NotificationsYou must be signed in to change notification settings
Fork927
Star10.1k

Commitc61b64b

authored

feat: add hidden enterprise cmd command to list roles (#13303)

* feat: add hidden enterprise cmd command to list rolesThis includes custom roles, and has a json ouput option formore granular permissions

1 parent8e78b94 commitc61b64bCopy full SHA for c61b64b

File tree

28 files changed

+662

-86

lines changed

coderd
- apidoc
  - docs.go
  - swagger.json
- database
  - dbauthz
    - dbauthz.go
    - dbauthz_test.go
  - dbmem
    - dbmem.go
  - dbmetrics
    - dbmetrics.go
  - dbmock
    - dbmock.go
  - dump.sql
  - migrations
    - 000212_custom_role_orgs.down.sql
    - 000212_custom_role_orgs.up.sql
  - models.go
  - querier.go
  - queries
    - roles.sql
  - queries.sql.go
- httpapi
  - name.go
- rbac/rolestore
  - rolestore.go
- roles.go
- roles_test.go
codersdk
- roles.go
docs/api
- members.md
- schemas.md
enterprise
- cli
- coderd
  - roles.go
  - roles_test.go
site/src
- api
  - typesGenerated.ts
- testHelpers
  - entities.ts

28 files changed

+662

-86

lines changed

`‎coderd/apidoc/docs.go`

Lines changed: 26 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/apidoc/swagger.json`

Lines changed: 26 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -835,11 +835,12 @@ func (q *querier) CleanTailnetTunnels(ctx context.Context) error {`
`835`	`835`	`returnq.db.CleanTailnetTunnels(ctx)`
`836`	`836`	`}`
`837`	`837`
`838`		`-func (q*querier)CustomRolesByName(ctx context.Context,lookupRoles []string) ([]database.CustomRole,error) {`
	`838`	`+// TODO: Handle org scoped lookups`
	`839`	`+func (q*querier)CustomRoles(ctx context.Context,arg database.CustomRolesParams) ([]database.CustomRole,error) {`
`839`	`840`	`iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceAssignRole);err!=nil {`
`840`	`841`	`returnnil,err`
`841`	`842`	`}`
`842`		`-returnq.db.CustomRolesByName(ctx,lookupRoles)`
	`843`	`+returnq.db.CustomRoles(ctx,arg)`
`843`	`844`	`}`
`844`	`845`
`845`	`846`	`func (q*querier)DeleteAPIKeyByID(ctx context.Context,idstring)error {`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1177,8 +1177,8 @@ func (s *MethodTestSuite) TestUser() {`
`1177`	`1177`	`b:=dbgen.User(s.T(),db, database.User{})`
`1178`	`1178`	`check.Args().Asserts(rbac.ResourceSystem,policy.ActionRead).Returns(slice.New(a.ID,b.ID))`
`1179`	`1179`	`}))`
`1180`		`-s.Run("CustomRolesByName",s.Subtest(func(db database.Store,check*expects) {`
`1181`		`-check.Args([]string{}).Asserts(rbac.ResourceAssignRole,policy.ActionRead).Returns([]database.CustomRole{})`
	`1180`	`+s.Run("CustomRoles",s.Subtest(func(db database.Store,check*expects) {`
	`1181`	`+check.Args(database.CustomRolesParams{}).Asserts(rbac.ResourceAssignRole,policy.ActionRead).Returns([]database.CustomRole{})`
`1182`	`1182`	`}))`
`1183`	`1183`	`s.Run("Blank/UpsertCustomRole",s.Subtest(func(db database.Store,check*expects) {`
`1184`	`1184`	`// Blank is no perms in the role`

`‎coderd/database/dbmem/dbmem.go`

Lines changed: 14 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -1175,18 +1175,26 @@ func (*FakeQuerier) CleanTailnetTunnels(context.Context) error {`
`1175`	`1175`	`returnErrUnimplemented`
`1176`	`1176`	`}`
`1177`	`1177`
`1178`		`-func (q*FakeQuerier)CustomRolesByName(_ context.Context,lookupRoles []string) ([]database.CustomRole,error) {`
	`1178`	`+func (q*FakeQuerier)CustomRoles(_ context.Context,arg database.CustomRolesParams) ([]database.CustomRole,error) {`
`1179`	`1179`	`q.mutex.Lock()`
`1180`	`1180`	`deferq.mutex.Unlock()`
`1181`	`1181`
`1182`	`1182`	`found:=make([]database.CustomRole,0)`
`1183`	`1183`	`for_,role:=rangeq.data.customRoles {`
`1184`		`-ifslices.ContainsFunc(lookupRoles,func(sstring)bool {`
`1185`		`-returnstrings.EqualFold(s,role.Name)`
`1186`		`-}) {`
`1187`		`-role:=role`
`1188`		`-found=append(found,role)`
	`1184`	`+role:=role`
	`1185`	`+iflen(arg.LookupRoles)>0 {`
	`1186`	`+if!slices.ContainsFunc(arg.LookupRoles,func(sstring)bool {`
	`1187`	`+returnstrings.EqualFold(s,role.Name)`
	`1188`	`+}) {`
	`1189`	`+continue`
	`1190`	`+}`
`1189`	`1191`	`}`
	`1192`	`+`
	`1193`	`+ifarg.ExcludeOrgRoles&&role.OrganizationID.Valid {`
	`1194`	`+continue`
	`1195`	`+}`
	`1196`	`+`
	`1197`	`+found=append(found,role)`
`1190`	`1198`	`}`
`1191`	`1199`
`1192`	`1200`	`returnfound,nil`

