NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commit8f46553

committed

feat: rename special API key scopes to coder:* namespace

This change unifies scope handling by migrating special scopes to thecoder:* namespace while maintaining backward compatibility:- Database: 'all' -> 'coder:all', 'application_connect' -> 'coder:application_connect'- API accepts both legacy and canonical forms in requests- Responses maintain legacy format for existing client compatibility- Scope catalog returns all public scopes including canonical specials- Validation enforces public scope requirements using unified logicThe migration preserves existing API key functionality while establishingconsistent scope naming conventions for future extensibility.

1 parentae9cd7c commit8f46553Copy full SHA for 8f46553

File tree

22 files changed

+1940

-1889

lines changed

coderd
- apidoc
  - swagger.json
- apikey.go
- apikey
  - apikey.go
  - apikey_test.go
- database
  - dbauthz
    - dbauthz_test.go
  - dbgen
    - dbgen.go
  - dump.sql
  - migrations
    - 000372_canonicalize_special_api_key_scopes.down.sql
    - 000372_canonicalize_special_api_key_scopes.up.sql
  - modelmethods.go
  - modelmethods_internal_test.go
  - models.go
  - queries.sql.go
  - queries
    - apikeys.sql
- httpmw
- userauth_test.go
- users.go
- workspaceapps.go
docs
- manifest.json
- reference/api
  - authorization.md

22 files changed

+1940

-1889

lines changed

`‎coderd/apidoc/swagger.json‎`

Lines changed: 1 addition & 1 deletion

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/apikey.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ func (api API) postToken(rw http.ResponseWriter, r http.Request) {`
`66`	`66`	`return`
`67`	`67`	`}`
`68`	`68`
`69`		`-scope:=database.APIKeyScopeAll`
	`69`	`+scope:=database.ApiKeyScopeCoderAll`
`70`	`70`	`ifscope!="" {`
`71`	`71`	`scope=database.APIKeyScope(createToken.Scope)`
`72`	`72`	`}`

`‎coderd/apikey/apikey.go‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -62,12 +62,12 @@ func Generate(params CreateParams) (database.InsertAPIKeyParams, string, error)`
`62`	`62`
`63`	`63`	`bitlen:=len(ip)*8`
`64`	`64`
`65`		`-scope:=database.APIKeyScopeAll`
	`65`	`+scope:=database.ApiKeyScopeCoderAll`
`66`	`66`	`ifparams.Scope!="" {`
`67`	`67`	`scope=params.Scope`
`68`	`68`	`}`
`69`	`69`	`switchscope {`
`70`		`-casedatabase.APIKeyScopeAll,database.APIKeyScopeApplicationConnect:`
	`70`	`+casedatabase.ApiKeyScopeCoderAll,database.ApiKeyScopeCoderApplicationConnect:`
`71`	`71`	`default:`
`72`	`72`	`return database.InsertAPIKeyParams{},"",xerrors.Errorf("invalid API key scope: %q",scope)`
`73`	`73`	`}`

