chore: implement coder owner state

Starting with just groups

Author: Emyrk

cli/root.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/coder/preview"
 	"github.com/coder/preview/cli/clidisplay"
+	"github.com/coder/preview/types"
 	"github.com/coder/serpent"
 )
 
@@ -21,6 +22,7 @@ func (r *RootCmd) Root() *serpent.Command {
 	var (
 		dir      string
 		vars     []string
+		groups   []string
 		planJSON string
 	)
 	cmd := &serpent.Command{
@@ -48,9 +50,17 @@ func (r *RootCmd) Root() *serpent.Command {
 				Description:   "Variables.",
 				Flag:          "vars",
 				FlagShorthand: "v",
-				Default:       ".",
+				Default:       "",
 				Value:         serpent.StringArrayOf(&vars),
 			},
+			{
+				Name:          "groups",
+				Description:   "Groups.",
+				Flag:          "groups",
+				FlagShorthand: "g",
+				Default:       "",
+				Value:         serpent.StringArrayOf(&groups),
+			},
 		},
 		Handler: func(i *serpent.Invocation) error {
 			dfs := os.DirFS(dir)
@@ -65,8 +75,11 @@ func (r *RootCmd) Root() *serpent.Command {
 			}
 
 			input := preview.Input{
-				ParameterValues: rvars,
 				PlanJSONPath:    planJSON,
+				ParameterValues: rvars,
+				Owner: types.WorkspaceOwner{
+					Groups: groups,
+				},
 			}
 
 			ctx := i.Context()

owner.go

@@ -0,0 +1,35 @@
+package preview
+
+import (
+	"io/fs"
+
+	"github.com/aquasecurity/trivy/pkg/iac/terraform"
+	tfcontext "github.com/aquasecurity/trivy/pkg/iac/terraform/context"
+	"github.com/zclconf/go-cty/cty"
+	"github.com/zclconf/go-cty/cty/gocty"
+	"golang.org/x/xerrors"
+)
+
+func WorkspaceOwnerHook(dfs fs.FS, input Input) (func(ctx *tfcontext.Context, blocks terraform.Blocks, inputVars map[string]cty.Value), error) {
+	if input.Owner.Groups == nil {
+		input.Owner.Groups = []string{}
+	}
+	ownerGroups, err := gocty.ToCtyValue(input.Owner.Groups, cty.List(cty.String))
+	if err != nil {
+		return nil, xerrors.Errorf("converting owner groups: %w", err)
+	}
+
+	ownerValue := cty.ObjectVal(map[string]cty.Value{
+		"groups": ownerGroups,
+	})
+
+	return func(ctx *tfcontext.Context, blocks terraform.Blocks, inputVars map[string]cty.Value) {
+		for _, block := range blocks.OfType("data") {
+			// TODO: Does it have to be me?
+			if block.TypeLabel() == "coder_workspace_owner" && block.NameLabel() == "me" {
+				block.Context().Parent().Set(ownerValue,
+					"data", block.TypeLabel(), block.NameLabel())
+			}
+		}
+	}, nil
+}

preview.go

@@ -4,9 +4,12 @@ import (
 	"context"
 	"fmt"
 	"io/fs"
+	"log/slog"
+	"os"
 	"path/filepath"
 
 	"github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser"
+	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/hashicorp/hcl/v2"
 
 	"github.com/coder/preview/types"
@@ -15,6 +18,7 @@ import (
 type Input struct {
 	PlanJSONPath    string
 	ParameterValues map[string]string
+	Owner           types.WorkspaceOwner
 }
 
 type Output struct {
@@ -24,6 +28,10 @@ type Output struct {
 }
 
 func Preview(ctx context.Context, input Input, dir fs.FS) (*Output, hcl.Diagnostics) {
+	// TODO: FIX LOGGING
+	slog.SetLogLoggerLevel(slog.LevelDebug)
+	slog.SetDefault(slog.New(log.NewHandler(os.Stderr, nil)))
+
 	varFiles, err := tfVarFiles("", dir)
 	if err != nil {
 		return nil, hcl.Diagnostics{
@@ -45,12 +53,27 @@ func Preview(ctx context.Context, input Input, dir fs.FS) (*Output, hcl.Diagnost
 			},
 		}
 	}
+
+	ownerHook, err := WorkspaceOwnerHook(dir, input)
+	if err != nil {
+		return nil, hcl.Diagnostics{
+			{
+				Severity: hcl.DiagError,
+				Summary:  "Workspace owner hook",
+				Detail:   err.Error(),
+			},
+		}
+	}
+	var _ = ownerHook
+
 	// moduleSource is "" for a local module
 	p := parser.New(dir, "",
+		parser.OptionStopOnHCLError(true),
 		parser.OptionWithDownloads(false),
 		parser.OptionWithTFVarsPaths(varFiles...),
 		parser.OptionWithEvalHook(planHook),
 		parser.OptionWithEvalHook(ParameterContextsEvalHook(input)),
+		parser.OptionWithEvalHook(ownerHook),
 		parser.OptionWithSkipCachedModules(true),
 	)
 

