Skip to content

feat: Convert rego queries into SQL clauses #4225

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 20 commits into from
Oct 4, 2022
+870 −20
Merged

feat: Convert rego queries into SQL clauses #4225

Changes from 1 commit
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
ff931dc
feat: Convert rego queries into SQL clauses
Emyrk Sep 27, 2022
e535e5a
Fix postgres quotes to single quotes
Emyrk Sep 27, 2022
8f92953
Ensure all test cases can compile into SQL clauses
Emyrk Sep 27, 2022
cb5d519
Do not export extra types
Emyrk Sep 27, 2022
2bd0165
Add custom query with rbac filter
Emyrk Sep 27, 2022
364498c
First draft of a custom authorized db call
Emyrk Sep 28, 2022
b2da580
Merge remote-tracking branch 'origin/main' into stevenmasley/rego_to_sql
Emyrk Sep 28, 2022
d516be7
Add comments + tests
Emyrk Sep 28, 2022
125931a
Support better regex style matching for variables
Emyrk Sep 28, 2022
fc58da5
Handle jsonb arrays
Emyrk Sep 28, 2022
04c1d6a
Remove auth call on workspaces
Emyrk Sep 28, 2022
98b405e
Fix PG endpoints test
Emyrk Sep 28, 2022
6ad0b51
Match psql implementation
Emyrk Sep 29, 2022
7cfad87
Add some comments
Emyrk Sep 29, 2022
33c9d34
Merge remote-tracking branch 'origin/main' into stevenmasley/rego_to_sql
Emyrk Sep 29, 2022
f10e9b7
Remove unused argument
Emyrk Sep 29, 2022
d89c4d2
Add query name for tracking
Emyrk Sep 29, 2022
3828c29
Handle nested types
Emyrk Sep 30, 2022
913fb27
Add comment
Emyrk Sep 30, 2022
3e2fbb8
Renaming function call to GetAuthorizedWorkspaces
Emyrk Sep 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Match psql implementation
  • Loading branch information
@Emyrk
Emyrk committed Sep 29, 2022
commit 6ad0b51c01c175aa57c0a7601113449a2022705d
24 changes: 15 additions & 9 deletions coderd/coderdtest/authorize.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -515,17 +515,23 @@ type RecordingAuthorizer struct {

var _ rbac.Authorizer = (*RecordingAuthorizer)(nil)

func (r *RecordingAuthorizer) ByRoleName(_ context.Context, subjectID string, roleNames []string, scope rbac.Scope, action rbac.Action, object rbac.Object) error {
r.Called = &authCall{
SubjectID: subjectID,
Roles: roleNames,
Scope: scope,
Action: action,
Object: object,
func (r *RecordingAuthorizer) FakeByRoleName(_ context.Context, subjectID string, roleNames []string, scope rbac.Scope, action rbac.Action, object rbac.Object, record bool) error {
if record {
r.Called = &authCall{
SubjectID: subjectID,
Roles: roleNames,
Scope: scope,
Action: action,
Object: object,
}
}
return r.AlwaysReturn
}

func (r *RecordingAuthorizer) ByRoleName(ctx context.Context, subjectID string, roleNames []string, scope rbac.Scope, action rbac.Action, object rbac.Object) error {
return r.FakeByRoleName(ctx, subjectID, roleNames, scope, action, object, true)
}

func (r *RecordingAuthorizer) PrepareByRoleName(_ context.Context, subjectID string, roles []string, scope rbac.Scope, action rbac.Action, _ string) (rbac.PreparedAuthorized, error) {
return &fakePreparedAuthorizer{
Original: r,
Expand All @@ -552,7 +558,7 @@ type fakePreparedAuthorizer struct {
}

func (f *fakePreparedAuthorizer) Authorize(ctx context.Context, object rbac.Object) error {
return f.Original.ByRoleName(ctx, f.SubjectID, f.Roles, f.Scope, f.Action, object)
return f.Original.FakeByRoleName(ctx, f.SubjectID, f.Roles, f.Scope, f.Action, object, true)
}

// Compile returns a compiled version of the authorizer that will work for
Expand All @@ -562,7 +568,7 @@ func (f *fakePreparedAuthorizer) Compile() (rbac.AuthorizeFilter, error) {
}

func (f *fakePreparedAuthorizer) Eval(object rbac.Object) bool {
return f.Original.ByRoleName(context.Background(), f.SubjectID, f.Roles, f.Scope, f.Action, object) == nil
return f.Original.FakeByRoleName(context.Background(), f.SubjectID, f.Roles, f.Scope, f.Action, object, false) == nil
}

func (f fakePreparedAuthorizer) RegoString() string {
Expand Down