coder · kylecarbs · Sep 20, 2022 · Sep 13, 2022 · Sep 13, 2022 · Sep 13, 2022
diff --git a/cli/gitssh_test.go b/cli/gitssh_test.go
@@ -20,8 +20,6 @@ import (
 	"github.com/stretchr/testify/require"
 	gossh "golang.org/x/crypto/ssh"
 
-	"cdr.dev/slog"
-
 	"github.com/coder/coder/cli/clitest"
 	"github.com/coder/coder/coderd/coderdtest"
 	"github.com/coder/coder/codersdk"
@@ -83,18 +81,7 @@ func prepareTestGitSSH(ctx context.Context, t *testing.T) (*codersdk.Client, str
 		errC <- cmd.ExecuteContext(ctx)
 	}()
 	t.Cleanup(func() { require.NoError(t, <-errC) })
-
 	coderdtest.AwaitWorkspaceAgents(t, client, workspace.LatestBuild.ID)
-	resources, err := client.WorkspaceResourcesByBuild(ctx, workspace.LatestBuild.ID)
-	require.NoError(t, err)
-	dialer, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, resources[0].Agents[0].ID)
-	require.NoError(t, err)
-	defer dialer.Close()
-	require.Eventually(t, func() bool {
-		_, err = dialer.Ping()
-		return err == nil
-	}, testutil.WaitMedium, testutil.IntervalFast)
-
 	return agentClient, agentToken, pubkey
 }
 

diff --git a/cli/root.go b/cli/root.go
@@ -91,12 +91,13 @@ func Core() []*cobra.Command {
 		users(),
 		versionCmd(),
 		workspaceAgent(),
-		features(),
 	}
 }
 
 func AGPL() []*cobra.Command {
-	all := append(Core(), Server(coderd.New))
+	all := append(Core(), Server(func(_ context.Context, o *coderd.Options) (*coderd.API, error) {
+		return coderd.New(o), nil
+	}))
 	return all
 }
 
@@ -548,13 +549,11 @@ func checkWarnings(cmd *cobra.Command, client *codersdk.Client) error {
 	defer cancel()
 
 	entitlements, err := client.Entitlements(ctx)
-	if err != nil {
-		return xerrors.Errorf("get entitlements to show warnings: %w", err)
-	}
-	for _, w := range entitlements.Warnings {
-		_, _ = fmt.Fprintln(cmd.ErrOrStderr(), cliui.Styles.Warn.Render(w))
+	if err == nil {
+		for _, w := range entitlements.Warnings {
+			_, _ = fmt.Fprintln(cmd.ErrOrStderr(), cliui.Styles.Warn.Render(w))
+		}
 	}
-
 	return nil
 }
 

diff --git a/cli/server.go b/cli/server.go
@@ -68,7 +68,7 @@ import (
 )
 
 // nolint:gocyclo
-func Server(newAPI func(*coderd.Options) *coderd.API) *cobra.Command {
+func Server(newAPI func(context.Context, *coderd.Options) (*coderd.API, error)) *cobra.Command {
 	var (
 		accessURL             string
 		address               string
@@ -489,7 +489,10 @@ func Server(newAPI func(*coderd.Options) *coderd.API) *cobra.Command {
 				), promAddress, "prometheus")()
 			}
 
-			coderAPI := newAPI(options)
+			coderAPI, err := newAPI(ctx, options)
+			if err != nil {
+				return err
+			}
 			defer coderAPI.Close()
 
 			client := codersdk.New(localURL)
@@ -536,7 +539,7 @@ func Server(newAPI func(*coderd.Options) *coderd.API) *cobra.Command {
 				// These errors are typically noise like "TLS: EOF". Vault does similar:
 				// https://github.com/hashicorp/vault/blob/e2490059d0711635e529a4efcbaa1b26998d6e1c/command/server.go#L2714
 				ErrorLog: log.New(io.Discard, "", 0),
-				Handler:  coderAPI.Handler,
+				Handler:  coderAPI.RootHandler,
 				BaseContext: func(_ net.Listener) context.Context {
 					return shutdownConnsCtx
 				},

diff --git a/coderd/audit/request.go b/coderd/audit/request.go
@@ -12,14 +12,13 @@ import (
 
