Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit83d7147

Browse files
authored
chore: deprecate ResourceSystem (#17217)
Deprecates `ResourceSystem`. It's a large collection of unrelated things, and violates the principle of least privilege because to get access to low-security stuff like various statistics, you also get access to serious-security stuff like crypto keys.We should eventually break it up and remove it, but the least we can do for now is not make the problem worse.
1 parentac0cf35 commit83d7147

File tree

3 files changed

+10
-0
lines changed

3 files changed

+10
-0
lines changed

‎coderd/rbac/object_gen.go

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/rbac/policy/policy.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,8 @@ type PermissionDefinition struct {
3333
// should represent. The key in the actions map is the verb to use
3434
// in the rbac policy.
3535
Actionsmap[Action]ActionDefinition
36+
// Comment is additional text to include in the generated object comment.
37+
Commentstring
3638
}
3739

3840
typeActionDefinitionstruct {
@@ -203,6 +205,10 @@ var RBACPermissions = map[string]PermissionDefinition{
203205
ActionUpdate:actDef("update system resources"),
204206
ActionDelete:actDef("delete system resources"),
205207
},
208+
Comment:`
209+
// DEPRECATED: New resources should be created for new things, rather than adding them to System, which has become
210+
// an unmanaged collection of things that don't relate to one another. We can't effectively enforce
211+
// least privilege access control when unrelated resources are grouped together.`,
206212
},
207213
"api_key": {
208214
Actions:map[Action]ActionDefinition{

‎scripts/typegen/rbacobject.gotmpl

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ var (
1616
{{- range $action, $value := .Actions }}
1717
// - "{{ actionEnum $action }}" :: {{ $value.Description }}
1818
{{- end }}
19+
{{- .Comment }}
1920
Resource{{ $Name }} = Object {
2021
Type: "{{ $element.Type }}",
2122
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp