NotificationsYou must be signed in to change notification settings
Fork927
Star10.1k

Commitd60f65a

committed

make start/stop workspaces different actions

1 parentdda1b4f commitd60f65aCopy full SHA for d60f65a

File tree

13 files changed

+94

-84

lines changed

coderd
- coderdtest
  - coderdtest.go
- database/dbauthz
  - dbauthz.go
  - dbauthz_test.go
- rbac
- roles.go
support
- support.go

13 files changed

+94

-84

lines changed

`‎coderd/coderdtest/coderdtest.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -221,7 +221,7 @@ func NewOptions(t testing.TB, options *Options) (func(http.Handler), context.Can`
`221`	`221`	`}`
`222`	`222`
`223`	`223`	`ifoptions.Authorizer==nil {`
`224`		`-defAuth:=rbac.NewCachingAuthorizer(prometheus.NewRegistry())`
	`224`	`+defAuth:=rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())`
`225`	`225`	`if_,ok:=t.(*testing.T);ok {`
`226`	`226`	`options.Authorizer=&RecordingAuthorizer{`
`227`	`227`	`Wrapped:defAuth,`

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 9 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -169,7 +169,7 @@ var (`
`169`	`169`	`rbac.ResourceTemplate.Type: {policy.ActionRead,policy.ActionUpdate},`
`170`	`170`	`// Unsure why provisionerd needs update and read personal`
`171`	`171`	`rbac.ResourceUser.Type: {policy.ActionRead,policy.ActionReadPersonal,policy.ActionUpdatePersonal},`
`172`		`-rbac.ResourceWorkspace.Type: {policy.ActionRead,policy.ActionUpdate,policy.ActionDelete,policy.ActionWorkspaceBuild},`
	`172`	`+rbac.ResourceWorkspace.Type: {policy.ActionRead,policy.ActionUpdate,policy.ActionDelete,policy.ActionWorkspaceStart,policy.ActionWorkspaceStop},`
`173`	`173`	`rbac.ResourceApiKey.Type: {policy.WildcardSymbol},`
`174`	`174`	`// When org scoped provisioner credentials are implemented,`
`175`	`175`	`// this can be reduced to read a specific org.`
`@@ -193,7 +193,7 @@ var (`
`193`	`193`	`Site:rbac.Permissions(map[string][]policy.Action{`
`194`	`194`	`rbac.ResourceSystem.Type: {policy.WildcardSymbol},`
`195`	`195`	`rbac.ResourceTemplate.Type: {policy.ActionRead,policy.ActionUpdate},`
`196`		`-rbac.ResourceWorkspace.Type: {policy.ActionRead,policy.ActionUpdate,policy.ActionWorkspaceBuild},`
	`196`	`+rbac.ResourceWorkspace.Type: {policy.ActionRead,policy.ActionUpdate,policy.ActionWorkspaceStart,policy.ActionWorkspaceStop},`
`197`	`197`	`rbac.ResourceUser.Type: {policy.ActionRead},`
`198`	`198`	`}),`
`199`	`199`	`Org:map[string][]rbac.Permission{},`
`@@ -232,7 +232,7 @@ var (`
`232`	`232`	`DisplayName:"Coder",`
`233`	`233`	`Site:rbac.Permissions(map[string][]policy.Action{`
`234`	`234`	`rbac.ResourceWildcard.Type: {policy.ActionRead},`
`235`		`-rbac.ResourceApiKey.Type:{policy.ActionCreate,policy.ActionUpdate,policy.ActionDelete},`
	`235`	`+rbac.ResourceApiKey.Type:rbac.ResourceApiKey.AvailableActions(),`
`236`	`236`	`rbac.ResourceGroup.Type: {policy.ActionCreate,policy.ActionUpdate},`
`237`	`237`	`rbac.ResourceAssignRole.Type:rbac.ResourceAssignRole.AvailableActions(),`
`238`	`238`	`rbac.ResourceSystem.Type: {policy.WildcardSymbol},`
`@@ -241,7 +241,7 @@ var (`
`241`	`241`	`rbac.ResourceAssignOrgRole.Type: {policy.ActionRead,policy.ActionCreate,policy.ActionDelete},`
`242`	`242`	`rbac.ResourceProvisionerDaemon.Type: {policy.ActionCreate,policy.ActionUpdate},`
`243`	`243`	`rbac.ResourceUser.Type:rbac.ResourceUser.AvailableActions(),`
`244`		`-rbac.ResourceWorkspace.Type: {policy.ActionUpdate,policy.ActionDelete,policy.ActionWorkspaceBuild,policy.ActionSSH},`
	`244`	`+rbac.ResourceWorkspace.Type: {policy.ActionUpdate,policy.ActionDelete,policy.ActionWorkspaceStart,policy.ActionWorkspaceStop,policy.ActionSSH},`
`245`	`245`	`rbac.ResourceWorkspaceProxy.Type: {policy.ActionCreate,policy.ActionUpdate,policy.ActionDelete},`
`246`	`246`	`}),`
`247`	`247`	`Org:map[string][]rbac.Permission{},`
`@@ -2531,9 +2531,11 @@ func (q *querier) InsertWorkspaceBuild(ctx context.Context, arg database.InsertW`
`2531`	`2531`	`returnxerrors.Errorf("get workspace by id: %w",err)`
`2532`	`2532`	`}`
`2533`	`2533`
`2534`		`-varaction policy.Action=policy.ActionWorkspaceBuild`
	`2534`	`+varaction policy.Action=policy.ActionWorkspaceStart`
`2535`	`2535`	`ifarg.Transition==database.WorkspaceTransitionDelete {`
`2536`	`2536`	`action=policy.ActionDelete`
	`2537`	`+}elseifarg.Transition==database.WorkspaceTransitionStop {`
	`2538`	`+action=policy.ActionWorkspaceStop`
`2537`	`2539`	`}`
`2538`	`2540`
`2539`	`2541`	`iferr=q.authorizeContext(ctx,action,w);err!=nil {`
`@@ -3280,7 +3282,7 @@ func (q *querier) UpsertAppSecurityKey(ctx context.Context, data string) error {`
`3280`	`3282`	`}`
`3281`	`3283`
`3282`	`3284`	`func (q*querier)UpsertApplicationName(ctx context.Context,valuestring)error {`
`3283`		`-iferr:=q.authorizeContext(ctx,policy.ActionCreate,rbac.ResourceDeploymentConfig);err!=nil {`
	`3285`	`+iferr:=q.authorizeContext(ctx,policy.ActionUpdate,rbac.ResourceDeploymentConfig);err!=nil {`
`3284`	`3286`	`returnerr`
`3285`	`3287`	`}`
`3286`	`3288`	`returnq.db.UpsertApplicationName(ctx,value)`
`@@ -3294,7 +3296,7 @@ func (q *querier) UpsertDefaultProxy(ctx context.Context, arg database.UpsertDef`
`3294`	`3296`	`}`
`3295`	`3297`
`3296`	`3298`	`func (q*querier)UpsertHealthSettings(ctx context.Context,valuestring)error {`
`3297`		`-iferr:=q.authorizeContext(ctx,policy.ActionCreate,rbac.ResourceDeploymentConfig);err!=nil {`
	`3299`	`+iferr:=q.authorizeContext(ctx,policy.ActionUpdate,rbac.ResourceDeploymentConfig);err!=nil {`
`3298`	`3300`	`returnerr`
`3299`	`3301`	`}`
`3300`	`3302`	`returnq.db.UpsertHealthSettings(ctx,value)`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 14 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1432,7 +1432,18 @@ func (s *MethodTestSuite) TestWorkspace() {`
`1432`	`1432`	`WorkspaceID:w.ID,`
`1433`	`1433`	`Transition:database.WorkspaceTransitionStart,`
`1434`	`1434`	`Reason:database.BuildReasonInitiator,`
`1435`		`-}).Asserts(w,policy.ActionWorkspaceBuild)`
	`1435`	`+}).Asserts(w,policy.ActionWorkspaceStart)`
	`1436`	`+}))`
	`1437`	`+s.Run("Stop/InsertWorkspaceBuild",s.Subtest(func(db database.Store,check*expects) {`
	`1438`	`+t:=dbgen.Template(s.T(),db, database.Template{})`
	`1439`	`+w:=dbgen.Workspace(s.T(),db, database.Workspace{`
	`1440`	`+TemplateID:t.ID,`
	`1441`	`+})`
	`1442`	`+check.Args(database.InsertWorkspaceBuildParams{`
	`1443`	`+WorkspaceID:w.ID,`
	`1444`	`+Transition:database.WorkspaceTransitionStop,`
	`1445`	`+Reason:database.BuildReasonInitiator,`
	`1446`	`+}).Asserts(w,policy.ActionWorkspaceStop)`
`1436`	`1447`	`}))`
`1437`	`1448`	`s.Run("Start/RequireActiveVersion/VersionMismatch/InsertWorkspaceBuild",s.Subtest(func(db database.Store,check*expects) {`
`1438`	`1449`	`t:=dbgen.Template(s.T(),db, database.Template{})`
`@@ -1454,7 +1465,7 @@ func (s *MethodTestSuite) TestWorkspace() {`
`1454`	`1465`	`Reason:database.BuildReasonInitiator,`
`1455`	`1466`	`TemplateVersionID:v.ID,`
`1456`	`1467`	`}).Asserts(`
`1457`		`-w,policy.ActionWorkspaceBuild,`
	`1468`	`+w,policy.ActionWorkspaceStart,`
`1458`	`1469`	`t,policy.ActionUpdate,`
`1459`	`1470`	`)`
`1460`	`1471`	`}))`
`@@ -1482,7 +1493,7 @@ func (s *MethodTestSuite) TestWorkspace() {`
`1482`	`1493`	`Reason:database.BuildReasonInitiator,`
`1483`	`1494`	`TemplateVersionID:v.ID,`
`1484`	`1495`	`}).Asserts(`
`1485`		`-w,policy.ActionWorkspaceBuild,`
	`1496`	`+w,policy.ActionWorkspaceStart,`
`1486`	`1497`	`)`
`1487`	`1498`	`}))`
`1488`	`1499`	`s.Run("Delete/InsertWorkspaceBuild",s.Subtest(func(db database.Store,check*expects) {`

`‎coderd/rbac/authz.go`

Lines changed: 17 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -214,6 +214,10 @@ type RegoAuthorizer struct {`
`214`	`214`
`215`	`215`	`authorizeHist*prometheus.HistogramVec`
`216`	`216`	`prepareHist prometheus.Histogram`
	`217`	`+`
	`218`	`+// strict checking also verifies the inputs to the authorizer. Making sure`
	`219`	`+// the action make sense for the input object.`
	`220`	`+strictbool`
`217`	`221`	`}`
`218`	`222`
`219`	`223`	`var_Authorizer= (*RegoAuthorizer)(nil)`
`@@ -235,6 +239,13 @@ func NewCachingAuthorizer(registry prometheus.Registerer) Authorizer {`
`235`	`239`	`returnCacher(NewAuthorizer(registry))`
`236`	`240`	`}`
`237`	`241`
	`242`	`+// NewStrictCachingAuthorizer is mainly just for testing.`
	`243`	`+funcNewStrictCachingAuthorizer(registry prometheus.Registerer)Authorizer {`
	`244`	`+auth:=NewAuthorizer(registry)`
	`245`	`+auth.strict=true`
	`246`	`+returnCacher(auth)`
	`247`	`+}`
	`248`	`+`
`238`	`249`	`funcNewAuthorizer(registry prometheus.Registerer)*RegoAuthorizer {`
`239`	`250`	`queryOnce.Do(func() {`
`240`	`251`	`varerrerror`
`@@ -321,6 +332,12 @@ type authSubject struct {`
`321`	`332`	`// the object.`
`322`	`333`	`// If an error is returned, the authorization is denied.`
`323`	`334`	`func (aRegoAuthorizer)Authorize(ctx context.Context,subjectSubject,action policy.Action,objectObject)error {`
	`335`	`+ifa.strict {`
	`336`	`+iferr:=object.ValidAction(action);err!=nil {`
	`337`	`+returnxerrors.Errorf("strict authz check: %w",err)`
	`338`	`+}`
	`339`	`+}`
	`340`	`+`
`324`	`341`	`start:=time.Now()`
`325`	`342`	`ctx,span:=tracing.StartSpan(ctx,`
`326`	`343`	`trace.WithTimestamp(start),// Reuse the time.Now for metric and trace`

`‎coderd/rbac/authz_test.go`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -160,7 +160,7 @@ func BenchmarkRBACAuthorize(b *testing.B) {`
`160`	`160`
`161`	`161`	`// There is no caching that occurs because a fresh context is used for each`
`162`	`162`	`// call. And the context needs 'WithCacheCtx' to work.`
`163`		`-authorizer:=rbac.NewCachingAuthorizer(prometheus.NewRegistry())`
	`163`	`+authorizer:=rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())`
`164`	`164`	`// This benchmarks all the simple cases using just user permissions. Groups`
`165`	`165`	`// are added as noise, but do not do anything.`
`166`	`166`	`for_,c:=rangebenchCases {`
`@@ -187,7 +187,7 @@ func BenchmarkRBACAuthorizeGroups(b *testing.B) {`
`187`	`187`	`uuid.MustParse("0632b012-49e0-4d70-a5b3-f4398f1dcd52"),`
`188`	`188`	`uuid.MustParse("70dbaa7a-ea9c-4f68-a781-97b08af8461d"),`
`189`	`189`	`)`
`190`		`-authorizer:=rbac.NewCachingAuthorizer(prometheus.NewRegistry())`
	`190`	`+authorizer:=rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())`
`191`	`191`
`192`	`192`	`// Same benchmark cases, but this time groups will be used to match.`
`193`	`193`	`// Some '*' permissions will still match, but using a fake action reduces`
`@@ -239,7 +239,7 @@ func BenchmarkRBACFilter(b *testing.B) {`
`239`	`239`	`uuid.MustParse("70dbaa7a-ea9c-4f68-a781-97b08af8461d"),`
`240`	`240`	`)`
`241`	`241`
`242`		`-authorizer:=rbac.NewCachingAuthorizer(prometheus.NewRegistry())`
	`242`	`+authorizer:=rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())`
`243`	`243`
`244`	`244`	`for_,c:=rangebenchCases {`
`245`	`245`	`b.Run("PrepareOnly-"+c.Name,func(b*testing.B) {`

`‎coderd/rbac/input.json`

Lines changed: 17 additions & 41 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,46 +1,22 @@`
`1`	`1`	`{`
`2`		`-"action":"never-match-action",`
`3`		`-"object": {`
`4`		`-"id":"9046b041-58ed-47a3-9c3a-de302577875a",`
`5`		`-"owner":"00000000-0000-0000-0000-000000000000",`
`6`		`-"org_owner":"bf7b72bd-a2b1-4ef2-962c-1d698e0483f6",`
`7`		`-"type":"workspace",`
`8`		`-"acl_user_list": {`
`9`		`-"f041847d-711b-40da-a89a-ede39f70dc7f": ["create"]`
`10`		`- },`
`11`		`-"acl_group_list": {}`
	`2`	`+"action":"build",`
	`3`	`+"object":{`
	`4`	`+"id":"c6ae3dfb-0e55-4eca-b263-8ceaf95ad056",`
	`5`	`+"owner":"76df8ecb-a179-45cc-9a67-acc8b0512ee5",`
	`6`	`+"org_owner":"021dcc96-562b-4a43-8405-0d287b5298df",`
	`7`	`+"type":"workspace_dormant",`
	`8`	`+"acl_user_list":null,`
	`9`	`+"acl_group_list":null`
`12`	`10`	`},`
`13`		`-"subject": {`
`14`		`-"id":"10d03e62-7703-4df5-a358-4f76577d4e2f",`
`15`		`-"roles": [`
`16`		`- {`
`17`		`-"name":"owner",`
`18`		`-"display_name":"Owner",`
`19`		`-"site": [`
`20`		`- {`
`21`		`-"negate":false,`
`22`		`-"resource_type":"*",`
`23`		`-"action":"*"`
`24`		`- }`
`25`		`- ],`
`26`		`-"org": {},`
`27`		`-"user": []`
`28`		`- }`
	`11`	`+"subject":{`
	`12`	`+"FriendlyName":"testuser",`
	`13`	`+"ID":"76df8ecb-a179-45cc-9a67-acc8b0512ee5",`
	`14`	`+"Roles":[`
	`15`	`+"owner",`
	`16`	`+"member",`
	`17`	`+"organization-member:021dcc96-562b-4a43-8405-0d287b5298df"`
`29`	`18`	`],`
`30`		`-"groups": ["b617a647-b5d0-4cbe-9e40-26f89710bf18"],`
`31`		`-"scope": {`
`32`		`-"name":"Scope_all",`
`33`		`-"display_name":"All operations",`
`34`		`-"site": [`
`35`		`- {`
`36`		`-"negate":false,`
`37`		`-"resource_type":"*",`
`38`		`-"action":"*"`
`39`		`- }`
`40`		`- ],`
`41`		`-"org": {},`
`42`		`-"user": [],`
`43`		`-"allow_list": ["*"]`
`44`		`- }`
	`19`	`+"Groups":null,`
	`20`	`+"Scope":"all"`
`45`	`21`	`}`
`46`	`22`	`}`