preview_test.go

@@ -192,6 +192,45 @@ func Test_Extract(t *testing.T) {
 			name: "not-exists",
 			dir:  "not-existing-directory",
 		},
+		{
+			name:    "groups",
+			dir:     "groups",
+			expTags: map[string]string{},
+			input: preview.Input{
+				PlanJSONPath:    "",
+				ParameterValues: map[string]string{},
+				Owner: types.WorkspaceOwner{
+					Groups: []string{"developer", "manager", "admin"},
+				},
+			},
+			expUnknowns: []string{},
+			params: map[string]func(t *testing.T, parameter types.Parameter){
+				"Groups": ap[cty.Value]().
+					options("developer", "manager", "admin").
+					f(),
+			},
+		},
+		{
+			name:    "ambigious",
+			dir:     "ambigious",
+			expTags: map[string]string{},
+			input: preview.Input{
+				PlanJSONPath:    "",
+				ParameterValues: map[string]string{},
+				Owner: types.WorkspaceOwner{
+					Groups: []string{"developer", "manager", "admin"},
+				},
+			},
+			expUnknowns: []string{},
+			params: map[string]func(t *testing.T, parameter types.Parameter){
+				"IsAdmin": ap[cty.Value]().
+					value(cty.StringVal("true")).
+					f(),
+				"IsAdmin_Root": ap[cty.Value]().
+					value(cty.StringVal("true")).
+					f(),
+			},
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()

testdata/ambigious/main.tf

@@ -0,0 +1,35 @@
+terraform {
+  required_providers {
+    coder = {
+      source = "coder/coder"
+    }
+  }
+}
+
+data coder_workspace_owner "me" {}
+
+module "decisions" {
+  source = "./modules/decisions"
+}
+
+data "coder_parameter" "example" {
+  count       =  module.decisions.isAdmin ? 1 : 0
+  name        = "IsAdmin"
+  type        = "bool"
+  default     =  module.decisions.isAdmin
+}
+
+data "coder_parameter" "example_root" {
+  count       =  contains(data.coder_workspace_owner.me.groups, "admin") ? 1 : 0
+  name        = "IsAdmin_Root"
+  type        = "bool"
+  default     =  contains(data.coder_workspace_owner.me.groups, "admin")
+}
+
+output "groups" {
+  value = module.decisions.groups
+}
+
+output "isAdmin" {
+  value = module.decisions.isAdmin
+}

testdata/ambigious/modules/decisions/main.tf

@@ -0,0 +1,17 @@
+terraform {
+  required_providers {
+    coder = {
+      source = "coder/coder"
+    }
+  }
+}
+
+data coder_workspace_owner "me" {}
+
+output "isAdmin" {
+  value = contains(data.coder_workspace_owner.me.groups, "admin")
+}
+
+output "groups" {
+  value = data.coder_workspace_owner.me.groups
+}

testdata/conditional/main.tf

@@ -85,3 +85,5 @@ data "coder_parameter" "favorite" {
     error="too high or low"
   }
 }
+
+

testdata/demo/main.tf

@@ -0,0 +1,71 @@
+// Demo terraform has a complex configuration.
+terraform {
+  required_providers {
+    coder = {
+      source = "coder/coder"
+    }
+  }
+}
+
+
+locals {
+  fe_codes = ["PS", "WS"]
+  be_codes = ["CL", "GO", "IU", "PY"]
+  teams = {
+    "frontend" = {
+        "display_name" = "Frontend",
+        "codes" = local.fe_codes,
+        "description" = "The team that works on the frontend.",
+        "icon" = "/icon/desktop.svg"
+    },
+    "backend" = {
+        "display_name" = "Backend",
+        "codes" = local.be_codes,
+        "description" = "The team that works on the backend.",
+        "icon" = "/emojis/2699.png",
+    },
+    "fullstack" = {
+        "display_name" = "Fullstack",
+        "codes" = concat(local.be_codes, local.fe_codes),
+        "description" = "The team that works on both the frontend and backend.",
+        "icon" = "/emojis/1f916.png",
+    }
+  }
+}
+
+data "coder_parameter" "team" {
+    name        = "Team"
+    description = "Which team are you on?"
+    type        = "string"
+    default     = "fullstack"
+    order       = 1
+
+    dynamic "option" {
+        for_each = local.teams
+        content {
+            name  = option.value.display_name
+            value = option.key
+            description = option.value.description
+            icon = option.value.icon
+        }
+    }
+
+    validation {
+        regex = "^frontend|backend|fullstack$"
+        error = "You must select either frontend, backend, or fullstack."
+    }
+}
+
+module "jetbrains_gateway" {
+  count          = 1
+  source         = "registry.coder.com/modules/jetbrains-gateway/coder"
+  version        = "1.0.28"
+  agent_id       = "random"
+  folder         = "/home/coder/example"
+  jetbrains_ides = local.teams[data.coder_parameter.team.value].codes
+  default        = local.teams[data.coder_parameter.team.value].codes[0]
+}
+
+module "base" {
+  source = "./modules/base"
+}

testdata/demo/modules/base/base.tf

@@ -0,0 +1,52 @@
+terraform {
+  required_providers {
+    coder = {
+      source = "coder/coder"
+    }
+  }
+}
+
+locals {
+  // default to the only option if only 1 exists
+  choose_security = length(keys(module.deploys.security_levels)) > 1
+  secutity_level = local.choose_security ? data.coder_parameter.security_level[0].value : keys(module.deploys.security_levels)[0]
+}
+
+module "deploys" {
+  // Where we deploy the workspace to
+  source = "../deploys"
+  security = local.secutity_level
+}
+
+data "coder_parameter" "security_level" {
+    count       = local.choose_security ? 1 : 0
+    name        = "Security Level"
+    description = "What security level do you need?"
+    type        = "string"
+    default     = "high"
+    order       = 1
+
+
+    dynamic "option" {
+        for_each = module.deploys.security_levels
+        content {
+          name  = option.value.display_name
+          value = option.key
+          description = option.value.description
+        }
+    }
+
+    # validation {
+    #   regex = "^high|medium|low$"
+    #   error = "You must select either high, medium, or low."
+    # }
+}
+
+// TODO: REMOVE THIS
+data "coder_parameter" "test" {
+  name       = "Test"
+  description = "Test"
+  type        = "string"
+  default = tostring(local.choose_security ? 1 : 0)
+}
+