 	"cdr.dev/slog"
 	"github.com/coder/coder/coderd/database"
-	"github.com/coder/coder/coderd/features"
 	"github.com/coder/coder/coderd/httpmw"
 	"github.com/coder/coder/coderd/tracing"
 )
 
 type RequestParams struct {
-	Features features.Service
-	Log      slog.Logger
+	Audit Auditor
+	Log   slog.Logger
 
 	Request *http.Request
 	Action  database.AuditAction
@@ -102,15 +101,6 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 		params: p,
 	}
 
-	feats := struct {
-		Audit Auditor
-	}{}
-	err := p.Features.Get(&feats)
-	if err != nil {
-		p.Log.Error(p.Request.Context(), "unable to get auditor interface", slog.Error(err))
-		return req, func() {}
-	}
-
 	return req, func() {
 		ctx := context.Background()
 		logCtx := p.Request.Context()
@@ -120,15 +110,15 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 			return
 		}
 
-		diff := Diff(feats.Audit, req.Old, req.New)
+		diff := Diff(p.Audit, req.Old, req.New)
 		diffRaw, _ := json.Marshal(diff)
 
 		ip, err := parseIP(p.Request.RemoteAddr)
 		if err != nil {
 			p.Log.Warn(logCtx, "parse ip", slog.Error(err))
 		}
 
-		err = feats.Audit.Export(ctx, database.AuditLog{
+		err = p.Audit.Export(ctx, database.AuditLog{
 			ID:               uuid.New(),
 			Time:             database.Now(),
 			UserID:           httpmw.APIKey(p.Request).UserID,

diff --git a/coderd/authorize.go b/coderd/authorize.go
@@ -43,7 +43,7 @@ type HTTPAuthorizer struct {
 //		return
 //	}
 func (api *API) Authorize(r *http.Request, action rbac.Action, object rbac.Objecter) bool {
-	return api.httpAuth.Authorize(r, action, object)
+	return api.HTTPAuth.Authorize(r, action, object)
 }
 
 // Authorize will return false if the user is not authorized to do the action.

diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -7,6 +7,7 @@ import (
 	"net/url"
 	"path/filepath"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/andybalholm/brotli"
@@ -24,9 +25,9 @@ import (
 
 	"cdr.dev/slog"
 	"github.com/coder/coder/buildinfo"
+	"github.com/coder/coder/coderd/audit"
 	"github.com/coder/coder/coderd/awsidentity"
 	"github.com/coder/coder/coderd/database"
-	"github.com/coder/coder/coderd/features"
 	"github.com/coder/coder/coderd/gitsshkey"
 	"github.com/coder/coder/coderd/httpapi"
 	"github.com/coder/coder/coderd/httpmw"
@@ -50,6 +51,7 @@ type Options struct {
 	// CacheDir is used for caching files served by the API.
 	CacheDir string
 
+	Auditor                        audit.Auditor
 	AgentConnectionUpdateFrequency time.Duration
 	AgentInactiveDisconnectTimeout time.Duration
 	// APIRateLimit is the minutely throughput rate limit per user or ip.
@@ -68,8 +70,6 @@ type Options struct {
 	Telemetry            telemetry.Reporter
 	TracerProvider       trace.TracerProvider
 	AutoImportTemplates  []AutoImportTemplate
-	LicenseHandler       http.Handler
-	FeaturesService      features.Service
 
 	TailnetCoordinator *tailnet.Coordinator
 	DERPMap            *tailcfg.DERPMap
@@ -80,6 +80,9 @@ type Options struct {
 
