Skip to content

Commit ca23abe

Browse files
nxf5025nxf5025
authored
feat(provisioner): add support for workspace_owner_rbac_roles (#16407)
Part of coder/terraform-provider-coder#330 Adds support for the coder_workspace_owner.rbac_roles attribute
1 parent fc2815c commit ca23abe

File tree

7 files changed

+521
-341
lines changed

7 files changed

+521
-341
lines changed

coderd/provisionerdserver/provisionerdserver.go

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -594,6 +594,19 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo
594594
})
595595
}
596596

597+
roles, err := s.Database.GetAuthorizationUserRoles(ctx, owner.ID)
598+
if err != nil {
599+
return nil, failJob(fmt.Sprintf("get owner authorization roles: %s", err))
600+
}
601+
ownerRbacRoles := []*sdkproto.Role{}
602+
for _, role := range roles.Roles {
603+
if s.OrganizationID == uuid.Nil {
604+
ownerRbacRoles = append(ownerRbacRoles, &sdkproto.Role{Name: role, OrgId: ""})
605+
continue
606+
}
607+
ownerRbacRoles = append(ownerRbacRoles, &sdkproto.Role{Name: role, OrgId: s.OrganizationID.String()})
608+
}
609+
597610
protoJob.Type = &proto.AcquiredJob_WorkspaceBuild_{
598611
WorkspaceBuild: &proto.AcquiredJob_WorkspaceBuild{
599612
WorkspaceBuildId: workspaceBuild.ID.String(),
@@ -621,6 +634,7 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo
621634
WorkspaceOwnerSshPrivateKey: ownerSSHPrivateKey,
622635
WorkspaceBuildId: workspaceBuild.ID.String(),
623636
WorkspaceOwnerLoginType: string(owner.LoginType),
637+
WorkspaceOwnerRbacRoles: ownerRbacRoles,
624638
},
625639
LogLevel: input.LogLevel,
626640
},

coderd/provisionerdserver/provisionerdserver_test.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -377,6 +377,7 @@ func TestAcquireJob(t *testing.T) {
377377
WorkspaceOwnerSshPrivateKey: sshKey.PrivateKey,
378378
WorkspaceBuildId: build.ID.String(),
379379
WorkspaceOwnerLoginType: string(user.LoginType),
380+
WorkspaceOwnerRbacRoles: []*sdkproto.Role{{Name: "member", OrgId: pd.OrganizationID.String()}},
380381
},
381382
},
382383
})

provisioner/terraform/provision.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -242,6 +242,11 @@ func provisionEnv(
242242
return nil, xerrors.Errorf("marshal owner groups: %w", err)
243243
}
244244

245+
ownerRbacRoles, err := json.Marshal(metadata.GetWorkspaceOwnerRbacRoles())
246+
if err != nil {
247+
return nil, xerrors.Errorf("marshal owner rbac roles: %w", err)
248+
}
249+
245250
env = append(env,
246251
"CODER_AGENT_URL="+metadata.GetCoderUrl(),
247252
"CODER_WORKSPACE_TRANSITION="+strings.ToLower(metadata.GetWorkspaceTransition().String()),
@@ -254,6 +259,7 @@ func provisionEnv(
254259
"CODER_WORKSPACE_OWNER_SSH_PUBLIC_KEY="+metadata.GetWorkspaceOwnerSshPublicKey(),
255260
"CODER_WORKSPACE_OWNER_SSH_PRIVATE_KEY="+metadata.GetWorkspaceOwnerSshPrivateKey(),
256261
"CODER_WORKSPACE_OWNER_LOGIN_TYPE="+metadata.GetWorkspaceOwnerLoginType(),
262+
"CODER_WORKSPACE_OWNER_RBAC_ROLES="+string(ownerRbacRoles),
257263
"CODER_WORKSPACE_ID="+metadata.GetWorkspaceId(),
258264
"CODER_WORKSPACE_OWNER_ID="+metadata.GetWorkspaceOwnerId(),
259265
"CODER_WORKSPACE_OWNER_SESSION_TOKEN="+metadata.GetWorkspaceOwnerSessionToken(),

provisioner/terraform/provision_test.go

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -764,6 +764,53 @@ func TestProvision(t *testing.T) {
764764
}},
765765
},
766766
},
767+
{
768+
Name: "workspace-owner-rbac-roles",
769+
SkipReason: "field will be added in provider version 2.2.0",
770+
Files: map[string]string{
771+
"main.tf": `terraform {
772+
required_providers {
773+
coder = {
774+
source = "coder/coder"
775+
version = "2.2.0"
776+
}
777+
}
778+
}
779+
780+
resource "null_resource" "example" {}
781+
data "coder_workspace_owner" "me" {}
782+
resource "coder_metadata" "example" {
783+
resource_id = null_resource.example.id
784+
item {
785+
key = "rbac_roles_name"
786+
value = data.coder_workspace_owner.me.rbac_roles[0].name
787+
}
788+
item {
789+
key = "rbac_roles_org_id"
790+
value = data.coder_workspace_owner.me.rbac_roles[0].org_id
791+
}
792+
}
793+
`,
794+
},
795+
Request: &proto.PlanRequest{
796+
Metadata: &proto.Metadata{
797+
WorkspaceOwnerRbacRoles: []*proto.Role{{Name: "member", OrgId: ""}},
798+
},
799+
},
800+
Response: &proto.PlanComplete{
801+
Resources: []*proto.Resource{{
802+
Name: "example",
803+
Type: "null_resource",
804+
Metadata: []*proto.Resource_Metadata{{
805+
Key: "rbac_roles_name",
806+
Value: "member",
807+
}, {
808+
Key: "rbac_roles_org_id",
809+
Value: "",
810+
}},
811+
}},
812+
},
813+
},
767814
}
768815

769816
for _, testCase := range testCases {

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy