shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-07 15:08:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: clamp template port sharing level in SubAgentAPI (#26061)

Browse Source 
Fixes an issue where sub-agent apps created via CreateSubAgent would
bypass the check for the template's max port sharing level:

- Clamps dynamically inserted `workspace_apps` to the template max
sharing level in `coderd.agentapi.SubAgentAPI`.
- Emits a warning when clamping occurs.
- Adds unit test coverage for the max sharing level matrix.
- Adds an integration-ish test through the devcontainer sub-agent client
path.

> 🤖 Generated by Coder Agents with guidance from a human.
This commit is contained in:
Cian Johnston
2026-06-05 16:30:15 +01:00
committed by GitHub
parent 5d8cd2ea7c
commit 63cd8a8c01
5 changed files with 565 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
coderd/database/dbauthz/dbauthz.go
+5
View File
@@ -412,6 +412,11 @@ var (
User: []rbac.Permission{},
ByOrgID: map[string]rbac.OrgPermissions{
orgID.String(): {
Org: rbac.Permissions(map[string][]policy.Action{
// SubAgentAPI needs to check metadata of templates
// potentially shared via group_acl.
rbac.ResourceTemplate.Type: {policy.ActionRead},
}),
Member: rbac.Permissions(map[string][]policy.Action{
rbac.ResourceWorkspace.Type: {policy.ActionRead, policy.ActionUpdate, policy.ActionCreateAgent, policy.ActionDeleteAgent, policy.ActionUpdateAgent},
}),