Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d5c298b

Browse files
EmyrkEmyrk
committed
chore: Handle custom workspace proxy options. Remove excess
1 parent 1f77074 commit d5c298b

File tree

3 files changed

+107
-38
lines changed

3 files changed

+107
-38
lines changed

cli/clibase/option.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,16 @@ func (s *OptionSet) Add(opts ...Option) {
8080
*s = append(*s, opts...)
8181
}
8282

83+
func (s OptionSet) Filter(filter func(opt Option) bool) OptionSet {
84+
cpy := make(OptionSet, 0)
85+
for _, opt := range s {
86+
if filter(opt) {
87+
cpy = append(cpy, opt)
88+
}
89+
}
90+
return cpy
91+
}
92+
8393
// FlagSet returns a pflag.FlagSet for the OptionSet.
8494
func (s *OptionSet) FlagSet() *pflag.FlagSet {
8595
if s == nil {

codersdk/deployment.go

Lines changed: 71 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -332,10 +332,17 @@ type DangerousConfig struct {
332332
}
333333

334334
const (
335-
flagEnterpriseKey = "enterprise"
336-
flagSecretKey = "secret"
335+
flagEnterpriseKey = "enterprise"
336+
flagSecretKey = "secret"
337+
flagExternalProxies = "external_workspace_proxies"
337338
)
338339

340+
func IsExternalProxies(opt clibase.Option) bool {
341+
// If it is a bool, use the bool value.
342+
b, _ := strconv.ParseBool(opt.Annotations[flagExternalProxies])
343+
return b
344+
}
345+
339346
func IsSecretDeploymentOption(opt clibase.Option) bool {
340347
return opt.Annotations.IsSet(flagSecretKey)
341348
}
@@ -469,6 +476,7 @@ when required by your organization's security policy.`,
469476
Value: &c.HTTPAddress,
470477
Group: &deploymentGroupNetworkingHTTP,
471478
YAML: "httpAddress",
479+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
472480
}
473481
tlsBindAddress := clibase.Option{
474482
Name: "TLS Address",
@@ -479,6 +487,7 @@ when required by your organization's security policy.`,
479487
Value: &c.TLS.Address,
480488
Group: &deploymentGroupNetworkingTLS,
481489
YAML: "address",
490+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
482491
}
483492
redirectToAccessURL := clibase.Option{
484493
Name: "Redirect to Access URL",
@@ -498,6 +507,7 @@ when required by your organization's security policy.`,
498507
Env: "CODER_ACCESS_URL",
499508
Group: &deploymentGroupNetworking,
500509
YAML: "accessURL",
510+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
501511
},
502512
{
503513
Name: "Wildcard Access URL",
@@ -507,6 +517,7 @@ when required by your organization's security policy.`,
507517
Value: &c.WildcardAccessURL,
508518
Group: &deploymentGroupNetworking,
509519
YAML: "wildcardAccessURL",
520+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
510521
},
511522
redirectToAccessURL,
512523
{
@@ -533,7 +544,8 @@ when required by your organization's security policy.`,
533544
httpAddress,
534545
tlsBindAddress,
535546
},
536-
Group: &deploymentGroupNetworking,
547+
Group: &deploymentGroupNetworking,
548+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
537549
},
538550
// TLS settings
539551
{
@@ -544,6 +556,7 @@ when required by your organization's security policy.`,
544556
Value: &c.TLS.Enable,
545557
Group: &deploymentGroupNetworkingTLS,
546558
YAML: "enable",
559+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
547560
},
548561
{
549562
Name: "Redirect HTTP to HTTPS",
@@ -556,6 +569,7 @@ when required by your organization's security policy.`,
556569
UseInstead: clibase.OptionSet{redirectToAccessURL},
557570
Group: &deploymentGroupNetworkingTLS,
558571
YAML: "redirectHTTP",
572+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
559573
},
560574
{
561575
Name: "TLS Certificate Files",
@@ -565,6 +579,7 @@ when required by your organization's security policy.`,
565579
Value: &c.TLS.CertFiles,
566580
Group: &deploymentGroupNetworkingTLS,
567581
YAML: "certFiles",
582+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
568583
},
569584
{
570585
Name: "TLS Client CA Files",
@@ -574,6 +589,7 @@ when required by your organization's security policy.`,
574589
Value: &c.TLS.ClientCAFile,
575590
Group: &deploymentGroupNetworkingTLS,
576591
YAML: "clientCAFile",
592+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
577593
},
578594
{
579595
Name: "TLS Client Auth",
@@ -584,6 +600,7 @@ when required by your organization's security policy.`,
584600
Value: &c.TLS.ClientAuth,
585601
Group: &deploymentGroupNetworkingTLS,
586602
YAML: "clientAuth",
603+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
587604
},
588605
{
589606
Name: "TLS Key Files",
@@ -593,6 +610,7 @@ when required by your organization's security policy.`,
593610
Value: &c.TLS.KeyFiles,
594611
Group: &deploymentGroupNetworkingTLS,
595612
YAML: "keyFiles",
613+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
596614
},
597615
{
598616
Name: "TLS Minimum Version",
@@ -603,6 +621,7 @@ when required by your organization's security policy.`,
603621
Value: &c.TLS.MinVersion,
604622
Group: &deploymentGroupNetworkingTLS,
605623
YAML: "minVersion",
624+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
606625
},
607626
{
608627
Name: "TLS Client Cert File",
@@ -612,6 +631,7 @@ when required by your organization's security policy.`,
612631
Value: &c.TLS.ClientCertFile,
613632
Group: &deploymentGroupNetworkingTLS,
614633
YAML: "clientCertFile",
634+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
615635
},
616636
{
617637
Name: "TLS Client Key File",
@@ -621,6 +641,7 @@ when required by your organization's security policy.`,
621641
Value: &c.TLS.ClientKeyFile,
622642
Group: &deploymentGroupNetworkingTLS,
623643
YAML: "clientKeyFile",
644+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
624645
},
625646
// Derp settings
626647
{
@@ -711,6 +732,7 @@ when required by your organization's security policy.`,
711732
Value: &c.Prometheus.Enable,
712733
Group: &deploymentGroupIntrospectionPrometheus,
713734
YAML: "enable",
735+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
714736
},
715737
{
716738
Name: "Prometheus Address",
@@ -721,6 +743,7 @@ when required by your organization's security policy.`,
721743
Value: &c.Prometheus.Address,
722744
Group: &deploymentGroupIntrospectionPrometheus,
723745
YAML: "address",
746+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
724747
},
725748
// Pprof settings
726749
{
@@ -731,6 +754,7 @@ when required by your organization's security policy.`,
731754
Value: &c.Pprof.Enable,
732755
Group: &deploymentGroupIntrospectionPPROF,
733756
YAML: "enable",
757+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
734758
},
735759
{
736760
Name: "pprof Address",
@@ -741,6 +765,7 @@ when required by your organization's security policy.`,
741765
Value: &c.Pprof.Address,
742766
Group: &deploymentGroupIntrospectionPPROF,
743767
YAML: "address",
768+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
744769
},
745770
// oAuth settings
746771
{
@@ -997,13 +1022,14 @@ when required by your organization's security policy.`,
9971022
Value: &c.Trace.Enable,
9981023
Group: &deploymentGroupIntrospectionTracing,
9991024
YAML: "enable",
1025+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
10001026
},
10011027
{
10021028
Name: "Trace Honeycomb API Key",
10031029
Description: "Enables trace exporting to Honeycomb.io using the provided API Key.",
10041030
Flag: "trace-honeycomb-api-key",
10051031
Env: "CODER_TRACE_HONEYCOMB_API_KEY",
1006-
Annotations: clibase.Annotations{}.Mark(flagSecretKey, "true"),
1032+
Annotations: clibase.Annotations{}.Mark(flagSecretKey, "true").Mark(flagExternalProxies, "true"),
10071033
Value: &c.Trace.HoneycombAPIKey,
10081034
Group: &deploymentGroupIntrospectionTracing,
10091035
},
@@ -1015,6 +1041,7 @@ when required by your organization's security policy.`,
10151041
Value: &c.Trace.CaptureLogs,
10161042
Group: &deploymentGroupIntrospectionTracing,
10171043
YAML: "captureLogs",
1044+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
10181045
},
10191046
// Provisioner settings
10201047
{
@@ -1064,19 +1091,21 @@ when required by your organization's security policy.`,
10641091
Flag: "dangerous-disable-rate-limits",
10651092
Env: "CODER_DANGEROUS_DISABLE_RATE_LIMITS",
10661093

