Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat: add user_secrets table#19162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
evgeniy-scherbina merged 22 commits intomainfromyevhenii/secrets-db-schema
Aug 7, 2025
Merged

Conversation

evgeniy-scherbina
Copy link
Contributor

@evgeniy-scherbinaevgeniy-scherbina commentedAug 4, 2025
edited
Loading

Closescoder/internal#780

Summary of changes:

  • addeduser_secrets table
    • user_secrets table containsenv_name andfile_path fields which are not used at the moment, but will be used in later PRs
    • user_secrets table doesn't containvalue_key_id, I will add it in a separate migration in a dbcrypt PR
    • on one hand I don't want to add fields which are not used (because it's a risk smth may change in implementation later), on the other hand I don't want to add too many migrations for user secrets table
  • added unique sql indexes
  • added sql queries for CRUD operations on user-secrets
  • introduced newResourceUserSecret resource
  • basic unit-tests for CRUD ops and authorization behavior
  • Role updates:
    • owner:
      • removeResourceUserSecret from site-wide perms
      • addResourceUserSecret to user-wide perms
    • orgAdmin
      • removeResourceUserSecret from org-wide perms; seems it's not strictly required, becauseResourceUserSecret is not tied to organization in dbauthz wrappers?
    • memberRole
      • no need to change memberRole because it implicitly has access to user-secrets thanks to theallPermsExcept
    • is it enough changes to roles?

Main questions:

  • We will have 2 migrations for user-secrets:
    • initial migration (in current PR)
    • addingvalue_key_id in dbcrypt PR
    • is this approach reasonable?
  • Are changes to roles's permissions are correct?
  • Are changes in roles_test.go are correct?

@evgeniy-scherbinaevgeniy-scherbina marked this pull request as ready for reviewAugust 7, 2025 14:01
Copy link
Member

@EmyrkEmyrk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Some suggestions before I stamp 👍

Overall LG!

@evgeniy-scherbinaevgeniy-scherbina merged commitc65996a intomainAug 7, 2025
29 of 31 checks passed
@evgeniy-scherbinaevgeniy-scherbina deleted the yevhenii/secrets-db-schema branchAugust 7, 2025 19:59
@github-actionsgithub-actionsbot locked and limited conversation to collaboratorsAug 7, 2025
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.

Reviewers

@bcpeinhardtbcpeinhardtbcpeinhardt left review comments

@EmyrkEmyrkEmyrk approved these changes

@cstyancstyanAwaiting requested review from cstyan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Define database schema for user-secrets

3 participants

@evgeniy-scherbina@Emyrk@bcpeinhardt
[8]ページ先頭
©2009-2025 Movatter.jp