`‎coderd/apikey/apikey_test.go‎`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ func TestGenerate(t *testing.T) {`
`35`	`35`	`LifetimeSeconds:int64(time.Hour.Seconds()),`
`36`	`36`	`TokenName:"hello",`
`37`	`37`	`RemoteAddr:"1.2.3.4",`
`38`		`-Scope:database.APIKeyScopeApplicationConnect,`
	`38`	`+Scope:database.ApiKeyScopeCoderApplicationConnect,`
`39`	`39`	`},`
`40`	`40`	`},`
`41`	`41`	`{`
`@@ -62,7 +62,7 @@ func TestGenerate(t *testing.T) {`
`62`	`62`	`ExpiresAt: time.Time{},`
`63`	`63`	`TokenName:"hello",`
`64`	`64`	`RemoteAddr:"1.2.3.4",`
`65`		`-Scope:database.APIKeyScopeApplicationConnect,`
	`65`	`+Scope:database.ApiKeyScopeCoderApplicationConnect,`
`66`	`66`	`},`
`67`	`67`	`},`
`68`	`68`	`{`
`@@ -75,7 +75,7 @@ func TestGenerate(t *testing.T) {`
`75`	`75`	`ExpiresAt: time.Time{},`
`76`	`76`	`TokenName:"hello",`
`77`	`77`	`RemoteAddr:"1.2.3.4",`
`78`		`-Scope:database.APIKeyScopeApplicationConnect,`
	`78`	`+Scope:database.ApiKeyScopeCoderApplicationConnect,`
`79`	`79`	`},`
`80`	`80`	`},`
`81`	`81`	`{`
`@@ -88,7 +88,7 @@ func TestGenerate(t *testing.T) {`
`88`	`88`	`LifetimeSeconds:int64(time.Hour.Seconds()),`
`89`	`89`	`TokenName:"hello",`
`90`	`90`	`RemoteAddr:"",`
`91`		`-Scope:database.APIKeyScopeApplicationConnect,`
	`91`	`+Scope:database.ApiKeyScopeCoderApplicationConnect,`
`92`	`92`	`},`
`93`	`93`	`},`
`94`	`94`	`{`
`@@ -161,7 +161,7 @@ func TestGenerate(t *testing.T) {`
`161`	`161`	`iftc.params.Scope!="" {`
`162`	`162`	`assert.True(t,key.Scopes.Has(tc.params.Scope))`
`163`	`163`	`}else {`
`164`		`-assert.True(t,key.Scopes.Has(database.APIKeyScopeAll))`
	`164`	`+assert.True(t,key.Scopes.Has(database.ApiKeyScopeCoderAll))`
`165`	`165`	`}`
`166`	`166`
`167`	`167`	`iftc.params.TokenName!="" {`

`‎coderd/database/dbauthz/dbauthz_test.go‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -251,7 +251,7 @@ func (s *MethodTestSuite) TestAPIKey() {`
`251`	`251`	`}))`
`252`	`252`	`s.Run("InsertAPIKey",s.Mocked(func(dbmdbmock.MockStore,fakergofakeit.Faker,check*expects) {`
`253`	`253`	`u:=testutil.Fake(s.T(),faker, database.User{})`
`254`		`-arg:= database.InsertAPIKeyParams{UserID:u.ID,LoginType:database.LoginTypePassword,Scopes: database.APIKeyScopes{database.APIKeyScopeAll},IPAddress:defaultIPAddress()}`
	`254`	`+arg:= database.InsertAPIKeyParams{UserID:u.ID,LoginType:database.LoginTypePassword,Scopes: database.APIKeyScopes{database.ApiKeyScopeCoderAll},IPAddress:defaultIPAddress()}`
`255`	`255`	`ret:=testutil.Fake(s.T(),faker, database.APIKey{UserID:u.ID,LoginType:database.LoginTypePassword})`
`256`	`256`	`dbm.EXPECT().InsertAPIKey(gomock.Any(),arg).Return(ret,nil).AnyTimes()`
`257`	`257`	`check.Args(arg).Asserts(rbac.ResourceApiKey.WithOwner(u.ID.String()),policy.ActionCreate)`
`@@ -265,7 +265,7 @@ func (s *MethodTestSuite) TestAPIKey() {`
`265`	`265`	`check.Args(arg).Asserts(a,policy.ActionUpdate).Returns()`
`266`	`266`	`}))`
`267`	`267`	`s.Run("DeleteApplicationConnectAPIKeysByUserID",s.Mocked(func(dbmdbmock.MockStore,fakergofakeit.Faker,check*expects) {`
`268`		`-a:=testutil.Fake(s.T(),faker, database.APIKey{Scopes: database.APIKeyScopes{database.APIKeyScopeApplicationConnect}})`
	`268`	`+a:=testutil.Fake(s.T(),faker, database.APIKey{Scopes: database.APIKeyScopes{database.ApiKeyScopeCoderApplicationConnect}})`
`269`	`269`	`dbm.EXPECT().DeleteApplicationConnectAPIKeysByUserID(gomock.Any(),a.UserID).Return(nil).AnyTimes()`
`270`	`270`	`check.Args(a.UserID).Asserts(rbac.ResourceApiKey.WithOwner(a.UserID.String()),policy.ActionDelete).Returns()`
`271`	`271`	`}))`