1067-
Value: &c.RateLimit.DisableAll,
1068-
Hidden: true,
1094+
Value: &c.RateLimit.DisableAll,
1095+
Hidden: true,
1096+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
10691097
},
10701098
{
10711099
Name: "API Rate Limit",
10721100
Description: "Maximum number of requests per minute allowed to the API per user, or per IP address for unauthenticated users. Negative values mean no rate limit. Some API endpoints have separate strict rate limits regardless of this value to prevent denial-of-service or brute force attacks.",
10731101
// Change the env from the auto-generated CODER_RATE_LIMIT_API to the
10741102
// old value to avoid breaking existing deployments.
1075-
Env: "CODER_API_RATE_LIMIT",
1076-
Flag: "api-rate-limit",
1077-
Default: "512",
1078-
Value: &c.RateLimit.API,
1079-
Hidden: true,
1103+
Env: "CODER_API_RATE_LIMIT",
1104+
Flag: "api-rate-limit",
1105+
Default: "512",
1106+
Value: &c.RateLimit.API,
1107+
Hidden: true,
1108+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
10801109
},
10811110
// Logging settings
10821111
{
@@ -1086,9 +1115,10 @@ when required by your organization's security policy.`,
10861115
Env: "CODER_VERBOSE",
10871116
FlagShorthand: "v",
10881117

1089-
Value: &c.Verbose,
1090-
Group: &deploymentGroupIntrospectionLogging,
1091-
YAML: "verbose",
1118+
Value: &c.Verbose,
1119+
Group: &deploymentGroupIntrospectionLogging,
1120+
YAML: "verbose",
1121+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
10921122
},
10931123
{
10941124
Name: "Human Log Location",
@@ -1099,6 +1129,7 @@ when required by your organization's security policy.`,
10991129
Value: &c.Logging.Human,
11001130
Group: &deploymentGroupIntrospectionLogging,
11011131
YAML: "humanPath",
1132+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
11021133
},
11031134
{
11041135
Name: "JSON Log Location",
@@ -1109,6 +1140,7 @@ when required by your organization's security policy.`,
11091140
Value: &c.Logging.JSON,
11101141
Group: &deploymentGroupIntrospectionLogging,
11111142
YAML: "jsonPath",
1143+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
11121144
},
11131145
{
11141146
Name: "Stackdriver Log Location",
@@ -1119,6 +1151,7 @@ when required by your organization's security policy.`,
11191151
Value: &c.Logging.Stackdriver,
11201152
Group: &deploymentGroupIntrospectionLogging,
11211153
YAML: "stackdriverPath",
1154+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
11221155
},
11231156
// ☢️ Dangerous settings
11241157
{
@@ -1147,6 +1180,7 @@ when required by your organization's security policy.`,
11471180
Env: "CODER_EXPERIMENTS",
11481181
Value: &c.Experiments,
11491182
YAML: "experiments",
1183+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
11501184
},
11511185
{
11521186
Name: "Update Check",
@@ -1189,6 +1223,7 @@ when required by your organization's security policy.`,
11891223
Value: &c.ProxyTrustedHeaders,
11901224
Group: &deploymentGroupNetworking,
11911225
YAML: "proxyTrustedHeaders",
1226+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
11921227
},
11931228
{
11941229
Name: "Proxy Trusted Origins",
@@ -1198,6 +1233,7 @@ when required by your organization's security policy.`,
11981233
Value: &c.ProxyTrustedOrigins,
11991234
Group: &deploymentGroupNetworking,
12001235
YAML: "proxyTrustedOrigins",
1236+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
12011237
},
12021238
{
12031239
Name: "Cache Directory",
@@ -1233,28 +1269,31 @@ when required by your organization's security policy.`,
12331269
Value: &c.SecureAuthCookie,
12341270
Group: &deploymentGroupNetworking,
12351271
YAML: "secureAuthCookie",
1272+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
12361273
},
12371274
{
12381275
Name: "Strict-Transport-Security",
12391276
Description: "Controls if the 'Strict-Transport-Security' header is set on all static file responses. " +
12401277
"This header should only be set if the server is accessed via HTTPS. This value is the MaxAge in seconds of " +
12411278
"the header.",
1242-
Default: "0",
1243-
Flag: "strict-transport-security",
1244-
Env: "CODER_STRICT_TRANSPORT_SECURITY",
1245-
Value: &c.StrictTransportSecurity,
1246-
Group: &deploymentGroupNetworkingTLS,
1247-
YAML: "strictTransportSecurity",
1279+
Default: "0",
1280+
Flag: "strict-transport-security",
1281+
Env: "CODER_STRICT_TRANSPORT_SECURITY",
1282+
Value: &c.StrictTransportSecurity,
1283+
Group: &deploymentGroupNetworkingTLS,
1284+
YAML: "strictTransportSecurity",
1285+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
12481286
},
12491287
{
12501288
Name: "Strict-Transport-Security Options",
12511289
Description: "Two optional fields can be set in the Strict-Transport-Security header; 'includeSubDomains' and 'preload'. " +
12521290
"The 'strict-transport-security' flag must be set to a non-zero value for these options to be used.",
1253-
Flag: "strict-transport-security-options",
1254-
Env: "CODER_STRICT_TRANSPORT_SECURITY_OPTIONS",
1255-
Value: &c.StrictTransportSecurityOptions,
1256-
Group: &deploymentGroupNetworkingTLS,
1257-
YAML: "strictTransportSecurityOptions",
1291+
Flag: "strict-transport-security-options",
1292+
Env: "CODER_STRICT_TRANSPORT_SECURITY_OPTIONS",
1293+
Value: &c.StrictTransportSecurityOptions,
1294+
Group: &deploymentGroupNetworkingTLS,
1295+
YAML: "strictTransportSecurityOptions",
1296+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
12581297
},
12591298
{
12601299
Name: "SSH Keygen Algorithm",
@@ -1298,7 +1337,7 @@ when required by your organization's security policy.`,
12981337
Description: "Whether Coder only allows connections to workspaces via the browser.",
12991338
Flag: "browser-only",
13001339
Env: "CODER_BROWSER_ONLY",
1301-
Annotations: clibase.Annotations{}.Mark(flagEnterpriseKey, "true"),
1340+
Annotations: clibase.Annotations{}.Mark(flagEnterpriseKey, "true").Mark(flagExternalProxies, "true"),
13021341
Value: &c.BrowserOnly,
13031342
Group: &deploymentGroupNetworking,
13041343
YAML: "browserOnly",
@@ -1318,17 +1357,19 @@ when required by your organization's security policy.`,
13181357
Flag: "disable-path-apps",
13191358
Env: "CODER_DISABLE_PATH_APPS",
13201359

1321-
Value: &c.DisablePathApps,
1322-
YAML: "disablePathApps",
1360+
Value: &c.DisablePathApps,
1361+
YAML: "disablePathApps",
1362+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
13231363
},
13241364
{
13251365
Name: "Disable Owner Workspace Access",
13261366
Description: "Remove the permission for the 'owner' role to have workspace execution on all workspaces. This prevents the 'owner' from ssh, apps, and terminal access based on the 'owner' role. They still have their user permissions to access their own workspaces.",
13271367
Flag: "disable-owner-workspace-access",
13281368
Env: "CODER_DISABLE_OWNER_WORKSPACE_ACCESS",
13291369

1330-
Value: &c.DisableOwnerWorkspaceExec,
1331-
YAML: "disableOwnerWorkspaceAccess",
1370+
Value: &c.DisableOwnerWorkspaceExec,
1371+
YAML: "disableOwnerWorkspaceAccess",
1372+
Annotations: clibase.Annotations{}.Mark(flagExternalProxies, "true"),
13321373
},
13331374
{
13341375
Name: "Session Duration",

0 commit comments

Comments
 (0)