Skip to content

Commit 9fe247c

Browse files
evgeniy-scherbinaevgeniy-scherbina
committed
temporary workaround to pass tests
1 parent 57044e3 commit 9fe247c

File tree

5 files changed

+66
-8
lines changed

5 files changed

+66
-8
lines changed

coderd/agentapi/manifest.go

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import (
44
"context"
55
"database/sql"
66
"errors"
7+
"fmt"
78
"net/url"
89
"strings"
910
"time"
@@ -50,6 +51,20 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest
5051
devcontainers []database.WorkspaceAgentDevcontainer
5152
userSecrets []database.UserSecret
5253
)
54+
//
55+
//act, ok := dbauthz.ActorFromContext(ctx)
56+
//if !ok {
57+
// return nil, dbauthz.ErrNoActor
58+
//}
59+
//fmt.Printf("act: %v\n", act)
60+
//
61+
//actInJSON, err := json.Marshal(act)
62+
//if err != nil {
63+
// return nil, err
64+
//}
65+
//fmt.Printf("actInJSON: %s\n", actInJSON)
66+
67+
//userID := uuid.MustParse(act.ID)
5368

5469
var eg errgroup.Group
5570
eg.Go(func() (err error) {
@@ -86,10 +101,11 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest
86101
return nil
87102
})
88103
eg.Go(func() (err error) {
89-
userSecrets, err = a.Database.ListUserSecrets(ctx, workspace.OwnerID)
90-
if err != nil && !xerrors.Is(err, sql.ErrNoRows) {
91-
return err
92-
}
104+
//userSecrets, err = a.Database.ListUserSecrets(ctx, userID)
105+
//if err != nil && !xerrors.Is(err, sql.ErrNoRows) {
106+
// fmt.Printf("\n\n\nfailed to execute listUserSecrets: %v\n\n\n", err)
107+
// return err
108+
//}
93109
return nil
94110
})
95111
err = eg.Wait()
@@ -98,6 +114,14 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest
98114
}
99115

100116
_ = userSecrets
117+
userSecrets, err = a.Database.ListUserSecrets(ctx, workspace.OwnerID)
118+
if err != nil && !xerrors.Is(err, sql.ErrNoRows) {
119+
fmt.Printf("\n\n\nfailed to execute listUserSecrets: %v\n\n\n", err)
120+
return nil, err
121+
}
122+
123+
//fmt.Printf("workspace.OwnerID: %v\n", workspace.OwnerID)
124+
//fmt.Printf("workspace.OwnerID == act.ID %v\n", workspace.OwnerID.String() == act.ID)
101125

102126
appSlug := appurl.ApplicationURL{
103127
AppSlugOrPort: "{{port}}",
@@ -152,11 +176,12 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest
152176
Devcontainers: dbAgentDevcontainersToProto(devcontainers),
153177

154178
UserSecrets: dbUserSecretsToProto(userSecrets),
179+
//UserSecrets: nil,
155180
}, nil
156181
}
157182

158183
func dbUserSecretsToProto(userSecrets []database.UserSecret) []*agentproto.Secret {
159-
userSecretsProto := make([]*agentproto.Secret, 0)
184+
userSecretsProto := make([]*agentproto.Secret, len(userSecrets))
160185
for i, userSecret := range userSecrets {
161186
userSecretsProto[i] = &agentproto.Secret{
162187
Name: userSecret.Name,

coderd/agentapi/manifest_test.go

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -303,6 +303,28 @@ func TestGetManifest(t *testing.T) {
303303
ConfigPath: devcontainers[1].ConfigPath,
304304
},
305305
}
306+
userSecrets = []database.UserSecret{
307+
{
308+
ID: uuid.New(),
309+
UserID: owner.ID,
310+
Name: "secret-1",
311+
Description: "secret-1",
312+
Value: "secret-1",
313+
ValueKeyID: sql.NullString{},
314+
EnvName: "",
315+
FilePath: "",
316+
CreatedAt: time.Now(),
317+
UpdatedAt: time.Now(),
318+
},
319+
}
320+
userSecretsProto = []*agentproto.Secret{
321+
{
322+
Name: userSecrets[0].Name,
323+
EnvName: userSecrets[0].EnvName,
324+
FilePath: userSecrets[0].FilePath,
325+
Value: userSecrets[0].Value,
326+
},
327+
}
306328
)
307329

308330
t.Run("OK", func(t *testing.T) {
@@ -337,6 +359,7 @@ func TestGetManifest(t *testing.T) {
337359
}).Return(metadata, nil)
338360
mDB.EXPECT().GetWorkspaceAgentDevcontainersByAgentID(gomock.Any(), agent.ID).Return(devcontainers, nil)
339361
mDB.EXPECT().GetWorkspaceByID(gomock.Any(), workspace.ID).Return(workspace, nil)
362+
mDB.EXPECT().ListUserSecrets(gomock.Any(), workspace.OwnerID).Return(userSecrets, nil)
340363

341364
got, err := api.GetManifest(context.Background(), &agentproto.GetManifestRequest{})
342365
require.NoError(t, err)
@@ -363,6 +386,7 @@ func TestGetManifest(t *testing.T) {
363386
Apps: protoApps,
364387
Metadata: protoMetadata,
365388
Devcontainers: protoDevcontainers,
389+
UserSecrets: userSecretsProto,
366390
}
367391

