(db database.Store, check *expects) {
|
||||
tpl := dbgen.Template(s.T(), db, database.Template{})
|
||||
check.Args(database.InsertParameterValueParams{
|
||||
ScopeID: tpl.ID,
|
||||
Scope: database.ParameterScopeTemplate,
|
||||
SourceScheme: database.ParameterSourceSchemeNone,
|
||||
DestinationScheme: database.ParameterDestinationSchemeNone,
|
||||
}).Asserts(tpl, rbac.ActionUpdate)
|
||||
}))
|
||||
s.Run("Template/ParameterValue", s.Subtest(func(db database.Store, check *expects) {
|
||||
tpl := dbgen.Template(s.T(), db, database.Template{})
|
||||
pv := dbgen.ParameterValue(s.T(), db, database.ParameterValue{
|
||||
ScopeID: tpl.ID,
|
||||
Scope: database.ParameterScopeTemplate,
|
||||
})
|
||||
check.Args(pv.ID).Asserts(tpl, rbac.ActionRead).Returns(pv)
|
||||
}))
|
||||
s.Run("ParameterValues", s.Subtest(func(db database.Store, check *expects) {
|
||||
tpl := dbgen.Template(s.T(), db, database.Template{})
|
||||
a := dbgen.ParameterValue(s.T(), db, database.ParameterValue{
|
||||
ScopeID: tpl.ID,
|
||||
Scope: database.ParameterScopeTemplate,
|
||||
})
|
||||
w := dbgen.Workspace(s.T(), db, database.Workspace{})
|
||||
b := dbgen.ParameterValue(s.T(), db, database.ParameterValue{
|
||||
ScopeID: w.ID,
|
||||
Scope: database.ParameterScopeWorkspace,
|
||||
})
|
||||
check.Args(database.ParameterValuesParams{
|
||||
IDs: []uuid.UUID{a.ID, b.ID},
|
||||
}).Asserts(tpl, rbac.ActionRead, w, rbac.ActionRead).Returns(slice.New(a, b))
|
||||
}))
|
||||
s.Run("GetParameterSchemasByJobID", s.Subtest(func(db database.Store, check *expects) {
|
||||
j := dbgen.ProvisionerJob(s.T(), db, database.ProvisionerJob{})
|
||||
tpl := dbgen.Template(s.T(), db, database.Template{})
|
||||
tv := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{JobID: j.ID, TemplateID: uuid.NullUUID{UUID: tpl.ID, Valid: true}})
|
||||
a := dbgen.ParameterSchema(s.T(), db, database.ParameterSchema{JobID: j.ID})
|
||||
check.Args(j.ID).Asserts(tv.RBACObject(tpl), rbac.ActionRead).
|
||||
Returns([]database.ParameterSchema{a})
|
||||
}))
|
||||
s.Run("Workspace/GetParameterValueByScopeAndName", s.Subtest(func(db database.Store, check *expects) {
|
||||
w := dbgen.Workspace(s.T(), db, database.Workspace{})
|
||||
v := dbgen.ParameterValue(s.T(), db, database.ParameterValue{
|
||||
Scope: database.ParameterScopeWorkspace,
|
||||
ScopeID: w.ID,
|
||||
})
|
||||
check.Args(database.GetParameterValueByScopeAndNameParams{
|
||||
Scope: v.Scope,
|
||||
ScopeID: v.ScopeID,
|
||||
Name: v.Name,
|
||||
}).Asserts(w, rbac.ActionRead).Returns(v)
|
||||
}))
|
||||
s.Run("Workspace/DeleteParameterValueByID", s.Subtest(func(db database.Store, check *expects) {
|
||||
w := dbgen.Workspace(s.T(), db, database.Workspace{})
|
||||
v := dbgen.ParameterValue(s.T(), db, database.ParameterValue{
|
||||
Scope: database.ParameterScopeWorkspace,
|
||||
ScopeID: w.ID,
|
||||
})
|
||||
check.Args(v.ID).Asserts(w, rbac.ActionUpdate).Returns()
|
||||
}))
|
||||
}
|
||||
|
||||
func (s *MethodTestSuite) TestTemplate() {
|
||||
s.Run("GetPreviousTemplateVersion", s.Subtest(func(db database.Store, check *expects) {
|
||||
tvid := uuid.New()
|
||||
|
||||
