coder · code-asher · Feb 26, 2024 · Feb 22, 2024 · Feb 23, 2024 · Feb 26, 2024
diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
diff --git a/coderd/audit.go b/coderd/audit.go
@@ -333,6 +333,22 @@ func (api *API) auditLogIsResourceDeleted(ctx context.Context, alog database.Get
 			api.Logger.Error(ctx, "unable to fetch workspace", slog.Error(err))
 		}
 		return workspace.Deleted
+	case database.ResourceTypeOauth2ProviderApp:
+		_, err := api.Database.GetOAuth2ProviderAppByID(ctx, alog.ResourceID)
+		if xerrors.Is(err, sql.ErrNoRows) {
+			return true
+		} else if err != nil {
+			api.Logger.Error(ctx, "unable to fetch oauth2 app", slog.Error(err))
+		}
+		return false
+	case database.ResourceTypeOauth2ProviderAppSecret:
+		_, err := api.Database.GetOAuth2ProviderAppSecretByID(ctx, alog.ResourceID)
+		if xerrors.Is(err, sql.ErrNoRows) {
+			return true
+		} else if err != nil {
+			api.Logger.Error(ctx, "unable to fetch oauth2 app secret", slog.Error(err))
+		}
+		return false
 	default:
 		return false
 	}
@@ -379,6 +395,16 @@ func (api *API) auditLogResourceLink(ctx context.Context, alog database.GetAudit
 		return fmt.Sprintf("/@%s/%s/builds/%s",
 			workspaceOwner.Username, additionalFields.WorkspaceName, additionalFields.BuildNumber)
 
+	case database.ResourceTypeOauth2ProviderApp:
+		return fmt.Sprintf("/deployment/oauth2-provider/apps/%s", alog.ResourceID)
+
+	case database.ResourceTypeOauth2ProviderAppSecret:
+		secret, err := api.Database.GetOAuth2ProviderAppSecretByID(ctx, alog.ResourceID)
+		if err != nil {
+			return ""
+		}
+		return fmt.Sprintf("/deployment/oauth2-provider/apps/%s", secret.AppID)
+
 	default:
 		return ""
 	}

diff --git a/coderd/audit/diff.go b/coderd/audit/diff.go
@@ -19,7 +19,9 @@ type Auditable interface {
 		database.License |
 		database.WorkspaceProxy |
 		database.AuditOAuthConvertState |
-		database.HealthSettings
+		database.HealthSettings |
+		database.OAuth2ProviderApp |
+		database.OAuth2ProviderAppSecret
 }
 
 // Map is a map of changed fields in an audited resource. It maps field names to

diff --git a/coderd/audit/request.go b/coderd/audit/request.go
@@ -99,6 +99,10 @@ func ResourceTarget[T Auditable](tgt T) string {
 		return string(typed.ToLoginType)
 	case database.HealthSettings:
 		return "" // no target?
+	case database.OAuth2ProviderApp:
+		return typed.Name
+	case database.OAuth2ProviderAppSecret:
+		return typed.DisplaySecret
 	default:
 		panic(fmt.Sprintf("unknown resource %T for ResourceTarget", tgt))
 	}
@@ -132,6 +136,10 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {
 	case database.HealthSettings:
 		// Artificial ID for auditing purposes
 		return typed.ID
+	case database.OAuth2ProviderApp:
+		return typed.ID
+	case database.OAuth2ProviderAppSecret:
+		return typed.ID
 	default:
 		panic(fmt.Sprintf("unknown resource %T for ResourceID", tgt))
 	}
@@ -163,6 +171,10 @@ func ResourceType[T Auditable](tgt T) database.ResourceType {
 		return database.ResourceTypeConvertLogin
 	case database.HealthSettings:
 		return database.ResourceTypeHealthSettings
+	case database.OAuth2ProviderApp:
+		return database.ResourceTypeOauth2ProviderApp
+	case database.OAuth2ProviderAppSecret:
+		return database.ResourceTypeOauth2ProviderAppSecret
 	default:
 		panic(fmt.Sprintf("unknown resource %T for ResourceType", typed))
 	}
@@ -195,6 +207,10 @@ func ResourceRequiresOrgID[T Auditable]() bool {
 	case database.HealthSettings:
 		// Artificial ID for auditing purposes
 		return false
+	case database.OAuth2ProviderApp:
+		return false
+	case database.OAuth2ProviderAppSecret:
+		return false
 	default:
 		panic(fmt.Sprintf("unknown resource %T for ResourceRequiresOrgID", tgt))
 	}

