shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add API key scope to restrict access to user data (#17692)

Browse Source
This commit is contained in:
Thomas Kosiewski
2025-05-15 15:32:52 +01:00
committed by GitHub
parent ee2aeb44d7
commit 1bacd82e80
28 changed files with 824 additions and 447 deletions
Download Patch File Download Diff File Expand all files Collapse all files
provisioner/echo/serve.go
+23
View File
@@ -19,6 +19,29 @@ import (
"github.com/coder/coder/v2/provisionersdk/proto"
)
// ProvisionApplyWithAgent returns provision responses that will mock a fake
// "aws_instance" resource with an agent that has the given auth token.
func ProvisionApplyWithAgentAndAPIKeyScope(authToken string, apiKeyScope string) []*proto.Response {
return []*proto.Response{{
Type: &proto.Response_Apply{
Apply: &proto.ApplyComplete{
Resources: []*proto.Resource{{
Name: "example_with_scope",
Type: "aws_instance",
Agents: []*proto.Agent{{
Id: uuid.NewString(),
Name: "example",
Auth: &proto.Agent_Token{
Token: authToken,
},
ApiKeyScope: apiKeyScope,
}},
}},
},
},
}}
}
// ProvisionApplyWithAgent returns provision responses that will mock a fake
// "aws_instance" resource with an agent that has the given auth token.
func ProvisionApplyWithAgent(authToken string) []*proto.Response {
provisioner/terraform/resources.go
+3 -1
View File
@@ -42,6 +42,7 @@ type agentAttributes struct {
Directory string `mapstructure:"dir"`
ID string `mapstructure:"id"`
Token string `mapstructure:"token"`
APIKeyScope string `mapstructure:"api_key_scope"`
Env map[string]string `mapstructure:"env"`
// Deprecated: but remains here for backwards compatibility.
StartupScript string `mapstructure:"startup_script"`
@@ -319,6 +320,7 @@ func ConvertState(ctx context.Context, modules []*tfjson.StateModule, rawGraph s
Metadata: metadata,
DisplayApps: displayApps,
Order: attrs.Order,
ApiKeyScope: attrs.APIKeyScope,
}
// Support the legacy script attributes in the agent!
if attrs.StartupScript != "" {
@@ -394,7 +396,7 @@ func ConvertState(ctx context.Context, modules []*tfjson.StateModule, rawGraph s
agents, exists := resourceAgents[agentResource.Label]
if !exists {
agents = make([]*proto.Agent, 0)
agents = make([]*proto.Agent, 0, 1)
}
agents = append(agents, agent)
resourceAgents[agentResource.Label] = agents