`‎coderd/database/dbgen/dbgen.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -185,7 +185,7 @@ func APIKey(t testing.TB, db database.Store, seed database.APIKey, munge ...func`
`185`	`185`	`CreatedAt:takeFirst(seed.CreatedAt,dbtime.Now()),`
`186`	`186`	`UpdatedAt:takeFirst(seed.UpdatedAt,dbtime.Now()),`
`187`	`187`	`LoginType:takeFirst(seed.LoginType,database.LoginTypePassword),`
`188`		`-Scopes:takeFirstSlice([]database.APIKeyScope(seed.Scopes), []database.APIKeyScope{database.APIKeyScopeAll}),`
	`188`	`+Scopes:takeFirstSlice([]database.APIKeyScope(seed.Scopes), []database.APIKeyScope{database.ApiKeyScopeCoderAll}),`
`189`	`189`	`AllowList:takeFirstSlice(seed.AllowList, database.AllowList{database.AllowListWildcard()}),`
`190`	`190`	`TokenName:takeFirst(seed.TokenName),`
`191`	`191`	`}`

`‎coderd/database/dump.sql‎`

Lines changed: 2 additions & 2 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/migrations/000372_canonicalize_special_api_key_scopes.down.sql‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,5 @@`
	`1`	`+-- Revert canonicalization of special API key scopes`
	`2`	`+-- Rename enum values back: 'coder:all' -> 'all', 'coder:application_connect' -> 'application_connect'`
	`3`	`+`
	`4`	`+ALTERTYPE api_key_scope RENAME VALUE'coder:all' TO'all';`
	`5`	`+ALTERTYPE api_key_scope RENAME VALUE'coder:application_connect' TO'application_connect';`

`‎coderd/database/migrations/000372_canonicalize_special_api_key_scopes.up.sql‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,5 @@`
	`1`	`+-- Canonicalize special API key scopes to coder:* namespace`
	`2`	`+-- Rename enum values: 'all' -> 'coder:all', 'application_connect' -> 'coder:application_connect'`
	`3`	`+`
	`4`	`+ALTERTYPE api_key_scope RENAME VALUE'all' TO'coder:all';`
	`5`	`+ALTERTYPE api_key_scope RENAME VALUE'application_connect' TO'coder:application_connect';`

`‎coderd/database/modelmethods.go‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -134,9 +134,9 @@ func (w ConnectionLog) RBACObject() rbac.Object {`
`134`	`134`
`135`	`135`	`func (sAPIKeyScope)ToRBAC() rbac.ScopeName {`
`136`	`136`	`switchs {`
`137`		`-caseAPIKeyScopeAll:`
	`137`	`+case"all",ApiKeyScopeCoderAll:`
`138`	`138`	`returnrbac.ScopeAll`
`139`		`-caseAPIKeyScopeApplicationConnect:`
	`139`	`+case"application_connect",ApiKeyScopeCoderApplicationConnect:`
`140`	`140`	`returnrbac.ScopeApplicationConnect`
`141`	`141`	`default:`
`142`	`142`	`// Allow low-level resource:action scopes to flow through to RBAC for`
`@@ -218,7 +218,7 @@ func (s APIKeyScopes) Expand() (rbac.Scope, error) {`
`218`	`218`	`// Name returns a human-friendly identifier for tracing/logging.`
`219`	`219`	`func (sAPIKeyScopes)Name() rbac.RoleIdentifier {`
`220`	`220`	`iflen(s)==0 {`
`221`		`-return rbac.RoleIdentifier{Name:string(APIKeyScopeAll)}`
	`221`	`+return rbac.RoleIdentifier{Name:string(ApiKeyScopeCoderAll)}`
`222`	`222`	`}`
`223`	`223`	`names:=make([]string,0,len(s))`
`224`	`224`	`for_,s:=ranges {`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit8f46553

File tree

22 files changed

22 files changed

`‎coderd/apidoc/swagger.json‎`

`‎coderd/apikey.go‎`

`‎coderd/apikey/apikey.go‎`

`‎coderd/apikey/apikey_test.go‎`

`‎coderd/database/dbauthz/dbauthz_test.go‎`

`‎coderd/database/dbgen/dbgen.go‎`

`‎coderd/database/dump.sql‎`

`‎coderd/database/migrations/000372_canonicalize_special_api_key_scopes.down.sql‎`

`‎coderd/database/migrations/000372_canonicalize_special_api_key_scopes.up.sql‎`

`‎coderd/database/modelmethods.go‎`

0 commit comments