@ -314,13 +314,6 @@ func (q *querier) GetWorkspacesEligibleForAutoStartStop(ctx context.Context, now
|
||||
return q.db.GetWorkspacesEligibleForAutoStartStop(ctx, now)
|
||||
}
|
||||
|
||||
func (q *querier) GetParameterSchemasCreatedAfter(ctx context.Context, createdAt time.Time) ([]database.ParameterSchema, error) {
|
||||
if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceSystem); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return q.db.GetParameterSchemasCreatedAfter(ctx, createdAt)
|
||||
}
|
||||
|
||||
// TODO: We need to create a ProvisionerJob resource type
|
||||
func (q *querier) GetProvisionerJobsCreatedAfter(ctx context.Context, createdAt time.Time) ([]database.ProvisionerJob, error) {
|
||||
// if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceSystem); err != nil {
|
||||
@ -432,13 +425,6 @@ func (q *querier) InsertWorkspaceResource(ctx context.Context, arg database.Inse
|
||||
return q.db.InsertWorkspaceResource(ctx, arg)
|
||||
}
|
||||
|
||||
func (q *querier) InsertParameterSchema(ctx context.Context, arg database.InsertParameterSchemaParams) (database.ParameterSchema, error) {
|
||||
if err := q.authorizeContext(ctx, rbac.ActionCreate, rbac.ResourceSystem); err != nil {
|
||||
return database.ParameterSchema{}, err
|
||||
}
|
||||
return q.db.InsertParameterSchema(ctx, arg)
|
||||
}
|
||||
|
||||
func (q *querier) GetWorkspaceProxyByHostname(ctx context.Context, params database.GetWorkspaceProxyByHostnameParams) (database.WorkspaceProxy, error) {
|
||||
if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceSystem); err != nil {
|
||||
return database.WorkspaceProxy{}, err
|
||||
|
||||
@ -133,10 +133,6 @@ func (s *MethodTestSuite) TestSystemFunctions() {
|
||||
s.Run("DeleteOldWorkspaceAgentStats", s.Subtest(func(db database.Store, check *expects) {
|
||||
check.Args().Asserts(rbac.ResourceSystem, rbac.ActionDelete)
|
||||
}))
|
||||
s.Run("GetParameterSchemasCreatedAfter", s.Subtest(func(db database.Store, check *expects) {
|
||||
_ = dbgen.ParameterSchema(s.T(), db, database.ParameterSchema{CreatedAt: time.Now().Add(-time.Hour)})
|
||||
check.Args(time.Now()).Asserts(rbac.ResourceSystem, rbac.ActionRead)
|
||||
}))
|
||||
s.Run("GetProvisionerJobsCreatedAfter", s.Subtest(func(db database.Store, check *expects) {
|
||||
// TODO: add provisioner job resource type
|
||||
_ = dbgen.ProvisionerJob(s.T(), db, database.ProvisionerJob{CreatedAt: time.Now().Add(-time.Hour)})
|
||||
@ -297,12 +293,4 @@ func (s *MethodTestSuite) TestSystemFunctions() {
|
||||
Transition: database.WorkspaceTransitionStart,
|
||||
}).Asserts(rbac.ResourceSystem, rbac.ActionCreate)
|
||||
}))
|
||||
s.Run("InsertParameterSchema", s.Subtest(func(db database.Store, check *expects) {
|
||||
check.Args(database.InsertParameterSchemaParams{
|
||||
ID: uuid.New(),
|
||||
DefaultSourceScheme: database.ParameterSourceSchemeNone,
|
||||
DefaultDestinationScheme: database.ParameterDestinationSchemeNone,
|
||||
ValidationTypeSystem: database.ParameterTypeSystemNone,
|
||||
}).Asserts(rbac.ResourceSystem, rbac.ActionCreate)
|
||||
}))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user