Documentation ¶
Index ¶
- func AuthorizeFilter[O rbac.Objecter](h *HTTPAuthorizer, r *http.Request, action rbac.Action, objects []O) ([]O, error)
- func ConvertProvisionerJobStatus(provisionerJob database.ProvisionerJob) codersdk.ProvisionerJobStatus
- type API
- func (api *API) Authorize(r *http.Request, action rbac.Action, object rbac.Objecter) bool
- func (api *API) Close() error
- func (api *API) CreateUser(ctx context.Context, store database.Store, req CreateUserRequest) (database.User, uuid.UUID, error)
- func (api *API) ListenProvisionerDaemon(ctx context.Context) (client proto.DRPCProvisionerDaemonClient, err error)
- type AutoImportTemplate
- type CreateUserRequest
- type GithubOAuth2Config
- type GithubOAuth2Team
- type HTTPAuthorizer
- type OIDCConfig
- type Options
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthorizeFilter ¶ added in v0.6.0
func AuthorizeFilter[O rbac.Objecter](h *HTTPAuthorizer, r *http.Request, action rbac.Action, objects []O) ([]O, error)
AuthorizeFilter takes a list of objects and returns the filtered list of objects that the user is authorized to perform the given action on. This is faster than calling Authorize() on each object.
func ConvertProvisionerJobStatus ¶ added in v0.8.3
func ConvertProvisionerJobStatus(provisionerJob database.ProvisionerJob) codersdk.ProvisionerJobStatus
Types ¶
type API ¶ added in v0.6.1
type API struct { *Options Auditor atomic.Pointer[audit.Auditor] WorkspaceClientCoordinateOverride atomic.Pointer[func(rw http.ResponseWriter) bool] WorkspaceQuotaEnforcer atomic.Pointer[workspacequota.Enforcer] HTTPAuth *HTTPAuthorizer // APIHandler serves "/api/v2" APIHandler chi.Router // RootHandler serves "/" RootHandler chi.Router // contains filtered or unexported fields }
func (*API) Authorize ¶ added in v0.6.1
Authorize will return false if the user is not authorized to do the action. This function will log appropriately, but the caller must return an error to the api client. Eg:
if !api.Authorize(...) { httpapi.Forbidden(rw) return }
func (*API) Close ¶ added in v0.6.1
Close waits for all WebSocket connections to drain before returning.
func (*API) CreateUser ¶ added in v0.9.0
func (*API) ListenProvisionerDaemon ¶ added in v0.6.1
func (api *API) ListenProvisionerDaemon(ctx context.Context) (client proto.DRPCProvisionerDaemonClient, err error)
ListenProvisionerDaemon is an in-memory connection to a provisionerd. Useful when starting coderd and provisionerd in the same process.
type AutoImportTemplate ¶ added in v0.8.7
type AutoImportTemplate string
Auto-importable templates. These can be auto-imported after the first user has been created.
const (
AutoImportTemplateKubernetes AutoImportTemplate = "kubernetes"
)
type CreateUserRequest ¶ added in v0.9.0
type CreateUserRequest struct { codersdk.CreateUserRequest LoginType database.LoginType }
type GithubOAuth2Config ¶ added in v0.4.4
type GithubOAuth2Config struct { httpmw.OAuth2Config AuthenticatedUser func(ctx context.Context, client *http.Client) (*github.User, error) ListEmails func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) ListOrganizationMemberships func(ctx context.Context, client *http.Client) ([]*github.Membership, error) TeamMembership func(ctx context.Context, client *http.Client, org, team, username string) (*github.Membership, error) AllowSignups bool AllowOrganizations []string AllowTeams []GithubOAuth2Team }
GithubOAuth2Provider exposes required functions for the Github authentication flow.
type GithubOAuth2Team ¶ added in v0.7.8
GithubOAuth2Team represents a team scoped to an organization.
type HTTPAuthorizer ¶ added in v0.8.7
type HTTPAuthorizer struct { Authorizer rbac.Authorizer Logger slog.Logger }
func (*HTTPAuthorizer) Authorize ¶ added in v0.8.7
Authorize will return false if the user is not authorized to do the action. This function will log appropriately, but the caller must return an error to the api client. Eg:
if !h.Authorize(...) { httpapi.Forbidden(rw) return }
func (*HTTPAuthorizer) AuthorizeSQLFilter ¶ added in v0.9.3
func (h *HTTPAuthorizer) AuthorizeSQLFilter(r *http.Request, action rbac.Action, objectType string) (rbac.AuthorizeFilter, error)
AuthorizeSQLFilter returns an authorization filter that can used in a SQL 'WHERE' clause. If the filter is used, the resulting rows returned from postgres are already authorized, and the caller does not need to call 'Authorize()' on the returned objects. Note the authorization is only for the given action and object type.
type OIDCConfig ¶ added in v0.8.2
type OIDCConfig struct { httpmw.OAuth2Config Verifier *oidc.IDTokenVerifier // EmailDomain is the domain to enforce when a user authenticates. EmailDomain string AllowSignups bool }
type Options ¶
type Options struct { AccessURL *url.URL // AppHostname should be the wildcard hostname to use for workspace // applications without the asterisk or leading dot. E.g. "apps.coder.com". AppHostname string Logger slog.Logger Database database.Store Pubsub database.Pubsub // CacheDir is used for caching files served by the API. CacheDir string Auditor audit.Auditor WorkspaceQuotaEnforcer workspacequota.Enforcer AgentConnectionUpdateFrequency time.Duration AgentInactiveDisconnectTimeout time.Duration // APIRateLimit is the minutely throughput rate limit per user or ip. // Setting a rate limit <0 will disable the rate limiter across the entire // app. Specific routes may have their own limiters. APIRateLimit int AWSCertificates awsidentity.Certificates Authorizer rbac.Authorizer AzureCertificates x509.VerifyOptions GoogleTokenValidator *idtoken.Validator GithubOAuth2Config *GithubOAuth2Config OIDCConfig *OIDCConfig PrometheusRegistry *prometheus.Registry SecureAuthCookie bool SSHKeygenAlgorithm gitsshkey.Algorithm Telemetry telemetry.Reporter TracerProvider trace.TracerProvider AutoImportTemplates []AutoImportTemplate TailnetCoordinator *tailnet.Coordinator DERPMap *tailcfg.DERPMap MetricsCacheRefreshInterval time.Duration AgentStatsRefreshInterval time.Duration Experimental bool }
Options are requires parameters for Coder to start.
Source Files ¶
- activitybump.go
- audit.go
- authorize.go
- coderd.go
- csp.go
- files.go
- gitsshkey.go
- members.go
- organizations.go
- pagination.go
- parameters.go
- provisionerdaemons.go
- provisionerjobs.go
- roles.go
- templates.go
- templateversions.go
- userauth.go
- users.go
- workspaceagents.go
- workspaceapps.go
- workspacebuilds.go
- workspaceresourceauth.go
- workspaces.go
Directories ¶
Path | Synopsis |
---|---|
autobuild
|
|
schedule
package schedule provides utilities for parsing and deserializing cron-style expressions.
|
package schedule provides utilities for parsing and deserializing cron-style expressions. |
Package database connects to external services for stateful storage.
|
Package database connects to external services for stateful storage. |
util
|
|
ptr
Package ptr contains some utility methods related to pointers.
|
Package ptr contains some utility methods related to pointers. |
tz
Package tz includes utilities for cross-platform timezone/location detection.
|
Package tz includes utilities for cross-platform timezone/location detection. |
Package wsconncache caches workspace agent connections by UUID.
|
Package wsconncache caches workspace agent connections by UUID. |