chore: Rename 'admin' to 'owner' (#3498)

Co-authored-by: Colin Adler <colin1adler@gmail.com>
2025-07-18 14:17:22 +00:00 · 2022-08-15 14:40:19 -05:00
parent 2306d2c709
commit 01dd35f1ba
16 changed files with 98 additions and 56 deletions
--- a/coderd/rbac/authz_internal_test.go
+++ b/coderd/rbac/authz_internal_test.go
@ -87,7 +87,7 @@ func TestFilter(t *testing.T) {
 		{
 			Name:       "Admin",
 			SubjectID:  userIDs[0].String(),
-			Roles:      []string{RoleOrgMember(orgIDs[0]), "auditor", RoleAdmin(), RoleMember()},
+			Roles:      []string{RoleOrgMember(orgIDs[0]), "auditor", RoleOwner(), RoleMember()},
 			ObjectType: ResourceWorkspace.Type,
 			Action:     ActionRead,
 		},
@ -292,7 +292,7 @@ func TestAuthorizeDomain(t *testing.T) {
 	user = subject{
 		UserID: "me",
 		Roles: []Role{
-			must(RoleByName(RoleAdmin())),
+			must(RoleByName(RoleOwner())),
 			must(RoleByName(RoleMember())),
 		},
 	}
@ -499,7 +499,7 @@ func TestAuthorizeLevels(t *testing.T) {
 	user := subject{
 		UserID: "me",
 		Roles: []Role{
-			must(RoleByName(RoleAdmin())),
+			must(RoleByName(RoleOwner())),
 			{
 				Name: "org-deny:" + defOrg.String(),
 				Org: map[string][]Permission{
--- a/coderd/rbac/builtin.go
+++ b/coderd/rbac/builtin.go
@ -9,7 +9,7 @@ import (
 )

 const (
-	admin         string = "admin"
+	owner         string = "owner"
 	member        string = "member"
 	templateAdmin string = "template-admin"
 	userAdmin     string = "user-admin"
@ -24,8 +24,8 @@ const (
 // Once we have a database implementation, the "default" roles can be defined on the
 // site and orgs, and these functions can be removed.

-func RoleAdmin() string {
-	return roleName(admin, "")
+func RoleOwner() string {
+	return roleName(owner, "")
 }

 func RoleTemplateAdmin() string {
@ -59,10 +59,10 @@ var (
 	// https://github.com/coder/coder/issues/1194
 	builtInRoles = map[string]func(orgID string) Role{
 		// admin grants all actions to all resources.
-		admin: func(_ string) Role {
+		owner: func(_ string) Role {
 			return Role{
-				Name:        admin,
-				DisplayName: "Admin",
+				Name:        owner,
+				DisplayName: "Owner",
 				Site: permissions(map[Object][]Action{
 					ResourceWildcard: {WildcardSymbol},
 				}),
@ -187,8 +187,8 @@ var (
 	// The first key is the actor role, the second is the roles they can assign.
 	//	map[actor_role][assign_role]<can_assign>
 	assignRoles = map[string]map[string]bool{
-		admin: {
-			admin:         true,
+		owner: {
+			owner:         true,
 			auditor:       true,
 			member:        true,
 			orgAdmin:      true,
--- a/coderd/rbac/builtin_internal_test.go
+++ b/coderd/rbac/builtin_internal_test.go
@ -16,7 +16,7 @@ func TestRoleByName(t *testing.T) {
 		testCases := []struct {
 			Role Role
 		}{
-			{Role: builtInRoles[admin]("")},
+			{Role: builtInRoles[owner]("")},
 			{Role: builtInRoles[member]("")},
 			{Role: builtInRoles[templateAdmin]("")},
 			{Role: builtInRoles[userAdmin]("")},
--- a/coderd/rbac/builtin_test.go
+++ b/coderd/rbac/builtin_test.go
@ -41,7 +41,7 @@ func BenchmarkRBACFilter(b *testing.B) {
 		{
 			Name: "Admin",
 			// Give some extra roles that an admin might have
-			Roles:  []string{rbac.RoleOrgMember(orgs[0]), "auditor", rbac.RoleAdmin(), rbac.RoleMember()},
+			Roles:  []string{rbac.RoleOrgMember(orgs[0]), "auditor", rbac.RoleOwner(), rbac.RoleMember()},
 			UserID: users[0],
 		},
 		{
@ -119,7 +119,7 @@ func TestRolePermissions(t *testing.T) {
 	memberMe := authSubject{Name: "member_me", UserID: currentUser.String(), Roles: []string{rbac.RoleMember()}}
 	orgMemberMe := authSubject{Name: "org_member_me", UserID: currentUser.String(), Roles: []string{rbac.RoleMember(), rbac.RoleOrgMember(orgID)}}

-	admin := authSubject{Name: "admin", UserID: adminID.String(), Roles: []string{rbac.RoleMember(), rbac.RoleAdmin()}}
+	admin := authSubject{Name: "admin", UserID: adminID.String(), Roles: []string{rbac.RoleMember(), rbac.RoleOwner()}}
 	orgAdmin := authSubject{Name: "org_admin", UserID: adminID.String(), Roles: []string{rbac.RoleMember(), rbac.RoleOrgMember(orgID), rbac.RoleOrgAdmin(orgID)}}

 	otherOrgMember := authSubject{Name: "org_member_other", UserID: uuid.NewString(), Roles: []string{rbac.RoleMember(), rbac.RoleOrgMember(otherOrg)}}
@ -358,7 +358,7 @@ func TestIsOrgRole(t *testing.T) {
 		OrgID    string
 	}{
 		// Not org roles
-		{RoleName: rbac.RoleAdmin()},
+		{RoleName: rbac.RoleOwner()},
 		{RoleName: rbac.RoleMember()},
 		{RoleName: "auditor"},

@ -413,7 +413,7 @@ func TestListRoles(t *testing.T) {
 	// Always use constant strings, as if the names change, we need to write
 	// a SQL migration to change the name on the backend.
 	require.ElementsMatch(t, []string{
-		"admin",
+		"owner",
 		"member",
 		"auditor",
 		"template-admin",