diff --git a/coderd/database/dump.sql b/coderd/database/dump.sql
diff --git a/coderd/database/migrations/000197_oauth2_provider_app_audit.down.sql b/coderd/database/migrations/000197_oauth2_provider_app_audit.down.sql
@@ -0,0 +1,2 @@
+-- It is not possible to drop enum values from enum types, so the UPs on
+-- resource_type have "IF NOT EXISTS".
diff --git a/coderd/database/migrations/000197_oauth2_provider_app_audit.up.sql b/coderd/database/migrations/000197_oauth2_provider_app_audit.up.sql
@@ -0,0 +1,2 @@
+ALTER TYPE resource_type ADD VALUE IF NOT EXISTS 'oauth2_provider_app';
+ALTER TYPE resource_type ADD VALUE IF NOT EXISTS 'oauth2_provider_app_secret';
diff --git a/coderd/database/models.go b/coderd/database/models.go
diff --git a/codersdk/audit.go b/codersdk/audit.go
@@ -14,19 +14,22 @@ import (
 type ResourceType string
 
 const (
-	ResourceTypeTemplate        ResourceType = "template"
-	ResourceTypeTemplateVersion ResourceType = "template_version"
-	ResourceTypeUser            ResourceType = "user"
-	ResourceTypeWorkspace       ResourceType = "workspace"
-	ResourceTypeWorkspaceBuild  ResourceType = "workspace_build"
-	ResourceTypeGitSSHKey       ResourceType = "git_ssh_key"
-	ResourceTypeAPIKey          ResourceType = "api_key"
-	ResourceTypeGroup           ResourceType = "group"
-	ResourceTypeLicense         ResourceType = "license"
-	ResourceTypeConvertLogin    ResourceType = "convert_login"
-	ResourceTypeHealthSettings  ResourceType = "health_settings"
-	ResourceTypeWorkspaceProxy  ResourceType = "workspace_proxy"
-	ResourceTypeOrganization    ResourceType = "organization"
+	ResourceTypeTemplate          ResourceType = "template"
+	ResourceTypeTemplateVersion   ResourceType = "template_version"
+	ResourceTypeUser              ResourceType = "user"
+	ResourceTypeWorkspace         ResourceType = "workspace"
+	ResourceTypeWorkspaceBuild    ResourceType = "workspace_build"
+	ResourceTypeGitSSHKey         ResourceType = "git_ssh_key"
+	ResourceTypeAPIKey            ResourceType = "api_key"
+	ResourceTypeGroup             ResourceType = "group"
+	ResourceTypeLicense           ResourceType = "license"
+	ResourceTypeConvertLogin      ResourceType = "convert_login"
+	ResourceTypeHealthSettings    ResourceType = "health_settings"
+	ResourceTypeWorkspaceProxy    ResourceType = "workspace_proxy"
+	ResourceTypeOrganization      ResourceType = "organization"
+	ResourceTypeOAuth2ProviderApp ResourceType = "oauth2_provider_app"
+	// nolint:gosec // This is not a secret.
+	ResourceTypeOAuth2ProviderAppSecret ResourceType = "oauth2_provider_app_secret"
 )
 
 func (r ResourceType) FriendlyString() string {
@@ -59,6 +62,10 @@ func (r ResourceType) FriendlyString() string {
 		return "organization"
 	case ResourceTypeHealthSettings:
 		return "health_settings"
+	case ResourceTypeOAuth2ProviderApp:
+		return "oauth2 app"
+	case ResourceTypeOAuth2ProviderAppSecret:
+		return "oauth2 app secret"
 	default:
 		return "unknown"
 	}

diff --git a/codersdk/oauth2.go b/codersdk/oauth2.go
@@ -159,7 +159,7 @@ func (c *Client) PostOAuth2ProviderAppSecret(ctx context.Context, appID uuid.UUI
 		return OAuth2ProviderAppSecretFull{}, err
 	}
 	defer res.Body.Close()
-	if res.StatusCode != http.StatusOK {
+	if res.StatusCode != http.StatusCreated {
 		return OAuth2ProviderAppSecretFull{}, ReadBodyAsError(res)
 	}
 	var resp OAuth2ProviderAppSecretFull
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		-- It is not possible to drop enum values from enum types, so the UPs on
		-- resource_type have "IF NOT EXISTS".
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		ALTER TYPE resource_type ADD VALUE IF NOT EXISTS 'oauth2_provider_app';
		ALTER TYPE resource_type ADD VALUE IF NOT EXISTS 'oauth2_provider_app_secret';