Wouldn't this either be system or the user's name? Seems like certain routes should never be system, so I'm confused when the logging would come into play.

On each request I want to log the actor name at least, so it's easy to see which user made a request in the logs. I am removing the SystemActor though.

is this ok @kylecarbs? The goal of this is so we can log the username without having to do a type cast because of the same reason as above (type switching just to read the username is very slow).

If we're just going to have the UserActor do we need to generalize the actor type at all? Could we just use database.User directly? That way we wouldn't have to type-cast at all.

We're not just going to have the UserActor type. We will also have a WorkspaceActor and eventually a SatelliteActor.

If we just have two or three though, could we just log the username / workspace / satellite name separately? If the actor type is primarily going to be used for that, I'm hesitant to say it's worth the grouping.

I'd think we'd have separate routes for users / workspaces / satellites anyways, similar to how agents can only access specific routes right now. In that pattern, there's no opportunity to have a user call an agent route, because they'll never need to do so.

That is one way to separate things. But that makes each actor type more distinct.

RBAC means an agent token is just a UserActor with a reduced scope. I see the benefit in having 1 type and letting rbac decide what they can and can't do.

I see value in the separating routes approach too.

Both options require their own care. One thing I wonder about is will a provisionerd ever need to query coderd for anything? Like is there a case some provisionerd will want a system_user with some RBAC role/perms to query some extra endpoints? I have no idea if there is, but having 1 system is nice in the sense all actors are equivalent and just defer to rbac for drawing lines.

If this is true, could we keep this function private?

No because then the linter got mad at me for having the tests be package session, and I have test helpers shared between the user tests and the middleware tests :(

Wouldn't testing the middleware test this function in that case? That's how it works in httpmw right now too.

I wanted to write tests for this function by itself instead of having a giant test file for the middleware when the middleware itself is very small.

Our tests may be deceiving to a caller if they primarily test and exposed a function we don't recommend they use. The middleware is only valuable if it calls this other function, so I'd be hesitant to say the middleware's expectations are small.

That's not to say decomposition isn't right for this case, but I do think our tests should primarily test the primary functions we expose.

I'll do the internal tests for the entire package in that case then

is this ok? @kylecarbs

I think it's best to test the HTTP handler that's being exposed to the API; not being able to test that handler will likely result in a similar experience for callers. Is there a reason we can't test the handler with similar levels of functionality?

The middleware handler is tested to handle all possible output states from the user actor function. The user actor tests additionally also test each possible failure state individually.

@kylecarbs I disagree that we should only test a package api imo.

I am all for testing individual functions in a package. I understand unit tests can help api design, and those tests should still exist in the xxxx_test.go file. But having internal tests to test more granular functions is a great way to test edge cases without excess state.

If the internal test fails, that is way more information for debugging than if an api level function that hides the internal functions fails.

So I think internal tests are great. But should not replace package_test functions that better test pkg api design

@deansheather you can do user_internal_test.go for package session tests

Just a note in the future we need to also support a custom Header for cli auth. Cookie auth will need to do CSRF in future.

That is one way to separate things. But that makes each actor type more distinct.

RBAC means an agent token is just a UserActor with a reduced scope. I see the benefit in having 1 type and letting rbac decide what they can and can't do.

I see value in the separating routes approach too.

Both options require their own care. One thing I wonder about is will a provisionerd ever need to query coderd for anything? Like is there a case some provisionerd will want a system_user with some RBAC role/perms to query some extra endpoints? I have no idea if there is, but having 1 system is nice in the sense all actors are equivalent and just defer to rbac for drawing lines.

Just curious, are we still splitting coder and other github imports?

@kylecarbs I disagree that we should only test a package api imo.

I am all for testing individual functions in a package. I understand unit tests can help api design, and those tests should still exist in the xxxx_test.go file. But having internal tests to test more granular functions is a great way to test edge cases without excess state.

If the internal test fails, that is way more information for debugging than if an api level function that hides the internal functions fails.

So I think internal tests are great. But should not replace package_test functions that better test pkg api design

Just and example @kylecarbs of a great function to unit test with an easy tabled test. To do this using the middleware would be such a pain because invalid apiKey strings might not even get far enough in the function to get to this parse.

Regardless if the invalid strings reach this in prod, I still think it's of value to know this function works as intended incase it's ever moved/reused.

If this function is well-tested outside of the middleware, it could be argued the middleware doesn't have to be. If both are expected to be well-tested, then tests become duplicative. I'm of the opinion testing the user-expected behavior is much more important than if the code actually works, because the user just wants it to work for them.

The middleware unit test will not test this one function to all of it's edge cases. For one, the middleware does some basic validation above this usage, so any tokens that fall those checks won't make it to parseAPIKey.

The code might be able to be refactored to ensure all keys hit parseAPIKey, but I'm speaking more generally than this one case.

I'm of the opinion testing the user-expected behavior is much more important than if the code actually works, because the user just wants it to work for them.

I don't see how these are not related. These functions are the building blocks, and often they will be reused/adapted by a developer in the future (months out).

I am of the opinion if I write helper functions like this, it's very easy to build a tabled test to confirm my implementation is correct. And if someone comes in later, the tabled tests can often serve better than a comment for what should happen in given cases, because let's be honest sometimes comments are vague/ambiguous. A tabled test does not have this ambiguity. Worse case the tabled test is missing an edge case, in which case the new developer can easily add it.

I do agree if you sufficiently test all the building blocks of a function, then you do not need to test the, in this case, the middle function as exhaustively.

The functions build the API surface, but the most important part of the code is that the API works as expected. I'm not arguing against testing the internals, but we should try to get away with testing via externals first to reduce complexity.

Isn't this also defined in the access package? why is there 2 ExtractActor functions?

Can we do this at a top level? I'd hate to forget it in one of these routes.