forbid user and pk auth

f0ssel · f0ssel · commit 1a45338396a1 · 2024-07-24T17:48:45.000Z
diff --git a/enterprise/coderd/provisionerdaemons.go b/enterprise/coderd/provisionerdaemons.go
@@ -111,6 +111,8 @@ func (p *provisionerDaemonAuth) authorize(r *http.Request, orgID uuid.UUID, tags
 				return nil, xerrors.New("user unauthorized")
 			}
 
+			// Allow fallback to PSK auth if the user is not allowed to create provisioner daemons.
+			// This is to preserve backwards compatibility with existing user provisioner daemons.
 			// If using PSK auth, the daemon is, by definition, scoped to the organization.
 			tags = provisionersdk.MutateTags(uuid.Nil, tags)
 			return tags, nil

Original file line number	Diff line number	Diff line change
`@@ -111,6 +111,8 @@ func (p provisionerDaemonAuth) authorize(r http.Request, orgID uuid.UUID, tags`
`111`	`111`	`return nil, xerrors.New("user unauthorized")`
`112`	`112`	`}`
`113`	`113`
	`114`	`+ // Allow fallback to PSK auth if the user is not allowed to create provisioner daemons.`
	`115`	`+ // This is to preserve backwards compatibility with existing user provisioner daemons.`
`114`	`116`	`// If using PSK auth, the daemon is, by definition, scoped to the organization.`
`115`	`117`	`tags = provisionersdk.MutateTags(uuid.Nil, tags)`
`116`	`118`	`return tags, nil`