feat: deployment flags (#4426)

f0ssel · web-flow · commit b1faaef482fa · 2022-10-10T15:04:15.000-04:00
diff --git a/cli/deployment/flags.go b/cli/deployment/flags.go
diff --git a/cli/root.go b/cli/root.go
@@ -22,6 +22,7 @@ import (
 	"github.com/coder/coder/cli/cliflag"
 	"github.com/coder/coder/cli/cliui"
 	"github.com/coder/coder/cli/config"
+	"github.com/coder/coder/cli/deployment"
 	"github.com/coder/coder/coderd"
 	"github.com/coder/coder/codersdk"
 )
@@ -98,7 +99,9 @@ func Core() []*cobra.Command {
 }
 
 func AGPL() []*cobra.Command {
-	all := append(Core(), Server(func(_ context.Context, o *coderd.Options) (*coderd.API, error) {
+	df := deployment.Flags()
+	all := append(Core(), Server(df, func(_ context.Context, o *coderd.Options) (*coderd.API, error) {
+		o.DeploymentFlags = &df
 		return coderd.New(o), nil
 	}))
 	return all
diff --git a/cli/server.go b/cli/server.go
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -82,6 +82,7 @@ type Options struct {
 	MetricsCacheRefreshInterval time.Duration
 	AgentStatsRefreshInterval   time.Duration
 	Experimental                bool
+	DeploymentFlags             *codersdk.DeploymentFlags
 }
 
 // New constructs a Coder API handler.
@@ -259,6 +260,10 @@ func New(options *Options) *API {
 				})
 			})
 		})
+		r.Route("/flags", func(r chi.Router) {
+			r.Use(apiKeyMiddleware)
+			r.Get("/deployment", api.deploymentFlags)
+		})
 		r.Route("/audit", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
diff --git a/coderd/coderdtest/coderdtest.go b/coderd/coderdtest/coderdtest.go
@@ -83,6 +83,7 @@ type Options struct {
 	IncludeProvisionerDaemon    bool
 	MetricsCacheRefreshInterval time.Duration
 	AgentStatsRefreshInterval   time.Duration
+	DeploymentFlags             *codersdk.DeploymentFlags
 }
 
 // New constructs a codersdk client connected to an in-memory API instance.
@@ -237,6 +238,7 @@ func NewOptions(t *testing.T, options *Options) (*httptest.Server, context.Cance
 		AutoImportTemplates:         options.AutoImportTemplates,
 		MetricsCacheRefreshInterval: options.MetricsCacheRefreshInterval,
 		AgentStatsRefreshInterval:   options.AgentStatsRefreshInterval,
+		DeploymentFlags:             options.DeploymentFlags,
 	}
 }
 
diff --git a/coderd/flags.go b/coderd/flags.go
@@ -0,0 +1,18 @@
+package coderd
+
+import (
+	"net/http"
+
+	"github.com/coder/coder/cli/deployment"
+	"github.com/coder/coder/coderd/httpapi"
+	"github.com/coder/coder/coderd/rbac"
+)
+
+func (api *API) deploymentFlags(rw http.ResponseWriter, r *http.Request) {
+	if !api.Authorize(r, rbac.ActionRead, rbac.ResourceDeploymentFlags) {
+		httpapi.Forbidden(rw)
+		return
+	}
+
+	httpapi.Write(r.Context(), rw, http.StatusOK, deployment.RemoveSensitiveValues(*api.DeploymentFlags))
+}
diff --git a/coderd/flags_test.go b/coderd/flags_test.go
@@ -0,0 +1,47 @@
+package coderd_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/cli/deployment"
+	"github.com/coder/coder/coderd/coderdtest"
+	"github.com/coder/coder/testutil"
+)
+
+const (
+	secretValue = "********"
+)
+
+func TestDeploymentFlagSecrets(t *testing.T) {
+	t.Parallel()
+	hi := "hi"
+	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+	defer cancel()
+	df := deployment.Flags()
+	// check if copy works for non-secret values
+	df.AccessURL.Value = hi
+	// check if secrets are removed
+	df.OAuth2GithubClientSecret.Value = hi
+	df.OIDCClientSecret.Value = hi
+	df.PostgresURL.Value = hi
+	df.SCIMAuthHeader.Value = hi
+
+	client := coderdtest.New(t, &coderdtest.Options{
+		DeploymentFlags: &df,
+	})
+	_ = coderdtest.CreateFirstUser(t, client)
+	scrubbed, err := client.DeploymentFlags(ctx)
+	require.NoError(t, err)
+	// ensure df is unchanged
+	require.EqualValues(t, hi, df.OAuth2GithubClientSecret.Value)
+	// ensure normal values pass through
+	require.EqualValues(t, hi, scrubbed.AccessURL.Value)
+	// ensure secrets are removed
+	require.EqualValues(t, secretValue, scrubbed.OAuth2GithubClientSecret.Value)
+	require.EqualValues(t, secretValue, scrubbed.OIDCClientSecret.Value)
+	require.EqualValues(t, secretValue, scrubbed.PostgresURL.Value)
+	require.EqualValues(t, secretValue, scrubbed.SCIMAuthHeader.Value)
+}
diff --git a/coderd/rbac/object.go b/coderd/rbac/object.go
@@ -133,6 +133,11 @@ var (
 	ResourceLicense = Object{
 		Type: "license",
 	}
+
+	// ResourceDeploymentFlags
+	ResourceDeploymentFlags = Object{
+		Type: "deployment_flags",
+	}
 )
 
