Skip to content

Commit a660292

Browse files
feat: basic implementation of secrets feature
1 parent 935bd34 commit a660292

File tree

12 files changed

+171
-0
lines changed

12 files changed

+171
-0
lines changed

coderd/database/dbauthz/dbauthz.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3871,6 +3871,10 @@ func (q *querier) InsertUserLink(ctx context.Context, arg database.InsertUserLin
38713871
return q.db.InsertUserLink(ctx, arg)
38723872
}
38733873

3874+
func (q *querier) InsertUserSecret(ctx context.Context, arg database.InsertUserSecretParams) (database.UserSecret, error) {
3875+
panic("not implemented")
3876+
}
3877+
38743878
func (q *querier) InsertVolumeResourceMonitor(ctx context.Context, arg database.InsertVolumeResourceMonitorParams) (database.WorkspaceAgentVolumeResourceMonitor, error) {
38753879
if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceWorkspaceAgentResourceMonitor); err != nil {
38763880
return database.WorkspaceAgentVolumeResourceMonitor{}, err

coderd/database/dbmem/dbmem.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9710,6 +9710,15 @@ func (q *FakeQuerier) InsertUserLink(_ context.Context, args database.InsertUser
97109710
return link, nil
97119711
}
97129712

9713+
func (q *FakeQuerier) InsertUserSecret(ctx context.Context, arg database.InsertUserSecretParams) (database.UserSecret, error) {
9714+
err := validateDatabaseType(arg)
9715+
if err != nil {
9716+
return database.UserSecret{}, err
9717+
}
9718+
9719+
panic("not implemented")
9720+
}
9721+
97139722
func (q *FakeQuerier) InsertVolumeResourceMonitor(_ context.Context, arg database.InsertVolumeResourceMonitorParams) (database.WorkspaceAgentVolumeResourceMonitor, error) {
97149723
err := validateDatabaseType(arg)
97159724
if err != nil {

coderd/database/dbmetrics/querymetrics.go

Lines changed: 7 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dump.sql

Lines changed: 22 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/foreign_key_constraint.go

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
DROP TABLE user_secrets;
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
-- Stores encrypted user secrets (global, available across all organizations)
2+
CREATE TABLE user_secrets (
3+
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
4+
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
5+
name TEXT NOT NULL,
6+
description TEXT,
7+
8+
-- The encrypted secret value (base64-encoded encrypted data)
9+
value TEXT NOT NULL,
10+
11+
-- The ID of the key used to encrypt the secret value.
12+
-- If this is NULL, the secret value is not encrypted.
13+
value_key_id TEXT REFERENCES dbcrypt_keys(active_key_digest),
14+
15+
-- Timestamps
16+
created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP NOT NULL,
17+
updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP NOT NULL
18+
);
19+
20+
-- Unique constraint: user can't have duplicate secret names
21+
CREATE UNIQUE INDEX user_secrets_user_name_idx ON user_secrets(user_id, name);

coderd/database/models.go

Lines changed: 11 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/querier.go

Lines changed: 8 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries.sql.go

Lines changed: 59 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)