NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commit84dc70d

committed

feat: add composite coder:* API key scopes for better UX

Add high-level composite scopes that expand to multiple low-levelpermissions:- coder:workspaces.create - Template read/use + workspace CRUD- coder:workspaces.operate - Workspace read/update- coder:workspaces.delete - Workspace read/delete- coder:workspaces.access - Workspace read/SSH/app connect- coder:templates.build - Template read + file ops + provisioner jobs- coder:templates.author - Full template management + insights- coder:apikeys.manage_self - Self API key managementThese composite scopes provide intuitive high-level permissions whilemaintaining granular control through existing low-level scopes.Database enum values are persisted to enable storing composite namesdirectly in tokens.

1 parent3eeb008 commit84dc70dCopy full SHA for 84dc70d

File tree

7 files changed

+58

-1

lines changed

coderd
- apidoc
  - swagger.json
- database
  - dump.sql
  - migrations
    - 000373_add_composite_api_key_scopes.down.sql
    - 000373_add_composite_api_key_scopes.up.sql
docs/reference/api
- schemas.md
scripts/generate_api_key_scope_enum
- main.go
site/src/api
- typesGenerated.ts

7 files changed

+58

-1

lines changed

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+-- No-op: keep enum values to avoid dependency churn.`
	`2`	`+-- If strict removal is required, create a new enum type without these values,`
	`3`	`+-- cast columns, drop the old type, and rename.`

`‎coderd/database/migrations/000373_add_composite_api_key_scopes.up.sql‎`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,9 @@`
	`1`	`+-- Add high-level composite coder:* API key scopes`
	`2`	`+-- These values are persisted so that tokens can store coder:* names directly.`
	`3`	`+ALTERTYPE api_key_scope ADD VALUE IF NOT EXISTS'coder:workspaces.create';`
	`4`	`+ALTERTYPE api_key_scope ADD VALUE IF NOT EXISTS'coder:workspaces.operate';`
	`5`	`+ALTERTYPE api_key_scope ADD VALUE IF NOT EXISTS'coder:workspaces.delete';`
	`6`	`+ALTERTYPE api_key_scope ADD VALUE IF NOT EXISTS'coder:workspaces.access';`
	`7`	`+ALTERTYPE api_key_scope ADD VALUE IF NOT EXISTS'coder:templates.build';`
	`8`	`+ALTERTYPE api_key_scope ADD VALUE IF NOT EXISTS'coder:templates.author';`
	`9`	`+ALTERTYPE api_key_scope ADD VALUE IF NOT EXISTS'coder:apikeys.manage_self';`

`‎docs/reference/api/schemas.md‎`

Lines changed: 7 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎scripts/generate_api_key_scope_enum/main.go‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ import (`
`4`	`4`	`"fmt"`
`5`	`5`	`"sort"`
`6`	`6`
	`7`	`+"github.com/coder/coder/v2/coderd/rbac"`
`7`	`8`	`"github.com/coder/coder/v2/coderd/rbac/policy"`
`8`	`9`	`)`
`9`	`10`
`@@ -18,6 +19,8 @@ func main() {`
`18`	`19`	`vals=append(vals,fmt.Sprintf("%s:%s",resource,action))`
`19`	`20`	`}`
`20`	`21`	`}`
	`22`	`+// Include composite coder:* scopes as first-class enum values`
	`23`	`+vals=append(vals,rbac.CompositeScopeNames()...)`
`21`	`24`	`sort.Strings(vals)`
`22`	`25`	`for_,v:=rangevals {`
`23`	`26`	`if_,ok:=seen[v];ok {`

`‎site/src/api/typesGenerated.ts‎`

Lines changed: 14 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit84dc70d

File tree

7 files changed

7 files changed

`‎coderd/apidoc/swagger.json‎`

`‎coderd/database/dump.sql‎`

`‎coderd/database/migrations/000373_add_composite_api_key_scopes.down.sql‎`

`‎coderd/database/migrations/000373_add_composite_api_key_scopes.up.sql‎`

`‎docs/reference/api/schemas.md‎`

`‎scripts/generate_api_key_scope_enum/main.go‎`

`‎site/src/api/typesGenerated.ts‎`

0 commit comments