`‎coderd/rbac/object.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ func (z Object) ValidAction(action policy.Action) error {`
`39`	`39`	`returnfmt.Errorf("invalid type %q",z.Type)`
`40`	`40`	`}`
`41`	`41`	`if_,ok:=perms.Actions[action];!ok {`
`42`		`-returnfmt.Errorf("invalid action %q",action)`
	`42`	`+returnfmt.Errorf("invalid action %q for type %q",action,z.Type)`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`returnnil`

`‎coderd/rbac/object_gen.go`

Lines changed: 3 additions & 3 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/rbac/policy/policy.go`

Lines changed: 12 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,8 @@ const (`
`16`	`16`	`ActionApplicationConnectAction="application_connect"`
`17`	`17`	`ActionViewInsightsAction="view_insights"`
`18`	`18`
`19`		`-ActionWorkspaceBuildAction="build"`
	`19`	`+ActionWorkspaceStartAction="start"`
	`20`	`+ActionWorkspaceStopAction="stop"`
`20`	`21`
`21`	`22`	`ActionAssignAction="assign"`
`22`	`23`
`@@ -51,8 +52,10 @@ var workspaceActions = map[Action]ActionDefinition{`
`51`	`52`	`ActionUpdate:actDef("edit workspace settings (scheduling, permissions, parameters)"),`
`52`	`53`	`ActionDelete:actDef("delete workspace"),`
`53`	`54`
`54`		`-// Workspace provisioning`
`55`		`-ActionWorkspaceBuild:actDef("allows starting, stopping, and updating a workspace"),`
	`55`	`+// Workspace provisioning. Start & stop are different so dormant workspaces can be`
	`56`	`+// stopped, but not stared.`
	`57`	`+ActionWorkspaceStart:actDef("allows starting a workspace"),`
	`58`	`+ActionWorkspaceStop:actDef("allows stopping a workspace"),`
`56`	`59`
`57`	`60`	`// Running a workspace`
`58`	`61`	`ActionSSH:actDef("ssh into a given workspace"),`
`@@ -104,12 +107,14 @@ var RBACPermissions = map[string]PermissionDefinition{`
`104`	`107`	`},`
`105`	`108`	`"audit_log": {`
`106`	`109`	`Actions:map[Action]ActionDefinition{`
`107`		`-ActionRead:actDef("read audit logs"),`
	`110`	`+ActionRead:actDef("read audit logs"),`
	`111`	`+ActionCreate:actDef("create new audit log entries"),`
`108`	`112`	`},`
`109`	`113`	`},`
`110`	`114`	`"deployment_config": {`
`111`	`115`	`Actions:map[Action]ActionDefinition{`
`112`		`-ActionRead:actDef("read deployment config"),`
	`116`	`+ActionRead:actDef("read deployment config"),`
	`117`	`+ActionUpdate:actDef("updating health information"),`
`113`	`118`	`},`
`114`	`119`	`},`
`115`	`120`	`"deployment_stats": {`
`@@ -173,7 +178,7 @@ var RBACPermissions = map[string]PermissionDefinition{`
`173`	`178`	`},`
`174`	`179`	`"debug_info": {`
`175`	`180`	`Actions:map[Action]ActionDefinition{`
`176`		`-ActionUse:actDef("access to debug routes"),`
	`181`	`+ActionRead:actDef("access to debug routes"),`
`177`	`182`	`},`
`178`	`183`	`},`
`179`	`184`	`"system": {`
`@@ -189,6 +194,7 @@ var RBACPermissions = map[string]PermissionDefinition{`
`189`	`194`	`ActionCreate:actDef("create an api key"),`
`190`	`195`	`ActionRead:actDef("read api key details (secrets are not stored)"),`
`191`	`196`	`ActionDelete:actDef("delete an api key"),`
	`197`	`+ActionUpdate:actDef("update an api key, eg expires"),`
`192`	`198`	`},`
`193`	`199`	`},`
`194`	`200`	`"tailnet_coordinator": {`

