chore: create type for unique role names (#13506)

* chore: create type for unique role names Using `string` was confusing when something should be combined with org context, and when not to. Naming this new name, "RoleIdentifier"
2025-07-03 16:13:58 +00:00 · 2024-06-11 08:55:28 -05:00
parent c9cca9d56e
commit 5ccf5084e8
50 changed files with 553 additions and 458 deletions
--- a/coderd/rbac/authz.go
+++ b/coderd/rbac/authz.go
@ -110,13 +110,13 @@ func (s Subject) SafeScopeName() string {
 	if s.Scope == nil {
 		return "no-scope"
 	}
-	return s.Scope.Name()
+	return s.Scope.Name().String()
 }

 // SafeRoleNames prevent nil pointer dereference.
-func (s Subject) SafeRoleNames() []string {
+func (s Subject) SafeRoleNames() []RoleIdentifier {
 	if s.Roles == nil {
-		return []string{}
+		return []RoleIdentifier{}
 	}
 	return s.Roles.Names()
 }
@ -707,9 +707,15 @@ func (c *authCache) Prepare(ctx context.Context, subject Subject, action policy.
 // rbacTraceAttributes are the attributes that are added to all spans created by
 // the rbac package. These attributes should help to debug slow spans.
 func rbacTraceAttributes(actor Subject, action policy.Action, objectType string, extra ...attribute.KeyValue) trace.SpanStartOption {
+	uniqueRoleNames := actor.SafeRoleNames()
+	roleStrings := make([]string, 0, len(uniqueRoleNames))
+	for _, roleName := range uniqueRoleNames {
+		roleName := roleName
+		roleStrings = append(roleStrings, roleName.String())
+	}
 	return trace.WithAttributes(
 		append(extra,
-			attribute.StringSlice("subject_roles", actor.SafeRoleNames()),
+			attribute.StringSlice("subject_roles", roleStrings),
 			attribute.Int("num_subject_roles", len(actor.SafeRoleNames())),
 			attribute.Int("num_groups", len(actor.Groups)),
 			attribute.String("scope", actor.SafeScopeName()),