feat: deployment flags (#4426)

2025-07-06 15:41:45 +00:00 · 2022-10-10 15:04:15 -04:00
parent b50bb99fe7
commit b1faaef482
11 changed files with 949 additions and 284 deletions
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@ -82,6 +82,7 @@ type Options struct {
 	MetricsCacheRefreshInterval time.Duration
 	AgentStatsRefreshInterval   time.Duration
 	Experimental                bool
+	DeploymentFlags             *codersdk.DeploymentFlags
 }

 // New constructs a Coder API handler.
@ -259,6 +260,10 @@ func New(options *Options) *API {
 				})
 			})
 		})
+		r.Route("/flags", func(r chi.Router) {
+			r.Use(apiKeyMiddleware)
+			r.Get("/deployment", api.deploymentFlags)
+		})
 		r.Route("/audit", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
--- a/coderd/coderdtest/coderdtest.go
+++ b/coderd/coderdtest/coderdtest.go
@ -83,6 +83,7 @@ type Options struct {
 	IncludeProvisionerDaemon    bool
 	MetricsCacheRefreshInterval time.Duration
 	AgentStatsRefreshInterval   time.Duration
+	DeploymentFlags             *codersdk.DeploymentFlags
 }

 // New constructs a codersdk client connected to an in-memory API instance.
@ -237,6 +238,7 @@ func NewOptions(t *testing.T, options *Options) (*httptest.Server, context.Cance
 		AutoImportTemplates:         options.AutoImportTemplates,
 		MetricsCacheRefreshInterval: options.MetricsCacheRefreshInterval,
 		AgentStatsRefreshInterval:   options.AgentStatsRefreshInterval,
+		DeploymentFlags:             options.DeploymentFlags,
 	}
 }

--- a/coderd/flags.go
+++ b/coderd/flags.go
@ -0,0 +1,18 @@
+package coderd
+
+import (
+	"net/http"
+
+	"github.com/coder/coder/cli/deployment"
+	"github.com/coder/coder/coderd/httpapi"
+	"github.com/coder/coder/coderd/rbac"
+)
+
+func (api *API) deploymentFlags(rw http.ResponseWriter, r *http.Request) {
+	if !api.Authorize(r, rbac.ActionRead, rbac.ResourceDeploymentFlags) {
+		httpapi.Forbidden(rw)
+		return
+	}
+
+	httpapi.Write(r.Context(), rw, http.StatusOK, deployment.RemoveSensitiveValues(*api.DeploymentFlags))
+}
--- a/coderd/flags_test.go
+++ b/coderd/flags_test.go
@ -0,0 +1,47 @@
+package coderd_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/cli/deployment"
+	"github.com/coder/coder/coderd/coderdtest"
+	"github.com/coder/coder/testutil"
+)
+
+const (
+	secretValue = "********"
+)
+
+func TestDeploymentFlagSecrets(t *testing.T) {
+	t.Parallel()
+	hi := "hi"
+	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+	defer cancel()
+	df := deployment.Flags()
+	// check if copy works for non-secret values
+	df.AccessURL.Value = hi
+	// check if secrets are removed
+	df.OAuth2GithubClientSecret.Value = hi
+	df.OIDCClientSecret.Value = hi
+	df.PostgresURL.Value = hi
+	df.SCIMAuthHeader.Value = hi
+
+	client := coderdtest.New(t, &coderdtest.Options{
+		DeploymentFlags: &df,
+	})
+	_ = coderdtest.CreateFirstUser(t, client)
+	scrubbed, err := client.DeploymentFlags(ctx)
+	require.NoError(t, err)
+	// ensure df is unchanged
+	require.EqualValues(t, hi, df.OAuth2GithubClientSecret.Value)
+	// ensure normal values pass through
+	require.EqualValues(t, hi, scrubbed.AccessURL.Value)
+	// ensure secrets are removed
+	require.EqualValues(t, secretValue, scrubbed.OAuth2GithubClientSecret.Value)
+	require.EqualValues(t, secretValue, scrubbed.OIDCClientSecret.Value)
+	require.EqualValues(t, secretValue, scrubbed.PostgresURL.Value)
+	require.EqualValues(t, secretValue, scrubbed.SCIMAuthHeader.Value)
+}
--- a/coderd/rbac/object.go
+++ b/coderd/rbac/object.go
@ -133,6 +133,11 @@ var (
 	ResourceLicense = Object{
 		Type: "license",
 	}
+
+	// ResourceDeploymentFlags
+	ResourceDeploymentFlags = Object{
+		Type: "deployment_flags",
+	}
 )

 // Object is used to create objects for authz checks when you have none in