 // New constructs a Coder API handler.
 func New(options *Options) *API {
+	if options == nil {
+		options = &Options{}
+	}
 	if options.AgentConnectionUpdateFrequency == 0 {
 		options.AgentConnectionUpdateFrequency = 3 * time.Second
 	}
@@ -117,11 +120,8 @@ func New(options *Options) *API {
 	if options.TailnetCoordinator == nil {
 		options.TailnetCoordinator = tailnet.NewCoordinator()
 	}
-	if options.LicenseHandler == nil {
-		options.LicenseHandler = licenses()
-	}
-	if options.FeaturesService == nil {
-		options.FeaturesService = &featuresService{}
+	if options.Auditor == nil {
+		options.Auditor = audit.NewNop()
 	}
 
 	siteCacheDir := options.CacheDir
@@ -142,14 +142,16 @@ func New(options *Options) *API {
 	r := chi.NewRouter()
 	api := &API{
 		Options:     options,
-		Handler:     r,
+		RootHandler: r,
 		siteHandler: site.Handler(site.FS(), binFS),
-		httpAuth: &HTTPAuthorizer{
+		HTTPAuth: &HTTPAuthorizer{
 			Authorizer: options.Authorizer,
 			Logger:     options.Logger,
 		},
 		metricsCache: metricsCache,
+		Auditor:      atomic.Pointer[audit.Auditor]{},
 	}
+	api.Auditor.Store(&options.Auditor)
 	api.workspaceAgentCache = wsconncache.New(api.dialWorkspaceAgentTailnet, 0)
 	api.derpServer = derp.NewServer(key.NewNode(), tailnet.Logger(options.Logger))
 	oauthConfigs := &httpmw.OAuth2Configs{
@@ -218,6 +220,8 @@ func New(options *Options) *API {
 	})
 
 	r.Route("/api/v2", func(r chi.Router) {
+		api.APIHandler = r
+
 		r.NotFound(func(rw http.ResponseWriter, r *http.Request) {
 			httpapi.Write(rw, http.StatusNotFound, codersdk.Response{
 				Message: "Route not found.",
@@ -473,14 +477,6 @@ func New(options *Options) *API {
 			r.Get("/resources", api.workspaceBuildResources)
 			r.Get("/state", api.workspaceBuildState)
 		})
-		r.Route("/entitlements", func(r chi.Router) {
-			r.Use(apiKeyMiddleware)
-			r.Get("/", api.FeaturesService.EntitlementsAPI)
-		})
-		r.Route("/licenses", func(r chi.Router) {
-			r.Use(apiKeyMiddleware)
-			r.Mount("/", options.LicenseHandler)
-		})
 	})
 
 	r.NotFound(compressHandler(http.HandlerFunc(api.siteHandler.ServeHTTP)).ServeHTTP)
@@ -489,17 +485,20 @@ func New(options *Options) *API {
 
 type API struct {
 	*Options
+	Auditor  atomic.Pointer[audit.Auditor]
+	HTTPAuth *HTTPAuthorizer
 
-	derpServer *derp.Server
+	// APIHandler serves "/api/v2"
+	APIHandler chi.Router
+	// RootHandler serves "/"
+	RootHandler chi.Router
 
-	Handler             chi.Router
+	derpServer          *derp.Server
+	metricsCache        *metricscache.Cache
 	siteHandler         http.Handler
 	websocketWaitMutex  sync.Mutex
 	websocketWaitGroup  sync.WaitGroup
 	workspaceAgentCache *wsconncache.Cache
-	httpAuth            *HTTPAuthorizer
-
-	metricsCache *metricscache.Cache
 }
 
 // Close waits for all WebSocket connections to drain before returning.

diff --git a/coderd/coderd_test.go b/coderd/coderd_test.go
@@ -38,16 +38,6 @@ func TestBuildInfo(t *testing.T) {
 	require.Equal(t, buildinfo.Version(), buildInfo.Version, "version")
 }
 
-// TestAuthorizeAllEndpoints will check `authorize` is called on every endpoint registered.
-func TestAuthorizeAllEndpoints(t *testing.T) {
-	t.Parallel()
-	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
-	defer cancel()
-	a := coderdtest.NewAuthTester(ctx, t, nil)
-	skipRoutes, assertRoute := coderdtest.AGPLRoutes(a)
-	a.Test(ctx, assertRoute, skipRoutes)
-}
-
 func TestDERP(t *testing.T) {
 	t.Parallel()
 	client := coderdtest.New(t, nil)