Commit Graph

120 Commits

Author SHA1 Message Date
6122df6f1f feature: gate audit log by permissions (#3464)
* pairing

* restricting audit route

resolvees #3460

* updated tests

* fixing lint

* useSelector instead of useActor
2022-08-11 09:34:45 -04:00
db665e7261 chore: Drop resource_id support in rbac system (#3426) 2022-08-09 18:16:53 +00:00
19fcf60864 ci: add typo detection (#3327)
And fix them.
2022-08-01 09:29:52 -04:00
013f028e55 feat: Add workspace application support (#1773)
* feat: Add app support

This adds apps as a property to a workspace agent.

The resource is added to the Terraform provider here:
https://github.com/coder/terraform-provider-coder/pull/17

Apps will be opened in the dashboard or via the CLI
with `coder open <name>`. If `command` is specified, a
terminal will appear locally and in the web. If `target`
is specified, the browser will open to an exposed instance
of that target.

* Compare fields in apps test

* Update Terraform provider to use relative path

* Add some basic structure for routing

* chore: Remove interface from coderd and lift API surface

Abstracting coderd into an interface added misdirection because
the interface was never intended to be fulfilled outside of a single
implementation.

This lifts the abstraction, and attaches all handlers to a root struct
named `*coderd.API`.

* Add basic proxy logic

* Add proxying based on path

* Add app proxying for wildcards

* Add wsconncache

* fix: Race when writing to a closed pipe

This is such an intermittent race it's difficult to track,
but regardless this is an improvement to the code.

* fix: Race when writing to a closed pipe

This is such an intermittent race it's difficult to track,
but regardless this is an improvement to the code.

* fix: Race when writing to a closed pipe

This is such an intermittent race it's difficult to track,
but regardless this is an improvement to the code.

* fix: Race when writing to a closed pipe

This is such an intermittent race it's difficult to track,
but regardless this is an improvement to the code.

* Add workspace route proxying endpoint

- Makes the workspace conn cache concurrency-safe
- Reduces unnecessary open checks in `peer.Channel`
- Fixes the use of a temporary context when dialing a workspace agent

* Add embed errors

* chore: Refactor site to improve testing

It was difficult to develop this package due to the
embed build tag being mandatory on the tests. The logic
to test doesn't require any embedded files.

* Add test for error handler

* Remove unused access url

* Add RBAC tests

* Fix dial agent syntax

* Fix linting errors

* Fix gen

* Fix icon required

* Adjust migration number

* Fix proxy error status code

* Fix empty db lookup
2022-06-04 15:13:37 -05:00
cc87a0cf6b feat: Implied 'member' roles for site and organization (#1917)
* feat: Member roles are implied and never exlpicitly added
* Rename "GetAllUserRoles" to "GetAuthorizationRoles"
* feat: Add migration to remove implied roles
* rename user auth role middleware
2022-06-01 09:07:50 -05:00
ebaae75993 test: Unit test to assert role capabilities (#1781)
* test: Unit test to assert role permissions

This unit test allows for asserting which roles can perform
actions on various objects. This is much easier than making
unit tests to hit the api.
2022-05-27 08:48:19 -05:00
c04d045279 feat: RBAC provisionerdaemons and parameters (#1755)
* chore: Remove org_id from provisionerdaemons
2022-05-26 11:20:54 -05:00
eea8dc6c16 feat: Add rbac to templateversion+orgmember endpoints (#1713) 2022-05-25 11:00:59 -05:00
363b16af38 fix: Add template read permission node to members (#1712) 2022-05-24 16:35:34 +00:00
c7ca86d374 feat: Implement RBAC checks on /templates endpoints (#1678)
* feat: Generic Filter method for rbac objects
2022-05-24 08:43:34 -05:00
2638c274cb fix: User's should be able to read what roles available (#1575) 2022-05-18 20:47:43 +00:00
4ad5ac2d4a feat: Rbac more coderd endpoints, unit test to confirm (#1437)
* feat: Enforce authorize call on all endpoints
- Make 'request()' exported for running custom requests
* Rbac users endpoints
* 401 -> 403
2022-05-17 13:43:19 -05:00
e6168ba238 feat: Add permissions for links (#1407) 2022-05-13 14:25:57 +00:00
97a95f1377 chore: upgrade golangci-lint to v1.46.0 (#1373) 2022-05-10 16:04:23 -05:00
00806580f5 refactor: Return the display_name and name in the roles endpoint (#1328) 2022-05-06 19:18:00 +00:00
57bb108465 feat: Add update user password endpoint (#1310) 2022-05-06 09:20:08 -05:00
d0293e4d33 feat: Implement list roles & enforce authorize examples (#1273) 2022-05-03 16:10:19 -05:00
35211e2190 feat: Add user roles, but do not yet enforce them (#1200)
* chore: Rework roles to be expandable by name alone
2022-04-29 09:04:19 -05:00
5ce06769cd chore: replace todos with issues (#1066) 2022-04-19 12:16:57 -04:00
770c567123 feat: Add RBAC package for managing user permissions (#929)
This PR adds an RBAC package for managing using permissions:
- The top-level `authz.Authorize` function is the main user-facing entrypoint to the package.
- Actual permission evaluation is handled in `policy.rego`.
- Unit tests for `authz.Authorize` are in `authz_test.go`
- Documentation for the package is in `README.md`.

Co-authored-by: Cian Johnston <cian@coder.com>
2022-04-13 08:35:35 -05:00