Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ca23abe

Browse files
nxf5025nxf5025
authored
feat(provisioner): add support for workspace_owner_rbac_roles (#16407)
Part of coder/terraform-provider-coder#330 Adds support for the coder_workspace_owner.rbac_roles attribute
1 parent fc2815c commit ca23abe

File tree

7 files changed

+521
-341
lines changed

7 files changed

+521
-341
lines changed

coderd/provisionerdserver/provisionerdserver.go

+14
Original file line numberDiff line numberDiff line change
@@ -594,6 +594,19 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo
594594
})
595595
}
596596

597+
roles, err := s.Database.GetAuthorizationUserRoles(ctx, owner.ID)
598+
if err != nil {
599+
return nil, failJob(fmt.Sprintf("get owner authorization roles: %s", err))
600+
}
601+
ownerRbacRoles := []*sdkproto.Role{}
602+
for _, role := range roles.Roles {
603+
if s.OrganizationID == uuid.Nil {
604+
ownerRbacRoles = append(ownerRbacRoles, &sdkproto.Role{Name: role, OrgId: ""})
605+
continue
606+
}
607+
ownerRbacRoles = append(ownerRbacRoles, &sdkproto.Role{Name: role, OrgId: s.OrganizationID.String()})
608+
}
609+
597610
protoJob.Type = &proto.AcquiredJob_WorkspaceBuild_{
598611
WorkspaceBuild: &proto.AcquiredJob_WorkspaceBuild{
599612
WorkspaceBuildId: workspaceBuild.ID.String(),
@@ -621,6 +634,7 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo
621634
WorkspaceOwnerSshPrivateKey: ownerSSHPrivateKey,
622635
WorkspaceBuildId: workspaceBuild.ID.String(),
623636
WorkspaceOwnerLoginType: string(owner.LoginType),
637+
WorkspaceOwnerRbacRoles: ownerRbacRoles,
624638
},
625639
LogLevel: input.LogLevel,
626640
},

coderd/provisionerdserver/provisionerdserver_test.go

+1
Original file line numberDiff line numberDiff line change
@@ -377,6 +377,7 @@ func TestAcquireJob(t *testing.T) {
377377
WorkspaceOwnerSshPrivateKey: sshKey.PrivateKey,
378378
WorkspaceBuildId: build.ID.String(),
379379
WorkspaceOwnerLoginType: string(user.LoginType),
380+
WorkspaceOwnerRbacRoles: []*sdkproto.Role{{Name: "member", OrgId: pd.OrganizationID.String()}},
380381
},
381382
},
382383
})

provisioner/terraform/provision.go

+6
Original file line numberDiff line numberDiff line change
@@ -242,6 +242,11 @@ func provisionEnv(
242242
return nil, xerrors.Errorf("marshal owner groups: %w", err)
243243
}
244244

245+
ownerRbacRoles, err := json.Marshal(metadata.GetWorkspaceOwnerRbacRoles())
246+
if err != nil {
247+
return nil, xerrors.Errorf("marshal owner rbac roles: %w", err)
248+
}
249+
245250
env = append(env,
246251
"CODER_AGENT_URL="+metadata.GetCoderUrl(),
247252
"CODER_WORKSPACE_TRANSITION="+strings.ToLower(metadata.GetWorkspaceTransition().String()),
@@ -254,6 +259,7 @@ func provisionEnv(
254259
"CODER_WORKSPACE_OWNER_SSH_PUBLIC_KEY="+metadata.GetWorkspaceOwnerSshPublicKey(),
255260
"CODER_WORKSPACE_OWNER_SSH_PRIVATE_KEY="+metadata.GetWorkspaceOwnerSshPrivateKey(),
256261
"CODER_WORKSPACE_OWNER_LOGIN_TYPE="+metadata.GetWorkspaceOwnerLoginType(),
262+
"CODER_WORKSPACE_OWNER_RBAC_ROLES="+string(ownerRbacRoles),
257263
"CODER_WORKSPACE_ID="+metadata.GetWorkspaceId(),
258264
"CODER_WORKSPACE_OWNER_ID="+metadata.GetWorkspaceOwnerId(),
259265
"CODER_WORKSPACE_OWNER_SESSION_TOKEN="+metadata.GetWorkspaceOwnerSessionToken(),

provisioner/terraform/provision_test.go

+47
Original file line numberDiff line numberDiff line change
@@ -764,6 +764,53 @@ func TestProvision(t *testing.T) {
764764
}},
765765
},
766766
},
767+
{
768+
Name: "workspace-owner-rbac-roles",
769+
SkipReason: "field will be added in provider version 2.2.0",
770+
Files: map[string]string{
771+
"main.tf": `terraform {
772+
required_providers {
773+
coder = {
774+
source = "coder/coder"
775+
version = "2.2.0"
776+
}
777+
}
778+
}
779+
780+
resource "null_resource" "example" {}
781+
data "coder_workspace_owner" "me" {}
782+
resource "coder_metadata" "example" {
783+
resource_id = null_resource.example.id
784+
item {
785+
key = "rbac_roles_name"
786+
value = data.coder_workspace_owner.me.rbac_roles[0].name
787+
}
788+
item {
789+
key = "rbac_roles_org_id"
790+
value = data.coder_workspace_owner.me.rbac_roles[0].org_id
791+
}
792+
}
793+
`,
794+
},
795+
Request: &proto.PlanRequest{
796+
Metadata: &proto.Metadata{
797+
WorkspaceOwnerRbacRoles: []*proto.Role{{Name: "member", OrgId: ""}},
798+
},
799+
},
800+
Response: &proto.PlanComplete{
801+
Resources: []*proto.Resource{{
802+
Name: "example",
803+
Type: "null_resource",
804+
Metadata: []*proto.Resource_Metadata{{
805+
Key: "rbac_roles_name",
806+
Value: "member",
807+
}, {
808+
Key: "rbac_roles_org_id",
809+
Value: "",
810+
}},
811+
}},
812+
},
813+
},
767814
}
768815

769816
for _, testCase := range testCases {

0 commit comments

Comments
 (0)