`‎coderd/database/dbmetrics/dbmetrics.go`

Lines changed: 3 additions & 3 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbmock/dbmock.go`

Lines changed: 6 additions & 6 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dump.sql`

Lines changed: 4 additions & 1 deletion

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/migrations/000212_custom_role_orgs.down.sql`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+ALTERTABLE custom_roles`
	`2`	`+-- This column is nullable, meaning no organization scope`
	`3`	`+DROP COLUMN organization_id;`

`‎coderd/database/migrations/000212_custom_role_orgs.up.sql`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,5 @@`
	`1`	`+ALTERTABLE custom_roles`
	`2`	`+-- This column is nullable, meaning no organization scope`
	`3`	`+ADD COLUMN organization_id uuid;`
	`4`	`+`
	`5`	`+COMMENT ON COLUMN custom_roles.organization_id IS'Roles can optionally be scoped to an organization'`

`‎coderd/database/models.go`

Lines changed: 2 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/querier.go`

Lines changed: 1 addition & 1 deletion

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries.sql.go`

Lines changed: 22 additions & 5 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries/roles.sql`

Lines changed: 11 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,14 +1,23 @@`
`1`		`--- name:CustomRolesByName :many`
	`1`	`+-- name:CustomRoles :many`
`2`	`2`	`SELECT`
`3`	`3`	`*`
`4`	`4`	`FROM`
`5`	`5`	`custom_roles`
`6`	`6`	`WHERE`
	`7`	`+ true`
	`8`	`+-- Lookup roles filter`
	`9`	`+AND CASE WHEN array_length(@lookup_roles ::text[],1)>0 THEN`
`7`	`10`	`-- Case insensitive`
`8`	`11`	`name ILIKE ANY(@lookup_roles ::text [])`
	`12`	`+ ELSE true`
	`13`	`+ END`
	`14`	`+-- Org scoping filter, to only fetch site wide roles`
	`15`	`+AND CASE WHEN @exclude_org_roles ::boolean THEN`
	`16`	`+organization_id ISnull`
	`17`	`+ELSE true`
	`18`	`+ END`
`9`	`19`	`;`
`10`	`20`
`11`		`-`
`12`	`21`	`-- name: UpsertCustomRole :one`
`13`	`22`	`INSERT INTO`
`14`	`23`	`custom_roles (`

`‎coderd/httpapi/name.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ func UsernameFrom(str string) string {`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`// NameValid returns whether the input string is a valid name.`
`41`		`-// It is a generic validator for any name (user, workspace, template, etc.).`
	`41`	`+// It is a generic validator for any name (user, workspace, template,role name,etc.).`
`42`	`42`	`funcNameValid(strstring)error {`
`43`	`43`	`iflen(str)>32 {`
`44`	`44`	`returnxerrors.New("must be <= 32 characters")`

`‎coderd/rbac/rolestore/rolestore.go`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,10 @@ func Expand(ctx context.Context, db database.Store, names []string) (rbac.Roles,`
`72`	`72`	`// If some roles are missing from the database, they are omitted from`
`73`	`73`	`// the expansion. These roles are no-ops. Should we raise some kind of`
`74`	`74`	`// warning when this happens?`
`75`		`-dbroles,err:=db.CustomRolesByName(ctx,lookup)`
	`75`	`+dbroles,err:=db.CustomRoles(ctx, database.CustomRolesParams{`
	`76`	`+LookupRoles:lookup,`
	`77`	`+ExcludeOrgRoles:false,`
	`78`	`+})`
`76`	`79`	`iferr!=nil {`
`77`	`80`	`returnnil,xerrors.Errorf("fetch custom roles: %w",err)`
`78`	`81`	`}`
`@@ -81,7 +84,7 @@ func Expand(ctx context.Context, db database.Store, names []string) (rbac.Roles,`
`81`	`84`	`for_,dbrole:=rangedbroles {`
`82`	`85`	`converted,err:=ConvertDBRole(dbrole)`
`83`	`86`	`iferr!=nil {`
`84`		`-returnnil,xerrors.Errorf("convert db role %q: %w",dbrole,err)`
	`87`	`+returnnil,xerrors.Errorf("convert db role %q: %w",dbrole.Name,err)`
`85`	`88`	`}`
`86`	`89`	`roles=append(roles,converted)`
`87`	`90`	`cache.Store(dbrole.Name,converted)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc61b64b

File tree

28 files changed

28 files changed

`‎coderd/apidoc/docs.go`

`‎coderd/apidoc/swagger.json`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/database/dbmem/dbmem.go`

`‎coderd/database/dbmetrics/dbmetrics.go`

`‎coderd/database/dbmock/dbmock.go`

`‎coderd/database/dump.sql`

`‎coderd/database/migrations/000212_custom_role_orgs.down.sql`

`‎coderd/database/migrations/000212_custom_role_orgs.up.sql`

`‎coderd/database/models.go`

`‎coderd/database/querier.go`

`‎coderd/database/queries.sql.go`

`‎coderd/database/queries/roles.sql`

`‎coderd/httpapi/name.go`

`‎coderd/rbac/rolestore/rolestore.go`

0 commit comments