Skip to content

feat: add allow list to API keys#19972

Merged
ThomasK33 merged 1 commit into
mainfrom
thomask33/09-25-resource_scoped_api_keys_in_codersdk
Oct 24, 2025
Merged

feat: add allow list to API keys#19972
ThomasK33 merged 1 commit into
mainfrom
thomask33/09-25-resource_scoped_api_keys_in_codersdk

Conversation

@ThomasK33
Copy link
Copy Markdown
Member

@ThomasK33 ThomasK33 commented Sep 25, 2025
edited
Loading

Add API key allow list to the SDK

This PR adds an allow list to API keys in the SDK. The allow list is a list of targets that the API key is allowed to access. If the allow list is empty, a default allow list with a single entry that allows access to all resources is created.

The changes include:

  • Adding a default allow list when generating an API key if none is provided
  • Adding allow list to the API key response in the SDK
  • Converting database allow list entries to SDK format in the API response
  • Adding tests to verify the default allow list behavior

Fixes #19854

This was referenced Sep 25, 2025
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@ThomasK33 Graphite App
Copy link
Copy Markdown
Member Author

ThomasK33 commented Sep 25, 2025
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@ThomasK33 ThomasK33 mentioned this pull request Sep 25, 2025
Merged
@ThomasK33 ThomasK33 linked an issue Sep 25, 2025 that may be closed by this pull request
SDK (Go): codersdk types for scopes[] + allow_list[] #19854
Closed
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch from 05cdebd to 5442fcd Compare September 25, 2025 21:20
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch from 1fea0d8 to 8013625 Compare September 26, 2025 07:45
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch 2 times, most recently from da32dec to f2fbea4 Compare September 26, 2025 08:25
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch from 8013625 to 4382587 Compare September 26, 2025 08:25
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch from f2fbea4 to 847f52e Compare September 26, 2025 09:31
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch from 4382587 to fb2440e Compare September 26, 2025 10:16
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch from 847f52e to 1361b86 Compare September 26, 2025 10:17
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch from fb2440e to ce693c0 Compare September 26, 2025 10:20
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch from 1361b86 to 581bc52 Compare September 26, 2025 10:20
@ThomasK33 ThomasK33 marked this pull request as ready for review September 26, 2025 11:24
@ThomasK33 ThomasK33 requested a review from Emyrk September 26, 2025 11:24
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch from 581bc52 to 6d17ef1 Compare September 26, 2025 12:24
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch from ce693c0 to f1a4e56 Compare September 26, 2025 12:24
@ThomasK33 ThomasK33 mentioned this pull request Sep 26, 2025
Closed
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch from f1a4e56 to a591e0a Compare September 26, 2025 14:00
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch from 6d17ef1 to 6fa5fe1 Compare September 26, 2025 14:00
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch 2 times, most recently from 5dd3400 to 5a6e8cc Compare October 3, 2025 17:59
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch from d38ed5b to 5cb53f7 Compare October 3, 2025 17:59
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch from 5a6e8cc to 73a65fa Compare October 6, 2025 09:42
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch from 5cb53f7 to 6248fff Compare October 6, 2025 09:42
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch 2 times, most recently from 7d422aa to d590c1d Compare October 6, 2025 10:09
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch from 6248fff to 67ed32b Compare October 6, 2025 10:09
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch from d590c1d to 49af2b4 Compare October 6, 2025 10:35
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch 2 times, most recently from 4beef99 to 86f7de9 Compare October 6, 2025 11:18
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch from 49af2b4 to fa53285 Compare October 6, 2025 11:57
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch from 86f7de9 to 854efb0 Compare October 6, 2025 11:57
@Emyrk Emyrk self-assigned this Oct 6, 2025
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch from fa53285 to d7df2aa Compare October 6, 2025 21:16
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-resource_scoped_api_keys_in_codersdk branch 2 times, most recently from 87fb51c to 3bdb267 Compare October 6, 2025 21:40
Emyrk
Emyrk reviewed Oct 7, 2025
View reviewed changes
Comment thread coderd/database/db2sdk/db2sdk.go
Comment thread coderd/users.go Outdated
@ThomasK33 ThomasK33 force-pushed the thomask33/09-25-feat_add_allow_list_field_api_keys branch from d7df2aa to a1346f5 Compare October 7, 2025 16:38
Emyrk
Emyrk requested changes Oct 9, 2025
View reviewed changes
Comment thread coderd/users.go Outdated
Emyrk
Emyrk approved these changes Oct 9, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@Emyrk Emyrk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will not block on the panic 👍

Comment thread coderd/users.go Outdated
This was referenced Oct 9, 2025
Closed
Closed
Emyrk
Emyrk reviewed Oct 15, 2025
View reviewed changes
Comment thread coderd/apikey/apikey.go Outdated
Comment thread coderd/users.go Outdated
Emyrk
Emyrk requested changes Oct 17, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@Emyrk Emyrk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just the panic stuff left

@ThomasK33 ThomasK33 mentioned this pull request Oct 22, 2025
Closed
Emyrk
Emyrk reviewed Oct 23, 2025
View reviewed changes
Comment thread coderd/provisionerdserver/provisionerdserver_test.go Outdated
@ThomasK33
feat: add allow_list field to API key responses for resource scoping
42451c1 
Add allow_list field to API key data structures and ensure proper
JSON serialization across backend and frontend. Initialize with 
default wildcard entry (*:*) for backward compatibility with
existing API keys that don't have explicit resource restrictions.

Fixes #19854
@ThomasK33 ThomasK33 mentioned this pull request Oct 23, 2025
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@johnstcn johnstcn johnstcn left review comments

@Emyrk Emyrk Emyrk approved these changes

Assignees

@ThomasK33 ThomasK33

@Emyrk Emyrk

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SDK (Go): codersdk types for scopes[] + allow_list[]

3 participants

@ThomasK33 @johnstcn @Emyrk