 // Object is used to create objects for authz checks when you have none in
diff --git a/codersdk/flags.go b/codersdk/flags.go
@@ -0,0 +1,136 @@
+package codersdk
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"golang.org/x/xerrors"
+)
+
+type DeploymentFlags struct {
+	AccessURL                        StringFlag      `json:"access_url"`
+	WildcardAccessURL                StringFlag      `json:"wildcard_access_url"`
+	Address                          StringFlag      `json:"address"`
+	AutobuildPollInterval            DurationFlag    `json:"autobuild_poll_interval"`
+	DerpServerEnable                 BoolFlag        `json:"derp_server_enabled"`
+	DerpServerRegionID               IntFlag         `json:"derp_server_region_id"`
+	DerpServerRegionCode             StringFlag      `json:"derp_server_region_code"`
+	DerpServerRegionName             StringFlag      `json:"derp_server_region_name"`
+	DerpServerSTUNAddresses          StringArrayFlag `json:"derp_server_stun_address"`
+	DerpConfigURL                    StringFlag      `json:"derp_config_url"`
+	DerpConfigPath                   StringFlag      `json:"derp_config_path"`
+	PromEnabled                      BoolFlag        `json:"prom_enabled"`
+	PromAddress                      StringFlag      `json:"prom_address"`
+	PprofEnabled                     BoolFlag        `json:"pprof_enabled"`
+	PprofAddress                     StringFlag      `json:"pprof_address"`
+	CacheDir                         StringFlag      `json:"cache_dir"`
+	InMemoryDatabase                 BoolFlag        `json:"in_memory_database"`
+	ProvisionerDaemonCount           IntFlag         `json:"provisioner_daemon_count"`
+	PostgresURL                      StringFlag      `json:"postgres_url"`
+	OAuth2GithubClientID             StringFlag      `json:"oauth2_github_client_id"`
+	OAuth2GithubClientSecret         StringFlag      `json:"oauth2_github_client_secret"`
+	OAuth2GithubAllowedOrganizations StringArrayFlag `json:"oauth2_github_allowed_organizations"`
+	OAuth2GithubAllowedTeams         StringArrayFlag `json:"oauth2_github_allowed_teams"`
+	OAuth2GithubAllowSignups         BoolFlag        `json:"oauth2_github_allow_signups"`
+	OAuth2GithubEnterpriseBaseURL    StringFlag      `json:"oauth2_github_enterprise_base_url"`
+	OIDCAllowSignups                 BoolFlag        `json:"oidc_allow_signups"`
+	OIDCClientID                     StringFlag      `json:"oidc_client_id"`
+	OIDCClientSecret                 StringFlag      `json:"oidc_cliet_secret"`
+	OIDCEmailDomain                  StringFlag      `json:"oidc_email_domain"`
+	OIDCIssuerURL                    StringFlag      `json:"oidc_issuer_url"`
+	OIDCScopes                       StringArrayFlag `json:"oidc_scopes"`
+	TelemetryEnable                  BoolFlag        `json:"telemetry_enable"`
+	TelemetryTraceEnable             BoolFlag        `json:"telemetry_trace_enable"`
+	TelemetryURL                     StringFlag      `json:"telemetry_url"`
+	TLSEnable                        BoolFlag        `json:"tls_enable"`
+	TLSCertFiles                     StringArrayFlag `json:"tls_cert_files"`
+	TLSClientCAFile                  StringFlag      `json:"tls_client_ca_file"`
+	TLSClientAuth                    StringFlag      `json:"tls_client_auth"`
+	TLSKeyFiles                      StringArrayFlag `json:"tls_key_tiles"`
