coderd

package
v0.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2022 License: AGPL-3.0 Imports: 85 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuthorizeFilter added in v0.6.0 

func AuthorizeFilter[O rbac.Objecter](h *HTTPAuthorizer, r *http.Request, action rbac.Action, objects []O) ([]O, error)

AuthorizeFilter takes a list of objects and returns the filtered list of objects that the user is authorized to perform the given action on. This is faster than calling Authorize() on each object.

func ConvertProvisionerJobStatus added in v0.8.3 

func ConvertProvisionerJobStatus(provisionerJob database.ProvisionerJob) codersdk.ProvisionerJobStatus

Types

type API added in v0.6.1 

type API struct {
	*Options
	Auditor                           atomic.Pointer[audit.Auditor]
	WorkspaceClientCoordinateOverride atomic.Pointer[func(rw http.ResponseWriter) bool]
	WorkspaceQuotaEnforcer            atomic.Pointer[workspacequota.Enforcer]
	TailnetCoordinator                atomic.Pointer[tailnet.Coordinator]
	HTTPAuth                          *HTTPAuthorizer

	// APIHandler serves "/api/v2"
	APIHandler chi.Router
	// RootHandler serves "/"
	RootHandler chi.Router
	// contains filtered or unexported fields
}

func New 

func New(options *Options) *API

New constructs a Coder API handler.

func (*API) Authorize added in v0.6.1 

func (api *API) Authorize(r *http.Request, action rbac.Action, object rbac.Objecter) bool

Authorize will return false if the user is not authorized to do the action. This function will log appropriately, but the caller must return an error to the api client. Eg: 

if !api.Authorize(...) {
	httpapi.Forbidden(rw)
	return
}

func (*API) Close added in v0.6.1 

func (api *API) Close() error

Close waits for all WebSocket connections to drain before returning.

func (*API) CreateUser added in v0.9.0 

func (api *API) CreateUser(ctx context.Context, store database.Store, req CreateUserRequest) (database.User, uuid.UUID, error)

func (*API) ListenProvisionerDaemon added in v0.6.1 

func (api *API) ListenProvisionerDaemon(ctx context.Context) (client proto.DRPCProvisionerDaemonClient, err error)

ListenProvisionerDaemon is an in-memory connection to a provisionerd. Useful when starting coderd and provisionerd in the same process.

type AutoImportTemplate added in v0.8.7 

type AutoImportTemplate string

Auto-importable templates. These can be auto-imported after the first user has been created. 

const (
	AutoImportTemplateKubernetes AutoImportTemplate = "kubernetes"
)

type CreateUserRequest added in v0.9.0 

type CreateUserRequest struct {
	codersdk.CreateUserRequest
	LoginType database.LoginType
}

type GithubOAuth2Config added in v0.4.4 

type GithubOAuth2Config struct {
	httpmw.OAuth2Config
	AuthenticatedUser           func(ctx context.Context, client *http.Client) (*github.User, error)
	ListEmails                  func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error)
	ListOrganizationMemberships func(ctx context.Context, client *http.Client) ([]*github.Membership, error)
	TeamMembership              func(ctx context.Context, client *http.Client, org, team, username string) (*github.Membership, error)

	AllowSignups       bool
	AllowOrganizations []string
	AllowTeams         []GithubOAuth2Team
}

GithubOAuth2Provider exposes required functions for the Github authentication flow.

type GithubOAuth2Team added in v0.7.8 

type GithubOAuth2Team struct {
	Organization string
	Slug         string
}

GithubOAuth2Team represents a team scoped to an organization.

type HTTPAuthorizer added in v0.8.7 

type HTTPAuthorizer struct {
	Authorizer rbac.Authorizer
	Logger     slog.Logger
}

func (*HTTPAuthorizer) Authorize added in v0.8.7 

func (h *HTTPAuthorizer) Authorize(r *http.Request, action rbac.Action, object rbac.Objecter) bool

