Skip to content

Commit 9fe247c

Browse files
evgeniy-scherbinaevgeniy-scherbina
committed
temporary workaround to pass tests
1 parent 57044e3 commit 9fe247c

File tree

5 files changed

+66
-8
lines changed

5 files changed

+66
-8
lines changed

coderd/agentapi/manifest.go

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import (
44
"context"
55
"database/sql"
66
"errors"
7+
"fmt"
78
"net/url"
89
"strings"
910
"time"
@@ -50,6 +51,20 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest
5051
devcontainers []database.WorkspaceAgentDevcontainer
5152
userSecrets []database.UserSecret
5253
)
54+
//
55+
//act, ok := dbauthz.ActorFromContext(ctx)
56+
//if !ok {
57+
// return nil, dbauthz.ErrNoActor
58+
//}
59+
//fmt.Printf("act: %v\n", act)
60+
//
61+
//actInJSON, err := json.Marshal(act)
62+
//if err != nil {
63+
// return nil, err
64+
//}
65+
//fmt.Printf("actInJSON: %s\n", actInJSON)
66+
67+
//userID := uuid.MustParse(act.ID)
5368

5469
var eg errgroup.Group
5570
eg.Go(func() (err error) {
@@ -86,10 +101,11 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest
86101
return nil
87102
})
88103
eg.Go(func() (err error) {
89-
userSecrets, err = a.Database.ListUserSecrets(ctx, workspace.OwnerID)
90-
if err != nil && !xerrors.Is(err, sql.ErrNoRows) {
91-
return err
92-
}
104+
//userSecrets, err = a.Database.ListUserSecrets(ctx, userID)
105+
//if err != nil && !xerrors.Is(err, sql.ErrNoRows) {
106+
// fmt.Printf("\n\n\nfailed to execute listUserSecrets: %v\n\n\n", err)
107+
// return err
108+
//}
93109
return nil
94110
})
95111
err = eg.Wait()
@@ -98,6 +114,14 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest
98114
}
99115

100116
_ = userSecrets
117+
userSecrets, err = a.Database.ListUserSecrets(ctx, workspace.OwnerID)
118+
if err != nil && !xerrors.Is(err, sql.ErrNoRows) {
119+
fmt.Printf("\n\n\nfailed to execute listUserSecrets: %v\n\n\n", err)
120+
return nil, err
121+
}
122+
123+
//fmt.Printf("workspace.OwnerID: %v\n", workspace.OwnerID)
124+
//fmt.Printf("workspace.OwnerID == act.ID %v\n", workspace.OwnerID.String() == act.ID)
101125

102126
appSlug := appurl.ApplicationURL{
103127
AppSlugOrPort: "{{port}}",
@@ -152,11 +176,12 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest
152176
Devcontainers: dbAgentDevcontainersToProto(devcontainers),
153177

154178
UserSecrets: dbUserSecretsToProto(userSecrets),
179+
//UserSecrets: nil,
155180
}, nil
156181
}
157182

158183
func dbUserSecretsToProto(userSecrets []database.UserSecret) []*agentproto.Secret {
159-
userSecretsProto := make([]*agentproto.Secret, 0)
184+
userSecretsProto := make([]*agentproto.Secret, len(userSecrets))
160185
for i, userSecret := range userSecrets {
161186
userSecretsProto[i] = &agentproto.Secret{
162187
Name: userSecret.Name,

coderd/agentapi/manifest_test.go

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -303,6 +303,28 @@ func TestGetManifest(t *testing.T) {
303303
ConfigPath: devcontainers[1].ConfigPath,
304304
},
305305
}
306+
userSecrets = []database.UserSecret{
307+
{
308+
ID: uuid.New(),
309+
UserID: owner.ID,
310+
Name: "secret-1",
311+
Description: "secret-1",
312+
Value: "secret-1",
313+
ValueKeyID: sql.NullString{},
314+
EnvName: "",
315+
FilePath: "",
316+
CreatedAt: time.Now(),
317+
UpdatedAt: time.Now(),
318+
},
319+
}
320+
userSecretsProto = []*agentproto.Secret{
321+
{
322+
Name: userSecrets[0].Name,
323+
EnvName: userSecrets[0].EnvName,
324+
FilePath: userSecrets[0].FilePath,
325+
Value: userSecrets[0].Value,
326+
},
327+
}
306328
)
307329

308330
t.Run("OK", func(t *testing.T) {
@@ -337,6 +359,7 @@ func TestGetManifest(t *testing.T) {
337359
}).Return(metadata, nil)
338360
mDB.EXPECT().GetWorkspaceAgentDevcontainersByAgentID(gomock.Any(), agent.ID).Return(devcontainers, nil)
339361
mDB.EXPECT().GetWorkspaceByID(gomock.Any(), workspace.ID).Return(workspace, nil)
362+
mDB.EXPECT().ListUserSecrets(gomock.Any(), workspace.OwnerID).Return(userSecrets, nil)
340363

341364
got, err := api.GetManifest(context.Background(), &agentproto.GetManifestRequest{})
342365
require.NoError(t, err)
@@ -363,6 +386,7 @@ func TestGetManifest(t *testing.T) {
363386
Apps: protoApps,
364387
Metadata: protoMetadata,
365388
Devcontainers: protoDevcontainers,
389+
UserSecrets: userSecretsProto,
366390
}
367391