+	TLSMinVersion                    StringFlag      `json:"tls_min_version"`
+	TraceEnable                      BoolFlag        `json:"trace_enable"`
+	SecureAuthCookie                 BoolFlag        `json:"secure_auth_cookie"`
+	SSHKeygenAlgorithm               StringFlag      `json:"ssh_keygen_algorithm"`
+	AutoImportTemplates              StringArrayFlag `json:"auto_import_templates"`
+	MetricsCacheRefreshInterval      DurationFlag    `json:"metrics_cache_refresh_interval"`
+	AgentStatRefreshInterval         DurationFlag    `json:"agent_stat_refresh_interval"`
+	Verbose                          BoolFlag        `json:"verbose"`
+	AuditLogging                     BoolFlag        `json:"audit_logging"`
+	BrowserOnly                      BoolFlag        `json:"browser_only"`
+	SCIMAuthHeader                   StringFlag      `json:"scim_auth_header"`
+	UserWorkspaceQuota               IntFlag         `json:"user_workspace_quota"`
+}
+
+type StringFlag struct {
+	Name        string `json:"name"`
+	Flag        string `json:"flag"`
+	EnvVar      string `json:"env_var"`
+	Shorthand   string `json:"shorthand"`
+	Description string `json:"description"`
+	Enterprise  bool   `json:"enterprise"`
+	Secret      bool   `json:"secret"`
+	Default     string `json:"default"`
+	Value       string `json:"value"`
+}
+
+type BoolFlag struct {
+	Name        string `json:"name"`
+	Flag        string `json:"flag"`
+	EnvVar      string `json:"env_var"`
+	Shorthand   string `json:"shorthand"`
+	Description string `json:"description"`
+	Enterprise  bool   `json:"enterprise"`
+	Default     bool   `json:"default"`
+	Value       bool   `json:"value"`
+}
+
+type IntFlag struct {
+	Name        string `json:"name"`
+	Flag        string `json:"flag"`
+	EnvVar      string `json:"env_var"`
+	Shorthand   string `json:"shorthand"`
+	Description string `json:"description"`
+	Enterprise  bool   `json:"enterprise"`
+	Default     int    `json:"default"`
+	Value       int    `json:"value"`
+}
+
+type DurationFlag struct {
+	Name        string        `json:"name"`
+	Flag        string        `json:"flag"`
+	EnvVar      string        `json:"env_var"`
+	Shorthand   string        `json:"shorthand"`
+	Description string        `json:"description"`
+	Enterprise  bool          `json:"enterprise"`
+	Default     time.Duration `json:"default"`
+	Value       time.Duration `json:"value"`
+}
+
+type StringArrayFlag struct {
+	Name        string   `json:"name"`
+	Flag        string   `json:"flag"`
+	EnvVar      string   `json:"env_var"`
+	Shorthand   string   `json:"shorthand"`
+	Description string   `json:"description"`
+	Enterprise  bool     `json:"enterprise"`
+	Default     []string `json:"default"`
+	Value       []string `json:"value"`
+}
+
+// DeploymentFlags returns the deployment level flags for the coder server.
+func (c *Client) DeploymentFlags(ctx context.Context) (DeploymentFlags, error) {
+	res, err := c.Request(ctx, http.MethodGet, "/api/v2/flags/deployment", nil)
+	if err != nil {
+		return DeploymentFlags{}, xerrors.Errorf("execute request: %w", err)
+	}
+	defer res.Body.Close()
+
+	if res.StatusCode != http.StatusOK {
+		return DeploymentFlags{}, readBodyAsError(res)
+	}
+
+	var df DeploymentFlags
+	return df, json.NewDecoder(res.Body).Decode(&df)
+}
diff --git a/enterprise/cli/server.go b/enterprise/cli/server.go
@@ -5,44 +5,43 @@ import (
 
