New constructs an Enterprise coderd API instance. This handler is designed to wrap the AGPL Coder code and layer Enterprise functionality on top as much as possible.
(ctx context.Context, options *Options)
| 70 | // This handler is designed to wrap the AGPL Coder code and |
| 71 | // layer Enterprise functionality on top as much as possible. |
| 72 | func New(ctx context.Context, options *Options) (_ *API, err error) { |
| 73 | if options.EntitlementsUpdateInterval == 0 { |
| 74 | options.EntitlementsUpdateInterval = 10 * time.Minute |
| 75 | } |
| 76 | if options.LicenseKeys == nil { |
| 77 | options.LicenseKeys = Keys |
| 78 | } |
| 79 | if options.Options == nil { |
| 80 | options.Options = &coderd.Options{} |
| 81 | } |
| 82 | if options.PrometheusRegistry == nil { |
| 83 | options.PrometheusRegistry = prometheus.NewRegistry() |
| 84 | } |
| 85 | if options.Options.Authorizer == nil { |
| 86 | options.Options.Authorizer = rbac.NewCachingAuthorizer(options.PrometheusRegistry) |
| 87 | if buildinfo.IsDev() { |
| 88 | options.Authorizer = rbac.Recorder(options.Authorizer) |
| 89 | } |
| 90 | } |
| 91 | if options.ReplicaErrorGracePeriod == 0 { |
| 92 | // This will prevent the error from being shown for a minute |
| 93 | // from when an additional replica was started. |
| 94 | options.ReplicaErrorGracePeriod = time.Minute |
| 95 | } |
| 96 | if options.Entitlements == nil { |
| 97 | options.Entitlements = entitlements.New() |
| 98 | } |
| 99 | if options.Options.UsageInserter == nil { |
| 100 | options.Options.UsageInserter = &atomic.Pointer[agplusage.Inserter]{} |
| 101 | } |
| 102 | if options.Options.UsageInserter.Load() == nil { |
| 103 | collector := usage.NewDBInserter() |
| 104 | options.Options.UsageInserter.Store(&collector) |
| 105 | } |
| 106 | |
| 107 | ctx, cancelFunc := context.WithCancel(ctx) |
| 108 | defer func() { |
| 109 | if err != nil { |
| 110 | cancelFunc() |
| 111 | } |
| 112 | }() |
| 113 | |
| 114 | if options.ExternalTokenEncryption == nil { |
| 115 | options.ExternalTokenEncryption = make([]dbcrypt.Cipher, 0) |
| 116 | } |
| 117 | // Database encryption is an enterprise feature, but as checking license entitlements |
| 118 | // depends on the database, we end up in a chicken-and-egg situation. To avoid this, |
| 119 | // we always enable it but only soft-enforce it. |
| 120 | if len(options.ExternalTokenEncryption) > 0 { |
| 121 | var keyDigests []string |
| 122 | for _, cipher := range options.ExternalTokenEncryption { |
| 123 | keyDigests = append(keyDigests, cipher.HexDigest()) |
| 124 | } |
| 125 | options.Logger.Info(ctx, "database encryption enabled", slog.F("keys", keyDigests)) |
| 126 | } |
| 127 | |
| 128 | cryptDB, err := dbcrypt.New(ctx, options.Database, options.ExternalTokenEncryption...) |
| 129 | if err != nil { |
no test coverage detected