NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit0ca6d4e

committed

feat: add hidden enterprise cmd command to list roles

This includes custom roles, and has a json ouput option formore granular permissions

1 parent92c5dfa commit0ca6d4eCopy full SHA for 0ca6d4e

File tree

27 files changed

+560

-85

lines changed

coderd
- apidoc
  - docs.go
  - swagger.json
- database
  - dbauthz
    - dbauthz.go
    - dbauthz_test.go
  - dbmem
    - dbmem.go
  - dbmetrics
    - dbmetrics.go
  - dbmock
    - dbmock.go
  - dump.sql
  - migrations
    - 000210_custom_role_orgs.down.sql
    - 000210_custom_role_orgs.up.sql
  - models.go
  - querier.go
  - queries
    - roles.sql
  - queries.sql.go
- httpapi
  - name.go
- rbac/rolestore
  - rolestore.go
- roles.go
- roles_test.go
codersdk
- roles.go
docs/api
- members.md
- schemas.md
enterprise
- cli
  - rolescmd.go
  - root.go
- coderd
  - roles.go
  - roles_test.go
site/src
- api
  - typesGenerated.ts
- testHelpers
  - entities.ts

27 files changed

+560

-85

lines changed

`‎coderd/apidoc/docs.go`

Lines changed: 26 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/apidoc/swagger.json`

Lines changed: 26 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -835,11 +835,12 @@ func (q *querier) CleanTailnetTunnels(ctx context.Context) error {`
`835`	`835`	`returnq.db.CleanTailnetTunnels(ctx)`
`836`	`836`	`}`
`837`	`837`
`838`		`-func (q*querier)CustomRolesByName(ctx context.Context,lookupRoles []string) ([]database.CustomRole,error) {`
	`838`	`+// TODO: Handle org scoped lookups`
	`839`	`+func (q*querier)CustomRoles(ctx context.Context,arg database.CustomRolesParams) ([]database.CustomRole,error) {`
`839`	`840`	`iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceAssignRole);err!=nil {`
`840`	`841`	`returnnil,err`
`841`	`842`	`}`
`842`		`-returnq.db.CustomRolesByName(ctx,lookupRoles)`
	`843`	`+returnq.db.CustomRoles(ctx,arg)`
`843`	`844`	`}`
`844`	`845`
`845`	`846`	`func (q*querier)DeleteAPIKeyByID(ctx context.Context,idstring)error {`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1167,8 +1167,8 @@ func (s *MethodTestSuite) TestUser() {`
`1167`	`1167`	`b:=dbgen.User(s.T(),db, database.User{})`
`1168`	`1168`	`check.Args().Asserts(rbac.ResourceSystem,policy.ActionRead).Returns(slice.New(a.ID,b.ID))`
`1169`	`1169`	`}))`
`1170`		`-s.Run("CustomRolesByName",s.Subtest(func(db database.Store,check*expects) {`
`1171`		`-check.Args([]string{}).Asserts(rbac.ResourceAssignRole,policy.ActionRead).Returns([]database.CustomRole{})`
	`1170`	`+s.Run("CustomRoles",s.Subtest(func(db database.Store,check*expects) {`
	`1171`	`+check.Args(database.CustomRolesParams{}).Asserts(rbac.ResourceAssignRole,policy.ActionRead).Returns([]database.CustomRole{})`
`1172`	`1172`	`}))`
`1173`	`1173`	`s.Run("Blank/UpsertCustomRole",s.Subtest(func(db database.Store,check*expects) {`
`1174`	`1174`	`// Blank is no perms in the role`

`‎coderd/database/dbmem/dbmem.go`

Lines changed: 14 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -1174,18 +1174,26 @@ func (*FakeQuerier) CleanTailnetTunnels(context.Context) error {`
`1174`	`1174`	`returnErrUnimplemented`
`1175`	`1175`	`}`
`1176`	`1176`
`1177`		`-func (q*FakeQuerier)CustomRolesByName(_ context.Context,lookupRoles []string) ([]database.CustomRole,error) {`
	`1177`	`+func (q*FakeQuerier)CustomRoles(_ context.Context,arg database.CustomRolesParams) ([]database.CustomRole,error) {`
`1178`	`1178`	`q.mutex.Lock()`
`1179`	`1179`	`deferq.mutex.Unlock()`
`1180`	`1180`
`1181`	`1181`	`found:=make([]database.CustomRole,0)`
`1182`	`1182`	`for_,role:=rangeq.data.customRoles {`
`1183`		`-ifslices.ContainsFunc(lookupRoles,func(sstring)bool {`
`1184`		`-returnstrings.EqualFold(s,role.Name)`
`1185`		`-}) {`
`1186`		`-role:=role`
`1187`		`-found=append(found,role)`
	`1183`	`+iflen(arg.LookupRoles)>0 {`
	`1184`	`+if!slices.ContainsFunc(arg.LookupRoles,func(sstring)bool {`
	`1185`	`+returnstrings.EqualFold(s,role.Name)`
	`1186`	`+}) {`
	`1187`	`+continue`
	`1188`	`+}`
`1188`	`1189`	`}`
	`1190`	`+`
	`1191`	`+ifarg.ExcludeOrgRoles&&role.OrganizationID.Valid {`
	`1192`	`+continue`
	`1193`	`+}`
	`1194`	`+`
	`1195`	`+role:=role`
	`1196`	`+found=append(found,role)`
`1189`	`1197`	`}`
`1190`	`1198`
`1191`	`1199`	`returnfound,nil`

`‎coderd/database/dbmetrics/dbmetrics.go`

Lines changed: 3 additions & 3 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbmock/dbmock.go`

Lines changed: 6 additions & 6 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dump.sql`

Lines changed: 4 additions & 1 deletion

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/migrations/000210_custom_role_orgs.down.sql`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+ALTERTABLE custom_roles`
	`2`	`+-- This column is nullable, meaning no organization scope`
	`3`	`+DROP COLUMN organization_id;`

`‎coderd/database/migrations/000210_custom_role_orgs.up.sql`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,5 @@`
	`1`	`+ALTERTABLE custom_roles`
	`2`	`+-- This column is nullable, meaning no organization scope`
	`3`	`+ADD COLUMN organization_id uuid;`
	`4`	`+`
	`5`	`+COMMENT ON COLUMN custom_roles.organization_id IS'Roles can optionally be scoped to an organization'`

`‎coderd/database/models.go`

Lines changed: 2 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/querier.go`

Lines changed: 1 addition & 1 deletion

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries.sql.go`

Lines changed: 22 additions & 5 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries/roles.sql`

Lines changed: 11 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,14 +1,23 @@`
`1`		`--- name:CustomRolesByName :many`
	`1`	`+-- name:CustomRoles :many`
`2`	`2`	`SELECT`
`3`	`3`	`*`
`4`	`4`	`FROM`
`5`	`5`	`custom_roles`
`6`	`6`	`WHERE`
	`7`	`+ true`
	`8`	`+-- Lookup roles filter`
	`9`	`+AND CASE WHEN array_length(@lookup_roles ::text[],1)>0 THEN`
`7`	`10`	`-- Case insensitive`
`8`	`11`	`name ILIKE ANY(@lookup_roles ::text [])`
	`12`	`+ ELSE true`
	`13`	`+ END`
	`14`	`+-- Org scoping filter, to only fetch site wide roles`
	`15`	`+AND CASE WHEN @exclude_org_roles ::boolean THEN`
	`16`	`+organization_id ISnull`
	`17`	`+ELSE true`
	`18`	`+ END`
`9`	`19`	`;`
`10`	`20`
`11`		`-`
`12`	`21`	`-- name: UpsertCustomRole :one`
`13`	`22`	`INSERT INTO`
`14`	`23`	`custom_roles (`

`‎coderd/httpapi/name.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ func UsernameFrom(str string) string {`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`// NameValid returns whether the input string is a valid name.`
`41`		`-// It is a generic validator for any name (user, workspace, template, etc.).`
	`41`	`+// It is a generic validator for any name (user, workspace, template,role name,etc.).`
`42`	`42`	`funcNameValid(strstring)error {`
`43`	`43`	`iflen(str)>32 {`
`44`	`44`	`returnxerrors.New("must be <= 32 characters")`

`‎coderd/rbac/rolestore/rolestore.go`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,10 @@ func Expand(ctx context.Context, db database.Store, names []string) (rbac.Roles,`
`72`	`72`	`// If some roles are missing from the database, they are omitted from`
`73`	`73`	`// the expansion. These roles are no-ops. Should we raise some kind of`
`74`	`74`	`// warning when this happens?`
`75`		`-dbroles,err:=db.CustomRolesByName(ctx,lookup)`
	`75`	`+dbroles,err:=db.CustomRoles(ctx, database.CustomRolesParams{`
	`76`	`+LookupRoles:lookup,`
	`77`	`+ExcludeOrgRoles:false,`
	`78`	`+})`
`76`	`79`	`iferr!=nil {`
`77`	`80`	`returnnil,xerrors.Errorf("fetch custom roles: %w",err)`
`78`	`81`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0ca6d4e

File tree

27 files changed

27 files changed

`‎coderd/apidoc/docs.go`

`‎coderd/apidoc/swagger.json`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/database/dbmem/dbmem.go`

`‎coderd/database/dbmetrics/dbmetrics.go`

`‎coderd/database/dbmock/dbmock.go`

`‎coderd/database/dump.sql`

`‎coderd/database/migrations/000210_custom_role_orgs.down.sql`

`‎coderd/database/migrations/000210_custom_role_orgs.up.sql`

`‎coderd/database/models.go`

`‎coderd/database/querier.go`

`‎coderd/database/queries.sql.go`

`‎coderd/database/queries/roles.sql`

`‎coderd/httpapi/name.go`

`‎coderd/rbac/rolestore/rolestore.go`

0 commit comments