fixups

Emyrk · Emyrk · commit f0ce1c4bf1ef · 2024-09-05T13:28:58.000-05:00
diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go
@@ -1184,7 +1184,9 @@ func (q *querier) DeleteReplicasUpdatedBefore(ctx context.Context, updatedAt tim
 }
 
 func (q *querier) DeleteRuntimeConfig(ctx context.Context, key string) error {
-	// TODO: auth
+	if err := q.authorizeContext(ctx, policy.ActionDelete, rbac.ResourceSystem); err != nil {
+		return err
+	}
 	return q.db.DeleteRuntimeConfig(ctx, key)
 }
 
@@ -1862,7 +1864,9 @@ func (q *querier) GetReplicasUpdatedAfter(ctx context.Context, updatedAt time.Ti
 }
 
 func (q *querier) GetRuntimeConfig(ctx context.Context, key string) (string, error) {
-	// TODO: auth
+	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil {
+		return "", err
+	}
 	return q.db.GetRuntimeConfig(ctx, key)
 }
 
@@ -3917,7 +3921,9 @@ func (q *querier) UpsertProvisionerDaemon(ctx context.Context, arg database.Upse
 }
 
 func (q *querier) UpsertRuntimeConfig(ctx context.Context, arg database.UpsertRuntimeConfigParams) error {
-	// TODO: auth
+	if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceSystem); err != nil {
+		return err
+	}
 	return q.db.UpsertRuntimeConfig(ctx, arg)
 }
 
diff --git a/coderd/database/dbauthz/dbauthz_test.go b/coderd/database/dbauthz/dbauthz_test.go
@@ -2696,6 +2696,15 @@ func (s *MethodTestSuite) TestSystemFunctions() {
 			AgentID:     uuid.New(),
 		}).Asserts(tpl, policy.ActionCreate)
 	}))
+	s.Run("DeleteRuntimeConfig", s.Subtest(func(db database.Store, check *expects) {
+		check.Args("test").Asserts(rbac.ResourceSystem, policy.ActionDelete)
+	}))
+	s.Run("GetRuntimeConfig", s.Subtest(func(db database.Store, check *expects) {
+		check.Args("test").Asserts(rbac.ResourceSystem, policy.ActionRead)
+	}))
+	s.Run("UpsertRuntimeConfig", s.Subtest(func(db database.Store, check *expects) {
+		check.Args("test", "value").Asserts(rbac.ResourceSystem, policy.ActionUpdate)
+	}))
 }
 
 func (s *MethodTestSuite) TestNotifications() {
diff --git a/coderd/runtimeconfig/deploymententry.go b/coderd/runtimeconfig/deploymententry.go
@@ -9,8 +9,10 @@ import (
 )
 
 // Ensure serpent values satisfy the ConfigValue interface for easier usage.
-var _ pflag.Value = SerpentEntry(nil)
-var _ pflag.Value = &DeploymentEntry[SerpentEntry]{}
+var (
+	_ pflag.Value = SerpentEntry(nil)
+	_ pflag.Value = &DeploymentEntry[SerpentEntry]{}
+)
 
 type SerpentEntry interface {
 	EntryValue
diff --git a/coderd/runtimeconfig/manager.go b/coderd/runtimeconfig/manager.go
@@ -9,18 +9,17 @@ import (
 )
 
 // StoreManager is the shared singleton that produces resolvers for runtime configuration.
-type StoreManager struct {
-}
+type StoreManager struct{}
 
 func NewStoreManager() Manager {
 	return &StoreManager{}
 }
 
-func (m *StoreManager) DeploymentResolver(db Store) Resolver {
+func (*StoreManager) DeploymentResolver(db Store) Resolver {
 	return NewStoreResolver(db)
 }
 
-func (m *StoreManager) OrganizationResolver(db Store, orgID uuid.UUID) Resolver {
+func (*StoreManager) OrganizationResolver(db Store, orgID uuid.UUID) Resolver {
 	return OrganizationResolver(orgID, NewStoreResolver(db))
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1184,7 +1184,9 @@ func (q *querier) DeleteReplicasUpdatedBefore(ctx context.Context, updatedAt tim`
`1184`	`1184`	`}`
`1185`	`1185`
`1186`	`1186`	`func (q *querier) DeleteRuntimeConfig(ctx context.Context, key string) error {`
`1187`		`- // TODO: auth`
	`1187`	`+ if err := q.authorizeContext(ctx, policy.ActionDelete, rbac.ResourceSystem); err != nil {`
	`1188`	`+ return err`
	`1189`	`+ }`
`1188`	`1190`	`return q.db.DeleteRuntimeConfig(ctx, key)`
`1189`	`1191`	`}`
`1190`	`1192`
`@@ -1862,7 +1864,9 @@ func (q *querier) GetReplicasUpdatedAfter(ctx context.Context, updatedAt time.Ti`
`1862`	`1864`	`}`
`1863`	`1865`
`1864`	`1866`	`func (q *querier) GetRuntimeConfig(ctx context.Context, key string) (string, error) {`
`1865`		`- // TODO: auth`
	`1867`	`+ if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil {`
	`1868`	`+ return "", err`
	`1869`	`+ }`
`1866`	`1870`	`return q.db.GetRuntimeConfig(ctx, key)`
`1867`	`1871`	`}`
`1868`	`1872`
`@@ -3917,7 +3921,9 @@ func (q *querier) UpsertProvisionerDaemon(ctx context.Context, arg database.Upse`
`3917`	`3921`	`}`
`3918`	`3922`
`3919`	`3923`	`func (q *querier) UpsertRuntimeConfig(ctx context.Context, arg database.UpsertRuntimeConfigParams) error {`
`3920`		`- // TODO: auth`
	`3924`	`+ if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceSystem); err != nil {`
	`3925`	`+ return err`
	`3926`	`+ }`
`3921`	`3927`	`return q.db.UpsertRuntimeConfig(ctx, arg)`
`3922`	`3928`	`}`
`3923`	`3929`
Original file line number	Diff line number	Diff line change
`@@ -9,18 +9,17 @@ import (`
`9`	`9`	`)`
`10`	`10`
`11`	`11`	`// StoreManager is the shared singleton that produces resolvers for runtime configuration.`
`12`		`-type StoreManager struct {`
`13`		`-}`
	`12`	`+type StoreManager struct{}`
`14`	`13`
`15`	`14`	`func NewStoreManager() Manager {`
`16`	`15`	`return &StoreManager{}`
`17`	`16`	`}`
`18`	`17`
`19`		`-func (m *StoreManager) DeploymentResolver(db Store) Resolver {`
	`18`	`+func (*StoreManager) DeploymentResolver(db Store) Resolver {`
`20`	`19`	`return NewStoreResolver(db)`
`21`	`20`	`}`
`22`	`21`
`23`		`-func (m *StoreManager) OrganizationResolver(db Store, orgID uuid.UUID) Resolver {`
	`22`	`+func (*StoreManager) OrganizationResolver(db Store, orgID uuid.UUID) Resolver {`
`24`	`23`	`return OrganizationResolver(orgID, NewStoreResolver(db))`
`25`	`24`	`}`
`26`	`25`