* test: Add benchmark for static rbac roles
* static roles should only be allocated once
* A unit test that modifies the ast value should not mess with the globals
* Cache subject AST values to avoid reallocating slices
Fixes an issue where API tokens belonging to a deleted user were
not invalidated:
- Adds a trigger to delete rows from the api_key stable when the
column deleted is set to true in the users table.
- Adds a trigger to the api_keys table to ensure that new rows
may not be added where user_id corresponds to a deleted user.
- Adds a migration to delete all API keys from deleted users.
- Adds tests + dbfake implementation for the above.
I manually went through every single dbfake function and ensured it has
the correct lock type depending on whether it writes or only reads.
There were a surprising amount of methods that had the wrong lock type
(Lock when only reading, or RLock when writing (!!!)).
This also manually fixes every method that acquires a RLock and then
calls a method that also acquires it's own RLock to use noLock methods
instead. You cannot rely on acquiring a RLock twice in the same
goroutine as RWMutex prioritizes any waiting Lock calls.
I tried writing a ruleguard rule for this but because of limitations in
ruleguard it doesn't seem possible.
* chore: Rbac errors should be returned, and not hidden behind 404
SqlErrNoRows was hiding actual errors
* Replace sql.ErrNoRow checks
* Remove sql err no rows check from dbauthz test
* Fix to use dbauthz system user
* test: Increase test coverage on auditable resources
When adding a new audit resource, we also need to add it to the
function switch statements. This is a likely mistake, now a unit
test will check this for you
* chore: move app proxying code to workspaceapps pkg
Moves path-app, subdomain-app and reconnecting PTY proxying to the new
workspaceapps.WorkspaceAppServer struct. This is in preparation for
external workspace proxies.
Updates app logout flow to avoid redirecting to coder-logout.${app_host}
on logout. Instead, all subdomain app tokens owned by the logging-out
user will be deleted every time you logout for simplicity sake.
Tests will remain in their original package, pending being moved to an
apptest package (or similar).
Co-authored-by: Steven Masley <stevenmasley@coder.com>
* chore: rename "InsertOrUpdate" to Upsert around the codebase
The shorter name uses up less line width, is easier to read
and is used more often.
* make gen
* fix: Users that can update a template can also read the file
This currently has a strange RBAC story. An issue will be filed
to streamline this.
This is a hotfix to resolve current functionality
* Only showsource code tab if the user has permission to edit the template
---------
Co-authored-by: Bruno Quaresma <bruno_nonato_quaresma@hotmail.com>
* feat: dbauthz always on, out of experimental
* Add ability to do rbac checks in unit tests
* Remove AuthorizeAllEndpoints
* Remove duplicate rbac checks
In GetTemplateVersionVariables we were effectively asking the provisionerd role to call rbac.ActionCreate on rbac.ResourceTemplate, which will never work. Updated this to be rbac.ActionRead instead.
- Introduces rbac.ResourceSystem
- Grants system.* to system and provisionerd rbac subjects
- Updates dbauthz system queries where applicable
- coderd: Avoid index out of bounds in api.workspaceBuilds
- dbauthz: move GetUsersByIDs out of system, modify RBAC check to ResourceUser
- workspaceapps: Add test case for when owner of app is not found
* feat: Implement view for workspace builds to include rbac info
* Removes the need to fetch the workspace to run an rbac check.
* chore: Use workspace build as RBAC object
* chore: Use golang templates instead of sqlc files
* feat: Allow changing the 'group' oidc claim field
* Enable empty groups support
* fix: Delete was wiping all groups, not just the single user's groups
* Update docs
* fix: Dbfake delete group member fixed
