Skip to content

Commit 58261fe

Browse files
EmyrkEmyrk
committed
Add admin context to provisonerd
1 parent c285f6f commit 58261fe

File tree

2 files changed

+6
-2
lines changed

2 files changed

+6
-2
lines changed

coderd/authzquery/job.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ func (q *AuthzQuerier) UpdateProvisionerJobWithCancelByID(ctx context.Context, a
4040
// Only owners can cancel workspace builds
4141
actor, ok := ActorFromContext(ctx)
4242
if !ok {
43-
return xerrors.Errorf("no actor in context")
43+
return NoActorError
4444
}
4545
if !slice.Contains(actor.Roles.Names(), rbac.RoleOwner()) {
4646
return xerrors.Errorf("only owners can cancel workspace builds")

provisionerd/provisionerd.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ import (
2222
"golang.org/x/xerrors"
2323

2424
"cdr.dev/slog"
25+
"github.com/coder/coder/coderd/authzquery"
26+
"github.com/coder/coder/coderd/rbac"
2527
"github.com/coder/coder/coderd/tracing"
2628
"github.com/coder/coder/cryptorand"
2729
"github.com/coder/coder/provisionerd/proto"
@@ -93,7 +95,9 @@ func New(clientDialer Dialer, opts *Options) *Server {
9395
opts.Metrics = &mets
9496
}
9597

96-
ctx, ctxCancel := context.WithCancel(context.Background())
98+
// TODO: Scope down the permissions of the system context for provisionerd
99+
ctx := authzquery.WithAuthorizeSystemContext(context.Background(), rbac.RolesAdminSystem())
100+
ctx, ctxCancel := context.WithCancel(ctx)
97101
daemon := &Server{
98102
opts: opts,
99103
tracer: opts.TracerProvider.Tracer(tracing.TracerName),

0 commit comments

Comments
 (0)