Skip to content

Commit 7cce9a2

Browse files
EmyrkEmyrk
committed
Move to wsproxy, make unit test work, update audit log resources
1 parent 23d0a4c commit 7cce9a2

File tree

7 files changed

+56
-21
lines changed

7 files changed

+56
-21
lines changed

coderd/audit/request.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,8 @@ func ResourceTarget[T Auditable](tgt T) string {
7878
return ""
7979
case database.License:
8080
return strconv.Itoa(int(typed.ID))
81+
case database.WorkspaceProxy:
82+
return typed.Name
8183
default:
8284
panic(fmt.Sprintf("unknown resource %T", tgt))
8385
}
@@ -103,6 +105,8 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {
103105
return typed.UserID
104106
case database.License:
105107
return typed.UUID
108+
case database.WorkspaceProxy:
109+
return typed.ID
106110
default:
107111
panic(fmt.Sprintf("unknown resource %T", tgt))
108112
}
@@ -128,6 +132,8 @@ func ResourceType[T Auditable](tgt T) database.ResourceType {
128132
return database.ResourceTypeApiKey
129133
case database.License:
130134
return database.ResourceTypeLicense
135+
case database.WorkspaceProxy:
136+
return database.ResourceTypeWorkspaceProxy
131137
default:
132138
panic(fmt.Sprintf("unknown resource %T", tgt))
133139
}

coderd/database/models.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

enterprise/coderd/workspaceproxy.go

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,11 @@ import (
1515

1616
"github.com/coder/coder/coderd/audit"
1717
"github.com/coder/coder/coderd/database"
18+
"github.com/coder/coder/coderd/database/dbauthz"
1819
"github.com/coder/coder/coderd/httpapi"
1920
"github.com/coder/coder/codersdk"
2021
"github.com/coder/coder/cryptorand"
21-
"github.com/coder/coder/enterprise/proxysdk"
22+
"github.com/coder/coder/enterprise/wsproxy/wsproxysdk"
2223
)
2324

2425
// @Summary Create workspace proxy
@@ -74,7 +75,7 @@ func (api *API) postWorkspaceProxy(rw http.ResponseWriter, r *http.Request) {
7475
fullToken := fmt.Sprintf("%s:%s", id, secret)
7576

7677
proxy, err := api.Database.InsertWorkspaceProxy(ctx, database.InsertWorkspaceProxyParams{
77-
ID: uuid.New(),
78+
ID: id,
7879
Name: req.Name,
7980
DisplayName: req.DisplayName,
8081
Icon: req.Icon,
@@ -163,7 +164,7 @@ func requireExternalProxyAuth(db database.Store) func(http.Handler) http.Handler
163164
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
164165
ctx := r.Context()
165166

166-
token := r.Header.Get(proxysdk.ExternalProxyTokenHeader)
167+
token := r.Header.Get(wsproxysdk.AuthTokenHeader)
167168
if token == "" {
168169
httpapi.Write(ctx, w, http.StatusUnauthorized, codersdk.Response{
169170
Message: "Missing external proxy token",
@@ -195,7 +196,8 @@ func requireExternalProxyAuth(db database.Store) func(http.Handler) http.Handler
195196
}
196197

197198
// Get the proxy.
198-
proxy, err := db.GetWorkspaceProxyByID(ctx, proxyID)
199+
// nolint:gocritic // Get proxy by ID to check auth token
200+
proxy, err := db.GetWorkspaceProxyByID(dbauthz.AsSystemRestricted(ctx), proxyID)
199201
if xerrors.Is(err, sql.ErrNoRows) {
200202
// Proxy IDs are public so we don't care about leaking them via
201203
// timing attacks.
@@ -251,7 +253,7 @@ func (api *API) issueSignedAppToken(rw http.ResponseWriter, r *http.Request) {
251253
// return a self-contained HTML error page on failure. The external proxy
252254
// should forward any non-201 response to the client.
253255

254-
var req proxysdk.IssueSignedAppTokenRequest
256+
var req wsproxysdk.IssueSignedAppTokenRequest
255257
if !httpapi.Read(ctx, rw, r, &req) {
256258
return
257259
}
@@ -281,7 +283,7 @@ func (api *API) issueSignedAppToken(rw http.ResponseWriter, r *http.Request) {
281283
return
282284
}
283285

284-
httpapi.Write(ctx, rw, http.StatusCreated, proxysdk.IssueSignedAppTokenResponse{
286+
httpapi.Write(ctx, rw, http.StatusCreated, wsproxysdk.IssueSignedAppTokenResponse{
285287
SignedToken: *token,
286288
SignedTokenStr: tokenStr,
287289
})

enterprise/coderd/workspaceproxy_test.go

Lines changed: 34 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,8 @@ package coderd_test
33
import (
44
"testing"
55

6+
"github.com/google/uuid"
67
"github.com/moby/moby/pkg/namesgenerator"
7-
88
"github.com/stretchr/testify/require"
99

1010
"github.com/coder/coder/coderd/coderdtest"
@@ -13,7 +13,8 @@ import (
1313
"github.com/coder/coder/codersdk"
1414
"github.com/coder/coder/enterprise/coderd/coderdenttest"
1515
"github.com/coder/coder/enterprise/coderd/license"
16-
"github.com/coder/coder/enterprise/proxysdk"
16+
"github.com/coder/coder/enterprise/wsproxy/wsproxysdk"
17+
"github.com/coder/coder/provisioner/echo"
1718
"github.com/coder/coder/testutil"
1819
)
1920

@@ -68,19 +69,31 @@ func TestIssueSignedAppToken(t *testing.T) {
6869
db, pubsub := dbtestutil.NewDB(t)
6970
client := coderdenttest.New(t, &coderdenttest.Options{
7071
Options: &coderdtest.Options{
71-
DeploymentValues: dv,
72-
Database: db,
73-
Pubsub: pubsub,
72+
DeploymentValues: dv,
73+
Database: db,
74+
Pubsub: pubsub,
75+
IncludeProvisionerDaemon: true,
7476
},
7577
})
7678

77-
_ = coderdtest.CreateFirstUser(t, client)
79+
user := coderdtest.CreateFirstUser(t, client)
7880
_ = coderdenttest.AddLicense(t, client, coderdenttest.LicenseOptions{
7981
Features: license.Features{
8082
codersdk.FeatureWorkspaceProxy: 1,
8183
},
8284
})
8385

86+
// Create a workspace + apps
87+
authToken := uuid.NewString()
88+
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{
89+
Parse: echo.ParseComplete,
90+
ProvisionApply: echo.ProvisionApplyWithAgent(authToken),
91+
})
92+
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
93+
coderdtest.AwaitTemplateVersionJob(t, client, version.ID)
94+
workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
95+
coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID)
96+
8497
ctx := testutil.Context(t, testutil.WaitLong)
8598
proxyRes, err := client.CreateWorkspaceProxy(ctx, codersdk.CreateWorkspaceProxyRequest{
8699
Name: namesgenerator.GetRandomName(1),
@@ -90,19 +103,32 @@ func TestIssueSignedAppToken(t *testing.T) {
90103
})
91104
require.NoError(t, err)
92105

93-
proxyClient := proxysdk.New(client.URL)
106+
proxyClient := wsproxysdk.New(client.URL)
94107
proxyClient.SetSessionToken(proxyRes.ProxyToken)
95108

96109
// TODO: "OK" test, requires a workspace and apps
97110

98111
t.Run("BadAppRequest", func(t *testing.T) {
99112
t.Parallel()
100113

101-
_, err = proxyClient.IssueSignedAppToken(ctx, proxysdk.IssueSignedAppTokenRequest{
114+
_, err = proxyClient.IssueSignedAppToken(ctx, wsproxysdk.IssueSignedAppTokenRequest{
102115
// Invalid request.
103116
AppRequest: workspaceapps.Request{},
104117
SessionToken: client.SessionToken(),
105118
})
106119
require.Error(t, err)
107120
})
121+
122+
t.Run("OK", func(t *testing.T) {
123+
_, err = proxyClient.IssueSignedAppToken(ctx, wsproxysdk.IssueSignedAppTokenRequest{
124+
AppRequest: workspaceapps.Request{
125+
BasePath: "/app",
126+
AccessMethod: workspaceapps.AccessMethodTerminal,
127+
UsernameOrID: user.UserID.String(),
128+
WorkspaceAndAgent: workspace.ID.String(),
129+
},
130+
SessionToken: client.SessionToken(),
131+
})
132+
require.NoError(t, err)
133+
})
108134
}

enterprise/externalproxy/proxy.go renamed to enterprise/wsproxy/proxy.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
package externalproxy
1+
package wsproxy
22

33
import (
44
"context"

enterprise/proxysdk/client.go renamed to enterprise/wsproxy/wsproxysdk/client.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
package proxysdk
1+
package wsproxysdk
22

33
import (
44
"context"
@@ -9,14 +9,14 @@ import (
99
)
1010

1111
const (
12-
// ExternalProxyTokenHeader is the auth header used for requests from
13-
// external proxies.
12+
// AuthTokenHeader is the auth header used for requests from
13+
// external workspace proxies.
1414
//
1515
// The format of an external proxy token is:
1616
// <proxy id>:<proxy secret>
1717
//
1818
//nolint:gosec
19-
ExternalProxyTokenHeader = "Coder-External-Proxy-Token"
19+
AuthTokenHeader = "Coder-External-Proxy-Token"
2020
)
2121

2222
// Client is a HTTP client for a subset of Coder API routes that external
@@ -29,7 +29,7 @@ type Client struct {
2929
// URL.
3030
func New(serverURL *url.URL) *Client {
3131
coderSDKClient := codersdk.New(serverURL)
32-
coderSDKClient.TokenHeader = ExternalProxyTokenHeader
32+
coderSDKClient.TokenHeader = AuthTokenHeader
3333

3434
return &Client{
3535
CoderSDKClient: coderSDKClient,

enterprise/proxysdk/proxyinternal.go renamed to enterprise/wsproxy/wsproxysdk/proxyinternal.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
package proxysdk
1+
package wsproxysdk
22

33
import (
44
"context"

0 commit comments

Comments
 (0)