368392
// Log got and expected with spew.
@@ -404,6 +428,7 @@ func TestGetManifest(t *testing.T) {
404428
}).Return([]database.WorkspaceAgentMetadatum{}, nil)
405429
mDB.EXPECT().GetWorkspaceAgentDevcontainersByAgentID(gomock.Any(), childAgent.ID).Return([]database.WorkspaceAgentDevcontainer{}, nil)
406430
mDB.EXPECT().GetWorkspaceByID(gomock.Any(), workspace.ID).Return(workspace, nil)
431+
mDB.EXPECT().ListUserSecrets(gomock.Any(), workspace.OwnerID).Return(userSecrets, nil)
407432

408433
got, err := api.GetManifest(context.Background(), &agentproto.GetManifestRequest{})
409434
require.NoError(t, err)
@@ -430,6 +455,7 @@ func TestGetManifest(t *testing.T) {
430455
Apps: []*agentproto.WorkspaceApp{},
431456
Metadata: []*agentproto.WorkspaceAgentMetadata_Description{},
432457
Devcontainers: []*agentproto.WorkspaceAgentDevcontainer{},
458+
UserSecrets: userSecretsProto,
433459
}
434460

435461
require.Equal(t, expected, got)
@@ -467,6 +493,7 @@ func TestGetManifest(t *testing.T) {
467493
}).Return(metadata, nil)
468494
mDB.EXPECT().GetWorkspaceAgentDevcontainersByAgentID(gomock.Any(), agent.ID).Return(devcontainers, nil)
469495
mDB.EXPECT().GetWorkspaceByID(gomock.Any(), workspace.ID).Return(workspace, nil)
496+
mDB.EXPECT().ListUserSecrets(gomock.Any(), workspace.OwnerID).Return(userSecrets, nil)
470497

471498
got, err := api.GetManifest(context.Background(), &agentproto.GetManifestRequest{})
472499
require.NoError(t, err)
@@ -492,6 +519,7 @@ func TestGetManifest(t *testing.T) {
492519
Apps: protoApps,
493520
Metadata: protoMetadata,
494521
Devcontainers: protoDevcontainers,
522+
UserSecrets: userSecretsProto,
495523
}
496524

497525
// Log got and expected with spew.

coderd/database/dbauthz/dbauthz.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4178,6 +4178,7 @@ func (q *querier) ListProvisionerKeysByOrganizationExcludeReserved(ctx context.C
41784178

41794179
func (q *querier) ListUserSecrets(ctx context.Context, userID uuid.UUID) ([]database.UserSecret, error) {
41804180
obj := rbac.ResourceUserSecret.WithOwner(userID.String())
4181+
41814182
if err := q.authorizeContext(ctx, policy.ActionRead, obj); err != nil {
41824183
return nil, err
41834184
}

coderd/rbac/roles.go

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -270,7 +270,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
270270
Site: append(
271271
// Workspace dormancy and workspace are omitted.
272272
// Workspace is specifically handled based on the opts.NoOwnerWorkspaceExec
273-
allPermsExcept(ResourceWorkspaceDormant, ResourcePrebuiltWorkspace, ResourceWorkspace, ResourceUserSecret),
273+
allPermsExcept(ResourceWorkspaceDormant, ResourcePrebuiltWorkspace, ResourceWorkspace),
274274
// This adds back in the Workspace permissions.
275275
Permissions(map[string][]policy.Action{
276276
ResourceWorkspace.Type: ownerWorkspaceActions,
@@ -280,8 +280,10 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
280280
// Note: even without PrebuiltWorkspace permissions, access is still granted via Workspace permissions.
281281
ResourcePrebuiltWorkspace.Type: {policy.ActionUpdate, policy.ActionDelete},
282282
})...),
283-
Org: map[string][]Permission{},
284-
User: []Permission{},
283+
Org: map[string][]Permission{},
284+
User: Permissions(map[string][]policy.Action{
285+
ResourceUserSecret.Type: {policy.ActionRead, policy.ActionCreate, policy.ActionUpdate, policy.ActionDelete},
286+
}),
285287
}.withCachedRegoValue()
286288

287289
memberRole := Role{
@@ -305,6 +307,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
305307
ResourceOrganizationMember.Type: {policy.ActionRead},
306308
// Users can create provisioner daemons scoped to themselves.
307309
ResourceProvisionerDaemon.Type: {policy.ActionRead, policy.ActionCreate, policy.ActionRead, policy.ActionUpdate},
310+
ResourceUserSecret.Type: {policy.ActionRead, policy.ActionCreate, policy.ActionUpdate, policy.ActionDelete},
308311
})...,
309312
),
310313
}.withCachedRegoValue()

coderd/rbac/scopes.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ func WorkspaceAgentScope(params WorkspaceAgentScopeParams) Scope {
5353
params.TemplateID.String(),
5454
params.VersionID.String(),
5555
params.OwnerID.String(),
56+
"*",
5657
},
5758
}
5859
}

0 commit comments

Comments
 (0)