368392
// Log got and expected with spew.
@@ -404,6 +428,7 @@ func TestGetManifest(t *testing.T) {
404428
}).Return([]database.WorkspaceAgentMetadatum{}, nil)
405429
mDB.EXPECT().GetWorkspaceAgentDevcontainersByAgentID(gomock.Any(), childAgent.ID).Return([]database.WorkspaceAgentDevcontainer{}, nil)
406430
mDB.EXPECT().GetWorkspaceByID(gomock.Any(), workspace.ID).Return(workspace, nil)
431+
mDB.EXPECT().ListUserSecrets(gomock.Any(), workspace.OwnerID).Return(userSecrets, nil)
407432

408433
got, err := api.GetManifest(context.Background(), &agentproto.GetManifestRequest{})
409434
require.NoError(t, err)
@@ -430,6 +455,7 @@ func TestGetManifest(t *testing.T) {
430455
Apps: []*agentproto.WorkspaceApp{},
431456
Metadata: []*agentproto.WorkspaceAgentMetadata_Description{},
432457
Devcontainers: []*agentproto.WorkspaceAgentDevcontainer{},
458+
UserSecrets: userSecretsProto,
433459
}
434460

435461
require.Equal(t, expected, got)
@@ -467,6 +493,7 @@ func TestGetManifest(t *testing.T) {
467493
}).Return(metadata, nil)
468494
mDB.EXPECT().GetWorkspaceAgentDevcontainersByAgentID(gomock.Any(), agent.ID).Return(devcontainers, nil)
469495
mDB.EXPECT().GetWorkspaceByID(gomock.Any(), workspace.ID).Return(workspace, nil)
496+
mDB.EXPECT().ListUserSecrets(gomock.Any(), workspace.OwnerID).Return(userSecrets, nil)
470497

471498
got, err := api.GetManifest(context.Background(), &agentproto.GetManifestRequest{})
472499
require.NoError(t, err)
@@ -492,6 +519,7 @@ func TestGetManifest(t *testing.T) {
492519
Apps: protoApps,
493520
Metadata: protoMetadata,
494521
Devcontainers: protoDevcontainers,
522+
UserSecrets: userSecretsProto,
495523
}
496524

497525
// Log got and expected with spew.

coderd/database/dbauthz/dbauthz.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4178,6 +4178,7 @@ func (q *querier) ListProvisionerKeysByOrganizationExcludeReserved(ctx context.C
41784178

41794179
func (q *querier) ListUserSecrets(ctx context.Context, userID uuid.UUID) ([]database.UserSecret, error) {
41804180
obj := rbac.ResourceUserSecret.WithOwner(userID.String())
4181+
41814182
if err := q.authorizeContext(ctx, policy.ActionRead, obj); err != nil {
41824183
return nil, err
41834184
}

coderd/rbac/roles.go

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -270,7 +270,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
270270
Site: append(
271271
// Workspace dormancy and workspace are omitted.
272272
// Workspace is specifically handled based on the opts.NoOwnerWorkspaceExec
273-
allPermsExcept(ResourceWorkspaceDormant, ResourcePrebuiltWorkspace, ResourceWorkspace, ResourceUserSecret),
273+
allPermsExcept(ResourceWorkspaceDormant, ResourcePrebuiltWorkspace, ResourceWorkspace),
274274
// This adds back in the Workspace permissions.
275275
Permissions(map[string][]policy.Action{
276276
ResourceWorkspace.Type: ownerWorkspaceActions,
@@ -280,8 +280,10 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
280280
// Note: even without PrebuiltWorkspace permissions, access is still granted via Workspace permissions.
281281
ResourcePrebuiltWorkspace.Type: {policy.ActionUpdate, policy.ActionDelete},
282282
})...),
283-
Org: map[string][]Permission{},
284-
User: []Permission{},
283+
Org: map[string][]Permission{},
284+
User: Permissions(map[string][]policy.Action{
285+
ResourceUserSecret.Type: {policy.ActionRead, policy.ActionCreate, policy.ActionUpdate, policy.ActionDelete},
286+
}),
285287
}.withCachedRegoValue()
286288

287289
memberRole := Role{
@@ -305,6 +307,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
305307
ResourceOrganizationMember.Type: {policy.ActionRead},
306308
// Users can create provisioner daemons scoped to themselves.
307309
ResourceProvisionerDaemon.Type: {policy.ActionRead, policy.ActionCreate, policy.ActionRead, policy.ActionUpdate},
310+
ResourceUserSecret.Type: {policy.ActionRead, policy.ActionCreate, policy.ActionUpdate, policy.ActionDelete},
308311
})...,
309312
),
310313
}.withCachedRegoValue()

coderd/rbac/scopes.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ func WorkspaceAgentScope(params WorkspaceAgentScopeParams) Scope {
5353
params.TemplateID.String(),
5454
params.VersionID.String(),
5555
params.OwnerID.String(),
56+
"*",
5657
},
5758
}
5859
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy