NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commit2ba5550

committed

feat: API key scopes database migration

1 parent679179f commit2ba5550Copy full SHA for 2ba5550

File tree

13 files changed

+853

-56

lines changed

coderd
- apikey
  - apikey.go
  - apikey_test.go
- coderdtest
  - authorize.go
- database
  - dbgen
    - dbgen.go
  - dump.sql
  - migrations
    - 000371_api_key_scopes_array_allow_list.down.sql
    - 000371_api_key_scopes_array_allow_list.up.sql
  - models.go
  - queries.sql.go
  - queries
    - apikeys.sql
- httpmw
  - apikey.go
- users.go
scripts/generate_api_key_scope_enum
- main.go

13 files changed

+853

-56

lines changed

`‎coderd/apikey/apikey.go‎`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -92,8 +92,10 @@ func Generate(params CreateParams) (database.InsertAPIKeyParams, string, error)`
`92`	`92`	`UpdatedAt:dbtime.Now(),`
`93`	`93`	`HashedSecret:hashed[:],`
`94`	`94`	`LoginType:params.LoginType,`
`95`		`-Scope:scope,`
`96`		`-TokenName:params.TokenName,`
	`95`	`+// New array columns (no DB defaults):`
	`96`	`+Scopes: []database.APIKeyScope{scope},`
	`97`	`+AllowList: []string{":"},`
	`98`	`+TokenName:params.TokenName,`
`97`	`99`	`},token,nil`
`98`	`100`	`}`
`99`	`101`

`‎coderd/apikey/apikey_test.go‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -159,9 +159,9 @@ func TestGenerate(t *testing.T) {`
`159`	`159`	`}`
`160`	`160`
`161`	`161`	`iftc.params.Scope!="" {`
`162`		`-assert.Equal(t,tc.params.Scope,key.Scope)`
	`162`	`+assert.Equal(t,tc.params.Scope,key.Scopes[0])`
`163`	`163`	`}else {`
`164`		`-assert.Equal(t,database.APIKeyScopeAll,key.Scope)`
	`164`	`+assert.Equal(t,database.APIKeyScopeAll,key.Scopes[0])`
`165`	`165`	`}`
`166`	`166`
`167`	`167`	`iftc.params.TokenName!="" {`

`‎coderd/coderdtest/authorize.go‎`

Lines changed: 8 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ import (`
`5`	`5`	`"fmt"`
`6`	`6`	`"path/filepath"`
`7`	`7`	`"runtime"`
	`8`	`+"slices"`
`8`	`9`	`"strings"`
`9`	`10`	`"sync"`
`10`	`11`	`"sync/atomic"`
`@@ -63,12 +64,18 @@ func AssertRBAC(t testing.T, api coderd.API, client *codersdk.Client) RBACAsse`
`63`	`64`	`roleNames,err:=roles.RoleNames()`
`64`	`65`	`require.NoError(t,err)`
`65`	`66`
	`67`	`+// Derive a legacy single scope from arrays for test subject compatibility.`
	`68`	`+legacy:=database.APIKeyScopeAll`
	`69`	`+ifslices.Contains(key.Scopes,database.APIKeyScopeApplicationConnect) {`
	`70`	`+legacy=database.APIKeyScopeApplicationConnect`
	`71`	`+}`
	`72`	`+`
`66`	`73`	`returnRBACAsserter{`
`67`	`74`	`Subject: rbac.Subject{`
`68`	`75`	`ID:key.UserID.String(),`
`69`	`76`	`Roles:rbac.RoleIdentifiers(roleNames),`
`70`	`77`	`Groups:roles.Groups,`
`71`		`-Scope:rbac.ScopeName(key.Scope),`
	`78`	`+Scope:rbac.ScopeName(legacy),`
`72`	`79`	`},`
`73`	`80`	`Recorder:recorder,`
`74`	`81`	`}`

`‎coderd/database/dbgen/dbgen.go‎`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -185,8 +185,10 @@ func APIKey(t testing.TB, db database.Store, seed database.APIKey, munge ...func`
`185`	`185`	`CreatedAt:takeFirst(seed.CreatedAt,dbtime.Now()),`
`186`	`186`	`UpdatedAt:takeFirst(seed.UpdatedAt,dbtime.Now()),`
`187`	`187`	`LoginType:takeFirst(seed.LoginType,database.LoginTypePassword),`
`188`		`-Scope:takeFirst(seed.Scope,database.APIKeyScopeAll),`
`189`		`-TokenName:takeFirst(seed.TokenName),`
	`188`	`+// New array columns (backward-compat default behavior)`
	`189`	`+Scopes:takeFirstSlice(seed.Scopes, []database.APIKeyScope{database.APIKeyScopeAll}),`
	`190`	`+AllowList: []string{":"},`
	`191`	`+TokenName:takeFirst(seed.TokenName),`
`190`	`192`	`}`
`191`	`193`	`for_,fn:=rangemunge {`
`192`	`194`	`fn(&params)`

`‎coderd/database/dump.sql‎`

Lines changed: 142 additions & 3 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/migrations/000371_api_key_scopes_array_allow_list.down.sql‎`

Lines changed: 18 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,18 @@`
	`1`	`+-- Recreate legacy single-scope column and collapse arrays`
	`2`	`+ALTERTABLE api_keys ADD COLUMN scope api_key_scope DEFAULT'all'::api_key_scopeNOT NULL;`
	`3`	`+`
	`4`	`+-- Collapse logic: prefer 'all', else 'application_connect', else 'all'`
	`5`	`+UPDATE api_keysSET scope=`
	`6`	`+ CASE`
	`7`	`+ WHEN'all'::api_key_scope= ANY(scopes) THEN'all'::api_key_scope`
	`8`	`+ WHEN'application_connect'::api_key_scope= ANY(scopes) THEN'application_connect'::api_key_scope`
	`9`	`+ ELSE'all'::api_key_scope`
	`10`	`+ END;`
	`11`	`+`
	`12`	`+-- Drop new columns`
	`13`	`+ALTERTABLE api_keys DROP COLUMN allow_list;`
	`14`	`+ALTERTABLE api_keys DROP COLUMN scopes;`
	`15`	`+`
	`16`	`+-- Note: We intentionally keep the expanded enum values to avoid dependency churn.`
	`17`	`+-- If strict narrowing is required, create a new type with only ('all','application_connect'),`
	`18`	`+-- cast column, drop the new type, and rename.`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit2ba5550

File tree

13 files changed

13 files changed

`‎coderd/apikey/apikey.go‎`

`‎coderd/apikey/apikey_test.go‎`

`‎coderd/coderdtest/authorize.go‎`

`‎coderd/database/dbgen/dbgen.go‎`

`‎coderd/database/dump.sql‎`

`‎coderd/database/migrations/000371_api_key_scopes_array_allow_list.down.sql‎`

0 commit comments