synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-06 15:41:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: remove rbac psuedo resources, add custom verbs (#13276)

Browse Source 
Removes our pseudo rbac resources like `WorkspaceApplicationConnect` in favor of additional verbs like `ssh`. This is to make more intuitive permissions for building custom roles.

The source of truth is now `policy.go`
This commit is contained in:
Steven Masley
2024-05-15 11:09:42 -05:00
committed by GitHub
parent cb6b5e8fbd
commit 1f5788feff
48 changed files with 1809 additions and 1053 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
coderd/apidoc/docs.go generated
View File

@ -8468,12 +8468,16 @@ const docTemplate = `{
"type": "object",
"properties": {
"action": {
"type": "string",
"enum": [
"create",
"read",
"update",
"delete"
],
"allOf": [
{
"$ref": "#/definitions/codersdk.RBACAction"
}
]
},
"object": {
@ -10776,59 +10780,94 @@ const docTemplate = `{
}
}
},
"codersdk.RBACAction": {
"type": "string",
"enum": [
"application_connect",
"assign",
"create",
"delete",
"read",
"read_personal",
"ssh",
"update",
"update_personal",
"use",
"view_insights",
"start",
"stop"
],
"x-enum-varnames": [
"ActionApplicationConnect",
"ActionAssign",
"ActionCreate",
"ActionDelete",
"ActionRead",
"ActionReadPersonal",
"ActionSSH",
"ActionUpdate",
"ActionUpdatePersonal",
"ActionUse",
"ActionViewInsights",
"ActionWorkspaceStart",
"ActionWorkspaceStop"
]
},
"codersdk.RBACResource": {
"type": "string",
"enum": [
"workspace",
"workspace_proxy",
"workspace_execution",
"application_connect",
"audit_log",
"template",
"group",
"file",
"provisioner_daemon",
"organization",
"assign_role",
"assign_org_role",
"*",
"api_key",
"user",
"user_data",
"user_workspace_build_parameters",
"organization_member",
"license",
"assign_org_role",
"assign_role",
"audit_log",
"debug_info",
"deployment_config",
"deployment_stats",
"file",
"group",
"license",
"oauth2_app",
"oauth2_app_code_token",
"oauth2_app_secret",
"organization",
"organization_member",
"provisioner_daemon",
"replicas",
"debug_info",
"system",
"template_insights"
"tailnet_coordinator",
"template",
"user",
"workspace",
"workspace_dormant",
"workspace_proxy"
],
"x-enum-varnames": [
"ResourceWorkspace",
"ResourceWorkspaceProxy",
"ResourceWorkspaceExecution",
"ResourceWorkspaceApplicationConnect",
"ResourceWildcard",
"ResourceApiKey",
"ResourceAssignOrgRole",
"ResourceAssignRole",
"ResourceAuditLog",
"ResourceTemplate",
"ResourceGroup",
"ResourceFile",
"ResourceProvisionerDaemon",
"ResourceOrganization",
"ResourceRoleAssignment",
"ResourceOrgRoleAssignment",
"ResourceAPIKey",
"ResourceUser",
"ResourceUserData",
"ResourceUserWorkspaceBuildParameters",
"ResourceOrganizationMember",
"ResourceLicense",
"ResourceDeploymentValues",
"ResourceDeploymentStats",
"ResourceReplicas",
"ResourceDebugInfo",
"ResourceDeploymentConfig",
"ResourceDeploymentStats",
"ResourceFile",
"ResourceGroup",
"ResourceLicense",
"ResourceOauth2App",
"ResourceOauth2AppCodeToken",
"ResourceOauth2AppSecret",
"ResourceOrganization",
"ResourceOrganizationMember",
"ResourceProvisionerDaemon",
"ResourceReplicas",
"ResourceSystem",
"ResourceTemplateInsights"
"ResourceTailnetCoordinator",
"ResourceTemplate",
"ResourceUser",
"ResourceWorkspace",
"ResourceWorkspaceDormant",
"ResourceWorkspaceProxy"
]
},
"codersdk.RateLimitConfig": {