Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit7ad2366

Browse files
Emyrkaslilac
authored andcommitted
chore: merge provisioner key and provisioner permissions (#16628)
Provisioner key permissions were never any different than provisioners.Merging them for a cleaner permission story until they are required (ifever) to be seperate.This removed `ResourceProvisionerKey` from RBAC and just uses theexisting `ResourceProvisioner`.
1 parentc49abc6 commit7ad2366

File tree

14 files changed

+34
-62
lines changed

14 files changed

+34
-62
lines changed

‎coderd/apidoc/docs.go‎

Lines changed: 0 additions & 2 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/apidoc/swagger.json‎

Lines changed: 0 additions & 2 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/database/dbauthz/dbauthz.go‎

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -324,7 +324,6 @@ var (
324324
rbac.ResourceOrganization.Type: {policy.ActionCreate,policy.ActionRead},
325325
rbac.ResourceOrganizationMember.Type: {policy.ActionCreate,policy.ActionDelete,policy.ActionRead},
326326
rbac.ResourceProvisionerDaemon.Type: {policy.ActionCreate,policy.ActionRead,policy.ActionUpdate},
327-
rbac.ResourceProvisionerKeys.Type: {policy.ActionCreate,policy.ActionRead,policy.ActionDelete},
328327
rbac.ResourceUser.Type:rbac.ResourceUser.AvailableActions(),
329328
rbac.ResourceWorkspaceDormant.Type: {policy.ActionUpdate,policy.ActionDelete,policy.ActionWorkspaceStop},
330329
rbac.ResourceWorkspace.Type: {policy.ActionUpdate,policy.ActionDelete,policy.ActionWorkspaceStart,policy.ActionWorkspaceStop,policy.ActionSSH},
@@ -3203,7 +3202,7 @@ func (q *querier) InsertProvisionerJobTimings(ctx context.Context, arg database.
32033202
}
32043203

32053204
func (q*querier)InsertProvisionerKey(ctx context.Context,arg database.InsertProvisionerKeyParams) (database.ProvisionerKey,error) {
3206-
returninsert(q.log,q.auth,rbac.ResourceProvisionerKeys.InOrg(arg.OrganizationID).WithID(arg.ID),q.db.InsertProvisionerKey)(ctx,arg)
3205+
returninsert(q.log,q.auth,rbac.ResourceProvisionerDaemon.InOrg(arg.OrganizationID).WithID(arg.ID),q.db.InsertProvisionerKey)(ctx,arg)
32073206
}
32083207

32093208
func (q*querier)InsertReplica(ctx context.Context,arg database.InsertReplicaParams) (database.Replica,error) {

‎coderd/database/modelmethods.go‎

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -277,8 +277,10 @@ func (p GetEligibleProvisionerDaemonsByProvisionerJobIDsRow) RBACObject() rbac.O
277277
returnp.ProvisionerDaemon.RBACObject()
278278
}
279279

280+
// RBACObject for a provisioner key is the same as a provisioner daemon.
281+
// Keys == provisioners from a RBAC perspective.
280282
func (pProvisionerKey)RBACObject() rbac.Object {
281-
returnrbac.ResourceProvisionerKeys.
283+
returnrbac.ResourceProvisionerDaemon.
282284
WithID(p.ID).
283285
InOrg(p.OrganizationID)
284286
}

‎coderd/rbac/object_gen.go‎

Lines changed: 2 additions & 12 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/rbac/policy/policy.go‎

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -162,25 +162,18 @@ var RBACPermissions = map[string]PermissionDefinition{
162162
},
163163
"provisioner_daemon": {
164164
Actions:map[Action]ActionDefinition{
165-
ActionCreate:actDef("create a provisioner daemon"),
165+
ActionCreate:actDef("create a provisioner daemon/key"),
166166
// TODO: Move to use?
167167
ActionRead:actDef("read provisioner daemon"),
168168
ActionUpdate:actDef("update a provisioner daemon"),
169-
ActionDelete:actDef("delete a provisioner daemon"),
169+
ActionDelete:actDef("delete a provisioner daemon/key"),
170170
},
171171
},
172172
"provisioner_jobs": {
173173
Actions:map[Action]ActionDefinition{
174174
ActionRead:actDef("read provisioner jobs"),
175175
},
176176
},
177-
"provisioner_keys": {
178-
Actions:map[Action]ActionDefinition{
179-
ActionCreate:actDef("create a provisioner key"),
180-
ActionRead:actDef("read provisioner keys"),
181-
ActionDelete:actDef("delete a provisioner key"),
182-
},
183-
},
184177
"organization": {
185178
Actions:map[Action]ActionDefinition{
186179
ActionCreate:actDef("create an organization"),

‎coderd/rbac/roles_test.go‎

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -556,15 +556,6 @@ func TestRolePermissions(t *testing.T) {
556556
false: {setOtherOrg,memberMe,userAdmin,orgUserAdmin,orgAuditor},
557557
},
558558
},
559-
{
560-
Name:"ProvisionerKeys",
561-
Actions: []policy.Action{policy.ActionCreate,policy.ActionRead,policy.ActionDelete},
562-
Resource:rbac.ResourceProvisionerKeys.InOrg(orgID),
563-
AuthorizeMap:map[bool][]hasAuthSubjects{
564-
true: {owner,orgAdmin},
565-
false: {setOtherOrg,memberMe,orgMemberMe,userAdmin,templateAdmin,orgTemplateAdmin,orgUserAdmin,orgAuditor},
566-
},
567-
},
568559
{
569560
Name:"ProvisionerJobs",
570561
Actions: []policy.Action{policy.ActionRead},

‎codersdk/rbacresources_gen.go‎

Lines changed: 0 additions & 2 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎docs/reference/api/members.md‎

Lines changed: 0 additions & 5 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎docs/reference/api/schemas.md‎

Lines changed: 0 additions & 1 deletion
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp