Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit1f5788f

Browse files
authored
chore: remove rbac psuedo resources, add custom verbs (#13276)
Removes our pseudo rbac resources like `WorkspaceApplicationConnect` in favor of additional verbs like `ssh`. This is to make more intuitive permissions for building custom roles.The source of truth is now `policy.go`
1 parentcb6b5e8 commit1f5788f

File tree

48 files changed

+1788
-1032
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

48 files changed

+1788
-1032
lines changed

‎Makefile

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -486,6 +486,7 @@ gen: \
486486
$(DB_GEN_FILES)\
487487
site/src/api/typesGenerated.ts\
488488
coderd/rbac/object_gen.go\
489+
codersdk/rbacresources_gen.go\
489490
docs/admin/prometheus.md\
490491
docs/cli.md\
491492
docs/admin/audit-logs.md\
@@ -611,7 +612,10 @@ examples/examples.gen.json: scripts/examplegen/main.go examples/examples.go $(sh
611612
go run ./scripts/examplegen/main.go> examples/examples.gen.json
612613

613614
coderd/rbac/object_gen.go: scripts/rbacgen/main.go coderd/rbac/object.go
614-
go run scripts/rbacgen/main.go ./coderd/rbac> coderd/rbac/object_gen.go
615+
go run scripts/rbacgen/main.go rbac> coderd/rbac/object_gen.go
616+
617+
codersdk/rbacresources_gen.go: scripts/rbacgen/main.go coderd/rbac/object.go
618+
go run scripts/rbacgen/main.go codersdk> codersdk/rbacresources_gen.go
615619

616620
docs/admin/prometheus.md: scripts/metricsdocgen/main.go scripts/metricsdocgen/metrics
617621
go run scripts/metricsdocgen/main.go

‎coderd/apidoc/docs.go

Lines changed: 76 additions & 37 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/apidoc/swagger.json

Lines changed: 77 additions & 38 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/authorize.go

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -169,7 +169,7 @@ func (api *API) checkAuthorization(rw http.ResponseWriter, r *http.Request) {
169169
obj:= rbac.Object{
170170
Owner:v.Object.OwnerID,
171171
OrgID:v.Object.OrganizationID,
172-
Type:v.Object.ResourceType.String(),
172+
Type:string(v.Object.ResourceType),
173173
}
174174
ifobj.Owner=="me" {
175175
obj.Owner=auth.ID
@@ -189,13 +189,7 @@ func (api *API) checkAuthorization(rw http.ResponseWriter, r *http.Request) {
189189
vardbObj rbac.Objecter
190190
vardbErrerror
191191
// Only support referencing some resources by ID.
192-
switchv.Object.ResourceType.String() {
193-
caserbac.ResourceWorkspaceExecution.Type:
194-
workSpace,err:=api.Database.GetWorkspaceByID(ctx,id)
195-
iferr==nil {
196-
dbObj=workSpace.ExecutionRBAC()
197-
}
198-
dbErr=err
192+
switchstring(v.Object.ResourceType) {
199193
caserbac.ResourceWorkspace.Type:
200194
dbObj,dbErr=api.Database.GetWorkspaceByID(ctx,id)
201195
caserbac.ResourceTemplate.Type:

‎coderd/coderdtest/authorize.go

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -416,23 +416,16 @@ func RandomRBACObject() rbac.Object {
416416
funcrandomRBACType()string {
417417
all:= []string{
418418
rbac.ResourceWorkspace.Type,
419-
rbac.ResourceWorkspaceExecution.Type,
420-
rbac.ResourceWorkspaceApplicationConnect.Type,
421419
rbac.ResourceAuditLog.Type,
422420
rbac.ResourceTemplate.Type,
423421
rbac.ResourceGroup.Type,
424422
rbac.ResourceFile.Type,
425423
rbac.ResourceProvisionerDaemon.Type,
426424
rbac.ResourceOrganization.Type,
427-
rbac.ResourceRoleAssignment.Type,
428-
rbac.ResourceOrgRoleAssignment.Type,
429-
rbac.ResourceAPIKey.Type,
430425
rbac.ResourceUser.Type,
431-
rbac.ResourceUserData.Type,
432426
rbac.ResourceOrganizationMember.Type,
433427
rbac.ResourceWildcard.Type,
434428
rbac.ResourceLicense.Type,
435-
rbac.ResourceDeploymentValues.Type,
436429
rbac.ResourceReplicas.Type,
437430
rbac.ResourceDebugInfo.Type,
438431
}

‎coderd/coderdtest/coderdtest.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -221,7 +221,7 @@ func NewOptions(t testing.TB, options *Options) (func(http.Handler), context.Can
221221
}
222222

223223
ifoptions.Authorizer==nil {
224-
defAuth:=rbac.NewCachingAuthorizer(prometheus.NewRegistry())
224+
defAuth:=rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())
225225
if_,ok:=t.(*testing.T);ok {
226226
options.Authorizer=&RecordingAuthorizer{
227227
Wrapped:defAuth,

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp