diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go index a14ebd4ad5b70..c6adc0b48e62b 100644 --- a/coderd/apidoc/docs.go +++ b/coderd/apidoc/docs.go @@ -408,7 +408,7 @@ const docTemplate = `{ "schema": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/codersdk.Experiment" } } } @@ -6173,6 +6173,15 @@ const docTemplate = `{ } } }, + "codersdk.Experiment": { + "type": "string", + "enum": [ + "authz_querier" + ], + "x-enum-varnames": [ + "ExperimentAuthzQuerier" + ] + }, "codersdk.Feature": { "type": "object", "properties": { diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json index 53b5b41efd2bd..98803bfc698dd 100644 --- a/coderd/apidoc/swagger.json +++ b/coderd/apidoc/swagger.json @@ -346,7 +346,7 @@ "schema": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/codersdk.Experiment" } } } @@ -5510,6 +5510,11 @@ } } }, + "codersdk.Experiment": { + "type": "string", + "enum": ["authz_querier"], + "x-enum-varnames": ["ExperimentAuthzQuerier"] + }, "codersdk.Feature": { "type": "object", "properties": { diff --git a/coderd/coderd.go b/coderd/coderd.go index 6119497796354..ad8af686c622b 100644 --- a/coderd/coderd.go +++ b/coderd/coderd.go @@ -154,6 +154,14 @@ func New(options *Options) *API { if options == nil { options = &Options{} } + experiments := initExperiments(options.Logger, options.DeploymentConfig.Experiments.Value, options.DeploymentConfig.Experimental.Value) + // TODO: remove this once we promote authz_querier out of experiments. + if experiments.Enabled(codersdk.ExperimentAuthzQuerier) { + panic("Coming soon!") + // if _, ok := (options.Database).(*authzquery.AuthzQuerier); !ok { + // options.Database = authzquery.NewAuthzQuerier(options.Database, options.Authorizer) + // } + } if options.AppHostname != "" && options.AppHostnameRegex == nil || options.AppHostname == "" && options.AppHostnameRegex != nil { panic("coderd: both AppHostname and AppHostnameRegex must be set or unset") } @@ -222,7 +230,7 @@ func New(options *Options) *API { }, metricsCache: metricsCache, Auditor: atomic.Pointer[audit.Auditor]{}, - Experiments: initExperiments(options.Logger, options.DeploymentConfig.Experiments.Value, options.DeploymentConfig.Experimental.Value), + Experiments: experiments, } if options.UpdateCheckOptions != nil { api.updateChecker = updatecheck.New( diff --git a/coderd/coderdtest/coderdtest.go b/coderd/coderdtest/coderdtest.go index cf28f4d2492d9..5bc1012366333 100644 --- a/coderd/coderdtest/coderdtest.go +++ b/coderd/coderdtest/coderdtest.go @@ -21,6 +21,7 @@ import ( "net/http" "net/http/httptest" "net/url" + "os" "regexp" "strconv" "strings" @@ -176,6 +177,14 @@ func NewOptions(t *testing.T, options *Options) (func(http.Handler), context.Can if options.Database == nil { options.Database, options.Pubsub = dbtestutil.NewDB(t) } + // TODO: remove this once we're ready to enable authz querier by default. + if strings.Contains(os.Getenv("CODER_EXPERIMENTS_TEST"), "authz_querier") { + panic("Coming soon!") + // if options.Authorizer != nil { + // options.Authorizer = &RecordingAuthorizer{} + // } + // options.Database = authzquery.NewAuthzQuerier(options.Database, options.Authorizer) + } if options.DeploymentConfig == nil { options.DeploymentConfig = DeploymentConfig(t) } diff --git a/codersdk/experiments.go b/codersdk/experiments.go index ecd963ef901cf..1412f375e3998 100644 --- a/codersdk/experiments.go +++ b/codersdk/experiments.go @@ -9,8 +9,12 @@ import ( type Experiment string const ( -// Add new experiments here! -// ExperimentExample Experiment = "example" + // ExperimentAuthzQuerier is an internal experiment that enables the ExperimentAuthzQuerier + // interface for all RBAC operations. NOT READY FOR PRODUCTION USE. + ExperimentAuthzQuerier Experiment = "authz_querier" + + // Add new experiments here! + // ExperimentExample Experiment = "example" ) var ( diff --git a/docs/api/general.md b/docs/api/general.md index 58ac05f3fd8e5..cdfbcd77caf9c 100644 --- a/docs/api/general.md +++ b/docs/api/general.md @@ -1072,17 +1072,23 @@ curl -X GET http://coder-server:8080/api/v2/experiments \ > 200 Response ```json -["string"] +["authz_querier"] ``` ### Responses -| Status | Meaning | Description | Schema | -| ------ | ------------------------------------------------------- | ----------- | --------------- | -| 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | OK | array of string | +| Status | Meaning | Description | Schema | +| ------ | ------------------------------------------------------- | ----------- | ------------------------------------------------------------- | +| 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | OK | array of [codersdk.Experiment](schemas.md#codersdkexperiment) |

Response Schema

+Status Code **200** + +| Name | Type | Required | Restrictions | Description | +| -------------- | ----- | -------- | ------------ | ----------- | +| `[array item]` | array | false | | | + To perform this operation, you must be authenticated. [Learn more](authentication.md). ## Update check diff --git a/docs/api/schemas.md b/docs/api/schemas.md index 48694c49322e1..76a5d1783e6df 100644 --- a/docs/api/schemas.md +++ b/docs/api/schemas.md @@ -2439,6 +2439,20 @@ CreateParameterRequest is a structure used to create a new parameter value for a | `trial` | boolean | false | | | | `warnings` | array of string | false | | | +## codersdk.Experiment + +```json +"authz_querier" +``` + +### Properties + +#### Enumerated Values + +| Value | +| --------------- | +| `authz_querier` | + ## codersdk.Feature ```json diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index c8f5b66483091..418f14cd8d23c 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -1097,8 +1097,8 @@ export const Entitlements: Entitlement[] = [ ] // From codersdk/experiments.go -export type Experiment = never -export const Experiments: Experiment[] = [] +export type Experiment = "authz_querier" +export const Experiments: Experiment[] = ["authz_querier"] // From codersdk/features.go export type FeatureName =