2ba4a62a0d
* feat: HA tailnet coordinator * fixup! feat: HA tailnet coordinator * fixup! feat: HA tailnet coordinator * remove printlns * close all connections on coordinator * impelement high availability feature * fixup! impelement high availability feature * fixup! impelement high availability feature * fixup! impelement high availability feature * fixup! impelement high availability feature * Add replicas * Add DERP meshing to arbitrary addresses * Move packages to highavailability folder * Move coordinator to high availability package * Add flags for HA * Rename to replicasync * Denest packages for replicas * Add test for multiple replicas * Fix coordination test * Add HA to the helm chart * Rename function pointer * Add warnings for HA * Add the ability to block endpoints * Add flag to disable P2P connections * Wow, I made the tests pass * Add replicas endpoint * Ensure close kills replica * Update sql * Add database latency to high availability * Pipe TLS to DERP mesh * Fix DERP mesh with TLS * Add tests for TLS * Fix replica sync TLS * Fix RootCA for replica meshing * Remove ID from replicasync * Fix getting certificates for meshing * Remove excessive locking * Fix linting * Store mesh key in the database * Fix replica key for tests * Fix types gen * Fix unlocking unlocked * Fix race in tests * Update enterprise/derpmesh/derpmesh.go Co-authored-by: Colin Adler <colin1adler@gmail.com> * Rename to syncReplicas * Reuse http client * Delete old replicas on a CRON * Fix race condition in connection tests * Fix linting * Fix nil type * Move pubsub to in-memory for twenty test * Add comment for configuration tweaking * Fix leak with transport * Fix close leak in derpmesh * Fix race when creating server * Remove handler update * Skip test on Windows * Fix DERP mesh test * Wrap HTTP handler replacement in mutex * Fix error message for relay * Fix API handler for normal tests * Fix speedtest * Fix replica resend * Fix derpmesh send * Ping async * Increase wait time of template version jobd * Fix race when closing replica sync * Add name to client * Log the derpmap being used * Don't connect if DERP is empty * Improve agent coordinator logging * Fix lock in coordinator * Fix relay addr * Fix race when updating durations * Fix client publish race * Run pubsub loop in a queue * Store agent nodes in order * Fix coordinator locking * Check for closed pipe Co-authored-by: Colin Adler <colin1adler@gmail.com>
Authz
Package authz implements AuthoriZation for Coder.
Overview
Authorization defines what permission a subject has to perform actions to objects:
- Permission is binary: yes (allowed) or no (denied).
- Subject in this case is anything that implements interface
authz.Subject. - Action here is an enumerated list of actions, but we stick to
Create,Read,Update, andDeletehere. - Object here is anything that implements
authz.Object.
Permission Structure
A permission is a rule that grants or denies access for a subject to perform an action on a object. A permission is always applied at a given level:
- site level applies to all objects in a given Coder deployment.
- org level applies to all objects that have an organization owner (
org_owner) - user level applies to all objects that have an owner with the same ID as the subject.
Permissions at a higher level always override permissions at a lower level.
The effect of a permission can be:
- positive (allows)
- negative (denies)
- abstain (neither allows or denies, not applicable)
Negative permissions always override positive permissions at the same level. Both negative and positive permissions override abstain at the same level.
This can be represented by the following truth table, where Y represents positive, N represents negative, and _ represents abstain:
| Action | Positive | Negative | Result |
|---|---|---|---|
| read | Y | _ | Y |
| read | Y | N | N |
| read | _ | _ | _ |
| read | _ | N | Y |
Permission Representation
Permissions are represented in string format as <sign>?<level>.<object>.<id>.<action>, where:
negatedcan be either+or-. If it is omitted, sign is assumed to be+.levelis eithersite,org, oruser.objectis any valid resource type.idis any valid UUID v4.actioniscreate,read,modify, ordelete.
Example Permissions
+site.*.*.read: allowed to perform thereadaction against all objects of typeappin a given Coder deployment.-user.workspace.*.create: user is not allowed to create workspaces.
Roles
A role is a set of permissions. When evaluating a role's permission to form an action, all the relevant permissions for the role are combined at each level. Permissions at a higher level override permissions at a lower level.
The following table shows the per-level role evaluation. Y indicates that the role provides positive permissions, N indicates the role provides negative permissions, and _ indicates the role does not provide positive or negative permissions. YN_ indicates that the value in the cell does not matter for the access result.
| Role (example) | Site | Org | User | Result |
|---|---|---|---|---|
| site-admin | Y | YN_ | YN_ | Y |
| no-permission | N | YN_ | YN_ | N |
| org-admin | _ | Y | YN_ | Y |
| non-org-member | _ | N | YN_ | N |
| user | _ | _ | Y | Y |
| _ | _ | N | N | |
| unauthenticated | _ | _ | _ | N |