Authorize will return false if the user is not authorized to do the action. This function will log appropriately, but the caller must return an error to the api client. Eg: 

if !h.Authorize(...) {
	httpapi.Forbidden(rw)
	return
}

func (*HTTPAuthorizer) AuthorizeSQLFilter added in v0.9.3 

func (h *HTTPAuthorizer) AuthorizeSQLFilter(r *http.Request, action rbac.Action, objectType string) (rbac.AuthorizeFilter, error)

AuthorizeSQLFilter returns an authorization filter that can used in a SQL 'WHERE' clause. If the filter is used, the resulting rows returned from postgres are already authorized, and the caller does not need to call 'Authorize()' on the returned objects. Note the authorization is only for the given action and object type.

type OIDCConfig added in v0.8.2 

type OIDCConfig struct {
	httpmw.OAuth2Config

	Verifier *oidc.IDTokenVerifier
	// EmailDomain is the domain to enforce when a user authenticates.
	EmailDomain  string
	AllowSignups bool
}

type Options 

type Options struct {
	AccessURL *url.URL
	// AppHostname should be the wildcard hostname to use for workspace
	// applications INCLUDING the asterisk, (optional) suffix and leading dot.
	// E.g. "*.apps.coder.com" or "*-apps.coder.com".
	AppHostname string
	// AppHostnameRegex contains the regex version of options.AppHostname as
	// generated by httpapi.CompileHostnamePattern(). It MUST be set if
	// options.AppHostname is set.
	AppHostnameRegex *regexp.Regexp
	Logger           slog.Logger
	Database         database.Store
	Pubsub           database.Pubsub

	// CacheDir is used for caching files served by the API.
	CacheDir string

	Auditor                        audit.Auditor
	WorkspaceQuotaEnforcer         workspacequota.Enforcer
	AgentConnectionUpdateFrequency time.Duration
	AgentInactiveDisconnectTimeout time.Duration
	// APIRateLimit is the minutely throughput rate limit per user or ip.
	// Setting a rate limit <0 will disable the rate limiter across the entire
	// app. Specific routes may have their own limiters.
	APIRateLimit         int
	AWSCertificates      awsidentity.Certificates
	Authorizer           rbac.Authorizer
	AzureCertificates    x509.VerifyOptions
	GoogleTokenValidator *idtoken.Validator
	GithubOAuth2Config   *GithubOAuth2Config
	OIDCConfig           *OIDCConfig
	PrometheusRegistry   *prometheus.Registry
	SecureAuthCookie     bool
	SSHKeygenAlgorithm   gitsshkey.Algorithm
	Telemetry            telemetry.Reporter
	TracerProvider       trace.TracerProvider
	AutoImportTemplates  []AutoImportTemplate

	// TLSCertificates is used to mesh DERP servers securely.
	TLSCertificates    []tls.Certificate
	TailnetCoordinator tailnet.Coordinator
	DERPServer         *derp.Server
	DERPMap            *tailcfg.DERPMap

	MetricsCacheRefreshInterval time.Duration
	AgentStatsRefreshInterval   time.Duration
	Experimental                bool
	DeploymentFlags             *codersdk.DeploymentFlags
}

Options are requires parameters for Coder to start.

Source Files

View all Source files

Directories

Path Synopsis
autobuild
executor
notify
schedule
package schedule provides utilities for parsing and deserializing cron-style expressions.
 package schedule provides utilities for parsing and deserializing cron-style expressions.
Package database connects to external services for stateful storage.
 Package database connects to external services for stateful storage.
databasefake
dbtestutil
gen/dump
gen/enum
migrations
postgres
util
ptr
Package ptr contains some utility methods related to pointers.
 Package ptr contains some utility methods related to pointers.
slice
tz
Package tz includes utilities for cross-platform timezone/location detection.
 Package tz includes utilities for cross-platform timezone/location detection.
Package wsconncache caches workspace agent connections by UUID.
 Package wsconncache caches workspace agent connections by UUID.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.