`‎coderd/rbac/roles.go`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -146,7 +146,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`146`	`146`	`// This adds back in the Workspace permissions.`
`147`	`147`	`Permissions(map[string][]policy.Action{`
`148`	`148`	`ResourceWorkspace.Type:ownerWorkspaceActions,`
`149`		`-ResourceWorkspaceDormant.Type: {policy.ActionRead,policy.ActionDelete,policy.ActionCreate,policy.ActionUpdate},`
	`149`	`+ResourceWorkspaceDormant.Type: {policy.ActionRead,policy.ActionDelete,policy.ActionCreate,policy.ActionUpdate,policy.ActionWorkspaceStop},`
`150`	`150`	`})...),`
`151`	`151`	`Org:map[string][]Permission{},`
`152`	`152`	`User: []Permission{},`
`@@ -167,7 +167,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`167`	`167`	`User:append(allPermsExcept(ResourceWorkspaceDormant,ResourceUser,ResourceOrganizationMember),`
`168`	`168`	`Permissions(map[string][]policy.Action{`
`169`	`169`	`// Reduced permission set on dormant workspaces. No build, ssh, or exec`
`170`		`-ResourceWorkspaceDormant.Type: {policy.ActionRead,policy.ActionDelete,policy.ActionCreate,policy.ActionUpdate},`
	`170`	`+ResourceWorkspaceDormant.Type: {policy.ActionRead,policy.ActionDelete,policy.ActionCreate,policy.ActionUpdate,policy.ActionWorkspaceStop},`
`171`	`171`
`172`	`172`	`// Users cannot do create/update/delete on themselves, but they`
`173`	`173`	`// can read their own details.`
`@@ -272,7 +272,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`272`	`272`	`Org:map[string][]Permission{`
`273`	`273`	`// Org admins should not have workspace exec perms.`
`274`	`274`	`organizationID:append(allPermsExcept(ResourceWorkspace,ResourceWorkspaceDormant),Permissions(map[string][]policy.Action{`
`275`		`-ResourceWorkspaceDormant.Type: {policy.ActionRead,policy.ActionDelete,policy.ActionCreate,policy.ActionUpdate},`
	`275`	`+ResourceWorkspaceDormant.Type: {policy.ActionRead,policy.ActionDelete,policy.ActionCreate,policy.ActionUpdate,policy.ActionWorkspaceStop},`
`276`	`276`	`ResourceWorkspace.Type:slice.Omit(ResourceWorkspace.AvailableActions(),policy.ActionApplicationConnect,policy.ActionSSH),`
`277`	`277`	`})...),`
`278`	`278`	`},`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitd60f65a

File tree

13 files changed

13 files changed

`‎coderd/coderdtest/coderdtest.go`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/rbac/authz.go`

`‎coderd/rbac/authz_test.go`

`‎coderd/rbac/input.json`

`‎coderd/rbac/object.go`

`‎coderd/rbac/object_gen.go`

`‎coderd/rbac/policy/policy.go`

`‎coderd/rbac/roles.go`

0 commit comments