Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

chore: break down dbauthz.System into smaller roles#6218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
johnstcn merged 4 commits intomainfromcj/authz-system-breakup
Feb 15, 2023

Conversation

johnstcn
Copy link
Member

@johnstcnjohnstcn commentedFeb 15, 2023
edited
Loading

  • rbac: export rbac.Permissions
  • dbauthz: move GetDeploymentDAUs, GetTemplateDAUs, GetTemplateAverageBuildTime from querier.go to system.go and removes auth checks
  • dbauthz: remove AsSystem(), add invididual roles for metrics cache, autostart, provisionerd, add restricted system role for everything else

Fixes#6158

- rbac: export rbac.Permissions- dbauthz: move GetDeploymentDAUs, GetTemplateDAUs,  GetTemplateAverageBuildTime from querier.go to system.go  and removes auth checks- dbauthz: remove AsSystem(), add invididual roles for  metrics cache, autostart, provisionerd, add restricted  system role for everything else
@johnstcnjohnstcn added the release/experimentalThese changes are feature-flagged, they may change or be removed in future releases labelFeb 15, 2023
@johnstcnjohnstcn self-assigned thisFeb 15, 2023
Copy link
Member

@EmyrkEmyrk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

On the right path


// AsSystemRestricted returns a context with an actor that has permissions
// required for various system operations e.g. login, logout.
func AsSystemRestricted(ctx context.Context) context.Context {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Do we plan on keeping this around? Or is it a catch all for the remaining stuff for now?

Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

This is a catch-all for the remaining stuff. It's mostly used for HTTP middleware.
I've pared down all the perms except read, which can still be pared down to the bare minimum if need be.

If we need to break it down further in future, we can do so. I think this is fine for now though.

@johnstcnjohnstcn merged commitf0f39b4 intomainFeb 15, 2023
@johnstcnjohnstcn deleted the cj/authz-system-breakup branchFebruary 15, 2023 16:14
@github-actionsgithub-actionsbot locked and limited conversation to collaboratorsFeb 15, 2023
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Reviewers

@EmyrkEmyrkEmyrk approved these changes

@spikecurtisspikecurtisAwaiting requested review from spikecurtis

Assignees

@johnstcnjohnstcn

Labels
release/experimentalThese changes are feature-flagged, they may change or be removed in future releases
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

chore: coderd: refactor dbauthz.AsSystem to individual roles
2 participants
@johnstcn@Emyrk
[8]ページ先頭
©2009-2025 Movatter.jp