 	"github.com/spf13/cobra"
 
-	"github.com/coder/coder/cli/cliflag"
 	"github.com/coder/coder/cli/cliui"
+	"github.com/coder/coder/cli/deployment"
 	"github.com/coder/coder/enterprise/coderd"
 
 	agpl "github.com/coder/coder/cli"
 	agplcoderd "github.com/coder/coder/coderd"
 )
 
 func server() *cobra.Command {
-	var (
-		auditLogging       bool
-		browserOnly        bool
-		scimAuthHeader     string
-		userWorkspaceQuota int
-	)
-	cmd := agpl.Server(func(ctx context.Context, options *agplcoderd.Options) (*agplcoderd.API, error) {
-		api, err := coderd.New(ctx, &coderd.Options{
-			AuditLogging:       auditLogging,
-			BrowserOnly:        browserOnly,
-			SCIMAPIKey:         []byte(scimAuthHeader),
-			UserWorkspaceQuota: userWorkspaceQuota,
+	dflags := deployment.Flags()
+	cmd := agpl.Server(dflags, func(ctx context.Context, options *agplcoderd.Options) (*agplcoderd.API, error) {
+		options.DeploymentFlags = &dflags
+		o := &coderd.Options{
+			AuditLogging:       dflags.AuditLogging.Value,
+			BrowserOnly:        dflags.BrowserOnly.Value,
+			SCIMAPIKey:         []byte(dflags.SCIMAuthHeader.Value),
+			UserWorkspaceQuota: dflags.UserWorkspaceQuota.Value,
 			Options:            options,
-		})
+		}
+		api, err := coderd.New(ctx, o)
 		if err != nil {
 			return nil, err
 		}
 		return api.AGPL, nil
 	})
-	enterpriseOnly := cliui.Styles.Keyword.Render("This is an Enterprise feature. Contact sales@coder.com for licensing")
-
-	cliflag.BoolVarP(cmd.Flags(), &auditLogging, "audit-logging", "", "CODER_AUDIT_LOGGING", true,
-		"Specifies whether audit logging is enabled. "+enterpriseOnly)
-	cliflag.BoolVarP(cmd.Flags(), &browserOnly, "browser-only", "", "CODER_BROWSER_ONLY", false,
-		"Whether Coder only allows connections to workspaces via the browser. "+enterpriseOnly)
-	cliflag.StringVarP(cmd.Flags(), &scimAuthHeader, "scim-auth-header", "", "CODER_SCIM_API_KEY", "",
-		"Enables SCIM and sets the authentication header for the built-in SCIM server. New users are automatically created with OIDC authentication. "+enterpriseOnly)
-	cliflag.IntVarP(cmd.Flags(), &userWorkspaceQuota, "user-workspace-quota", "", "CODER_USER_WORKSPACE_QUOTA", 0,
-		"A positive number applies a limit on how many workspaces each user can create. "+enterpriseOnly)
+
+	// append enterprise description to flags
+	enterpriseOnly := cliui.Styles.Keyword.Render(" This is an Enterprise feature. Contact sales@coder.com for licensing")
+	dflags.AuditLogging.Description += enterpriseOnly
+	dflags.BrowserOnly.Description += enterpriseOnly
+	dflags.SCIMAuthHeader.Description += enterpriseOnly
+	dflags.UserWorkspaceQuota.Description += enterpriseOnly
+
+	deployment.BoolFlag(cmd.Flags(), &dflags.AuditLogging)
+	deployment.BoolFlag(cmd.Flags(), &dflags.BrowserOnly)
+	deployment.StringFlag(cmd.Flags(), &dflags.SCIMAuthHeader)
+	deployment.IntFlag(cmd.Flags(), &dflags.UserWorkspaceQuota)
 
 	return cmd
 }
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts

Original file line number	Diff line number	Diff line change
`@@ -83,6 +83,7 @@ type Options struct {`
`83`	`83`	`IncludeProvisionerDaemon bool`
`84`	`84`	`MetricsCacheRefreshInterval time.Duration`
`85`	`85`	`AgentStatsRefreshInterval time.Duration`
	`86`	`+ DeploymentFlags *codersdk.DeploymentFlags`
`86`	`87`	`}`
`87`	`88`
`88`	`89`	`// New constructs a codersdk client connected to an in-memory API instance.`
`@@ -237,6 +238,7 @@ func NewOptions(t testing.T, options Options) (*httptest.Server, context.Cance`
`237`	`238`	`AutoImportTemplates: options.AutoImportTemplates,`
`238`	`239`	`MetricsCacheRefreshInterval: options.MetricsCacheRefreshInterval,`
`239`	`240`	`AgentStatsRefreshInterval: options.AgentStatsRefreshInterval,`
	`241`	`+ DeploymentFlags: options.DeploymentFlags,`
`240`	`242`	`}`
`241`	`243`	`}`
`242`	`244`
Original file line number	Diff line number	Diff line change
`@@ -133,6 +133,11 @@ var (`
`133`	`133`	`ResourceLicense = Object{`
`134`	`134`	`Type: "license",`
`135`	`135`	`}`
	`136`	`+`
	`137`	`+ // ResourceDeploymentFlags`
	`138`	`+ ResourceDeploymentFlags = Object{`
	`139`	`+ Type: "deployment_flags",`
	`140`	`+ }`
`136`	`141`	`)`
`137`	`142`
`138`	`143`	`// Object is used to create objects for authz checks when you have none in`