Skip to content

Commit 11f85bf

Browse files
johnstcnjohnstcn
committed
make AllUserIDs a fully-fledged query citizen
1 parent 2f63e43 commit 11f85bf

File tree

9 files changed

+77
-26
lines changed

9 files changed

+77
-26
lines changed

coderd/database/dbauthz/dbauthz.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -664,6 +664,15 @@ func (q *querier) ActivityBumpWorkspace(ctx context.Context, arg uuid.UUID) erro
664664
return update(q.log, q.auth, fetch, q.db.ActivityBumpWorkspace)(ctx, arg)
665665
}
666666

667+
func (q *querier) AllUserIDs(ctx context.Context) ([]uuid.UUID, error) {
668+
// Although this technically only reads users, only system-related functions should be
669+
// allowed to call this.
670+
if err := q.authorizeContext(ctx, rbac.ActionRead, rbac.ResourceSystem); err != nil {
671+
return nil, err
672+
}
673+
return q.db.AllUserIDs(ctx)
674+
}
675+
667676
func (q *querier) CleanTailnetCoordinators(ctx context.Context) error {
668677
if err := q.authorizeContext(ctx, rbac.ActionDelete, rbac.ResourceTailnetCoordinator); err != nil {
669678
return err

coderd/database/dbfake/dbfake.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -812,6 +812,14 @@ func (q *FakeQuerier) ActivityBumpWorkspace(ctx context.Context, workspaceID uui
812812
return sql.ErrNoRows
813813
}
814814

815+
func (q *FakeQuerier) AllUserIDs(ctx context.Context) ([]uuid.UUID, error) {
816+
userIDs := make([]uuid.UUID, 0, len(q.users))
817+
for idx := range q.users {
818+
userIDs[idx] = q.users[idx].ID
819+
}
820+
return userIDs, nil
821+
}
822+
815823
func (*FakeQuerier) CleanTailnetCoordinators(_ context.Context) error {
816824
return ErrUnimplemented
817825
}

coderd/database/dbmetrics/dbmetrics.go

Lines changed: 7 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dbmock/dbmock.go

Lines changed: 15 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/querier.go

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries.sql.go

Lines changed: 28 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/dbcrypt.sql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,3 +16,4 @@ AND
1616
INSERT INTO dbcrypt_keys
1717
(number, active_key_digest, created_at, test)
1818
VALUES (@number::int, @active_key_digest::text, CURRENT_TIMESTAMP, @test::text);
19+

coderd/database/queries/users.sql

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -262,3 +262,8 @@ WHERE
262262
last_seen_at < @last_seen_after :: timestamp
263263
AND status = 'active'::user_status
264264
RETURNING id, email, last_seen_at;
265+
266+
-- AllUserIDs returns all UserIDs regardless of user status or deletion.
267+
-- name: AllUserIDs :many
268+
SELECT DISTINCT id FROM USERS;
269+

enterprise/dbcrypt/cliutil.go

Lines changed: 2 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,6 @@ import (
66

77
"golang.org/x/xerrors"
88

9-
"github.com/google/uuid"
10-
119
"cdr.dev/slog"
1210
"github.com/coder/coder/v2/coderd/database"
1311
)
@@ -21,7 +19,7 @@ func Rotate(ctx context.Context, log slog.Logger, sqlDB *sql.DB, ciphers []Ciphe
2119
return xerrors.Errorf("create cryptdb: %w", err)
2220
}
2321

24-
userIDs, err := allUserIDs(ctx, sqlDB)
22+
userIDs, err := db.AllUserIDs(ctx)
2523
if err != nil {
2624
return xerrors.Errorf("get users: %w", err)
2725
}
@@ -105,7 +103,7 @@ func Decrypt(ctx context.Context, log slog.Logger, sqlDB *sql.DB, ciphers []Ciph
105103
}
106104
cryptDB.primaryCipherDigest = ""
107105

108-
userIDs, err := allUserIDs(ctx, sqlDB)
106+
userIDs, err := db.AllUserIDs(ctx)
109107
if err != nil {
110108
return xerrors.Errorf("get users: %w", err)
111109
}
@@ -214,25 +212,3 @@ func Delete(ctx context.Context, log slog.Logger, sqlDB *sql.DB) error {
214212

215213
return nil
216214
}
217-
218-
// allUserIDs returns _all_ user IDs we know about, regardless of status or deletion.
219-
// We need to encrypt / decrypt tokens regardless of user status or deletion as they
220-
// may still be valid. While we could check the expiry, we also don't know if the
221-
// provider is lying about expiry.
222-
// This function will likely only ever be used here, so keeping it here instead
223-
// of exposing it in all of our database-related interfaces.
224-
func allUserIDs(ctx context.Context, sqlDB *sql.DB) ([]uuid.UUID, error) {
225-
var id uuid.UUID
226-
userIDs := make([]uuid.UUID, 0)
227-
rows, err := sqlDB.QueryContext(ctx, `SELECT DISTINCT id FROM users`)
228-
if err != nil {
229-
return nil, xerrors.Errorf("failed to query all user ids: %w", err)
230-
}
231-
for rows.Next() {
232-
if err := rows.Scan(&id); err != nil {
233-
return nil, xerrors.Errorf("failed to scan user_id: %w", err)
234-
}
235-
userIDs = append(userIDs, id)
236-
}
237-
return userIDs, nil
238-
}

0 commit comments

Comments
 (0)