synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-06 15:41:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: implement api for creating custom roles (#13298)

Browse Source 
api endpoint (gated by experiment) to create custom_roles
This commit is contained in:
Steven Masley
2024-05-16 13:47:47 -05:00
committed by GitHub
parent 85de0e966d
commit ad8c314130
33 changed files with 1009 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
docs/api/members.md generated
View File

@ -154,3 +154,127 @@ Status Code **200**
| `» name` | string | false | | |
To perform this operation, you must be authenticated. [Learn more](authentication.md).
## Upsert a custom site-wide role
### Code samples
```shell
# Example request using curl
curl -X PATCH http://coder-server:8080/api/v2/users/roles \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
```
`PATCH /users/roles`
### Example responses
> 200 Response
```json
[
{
"display_name": "string",
"name": "string",
"organization_permissions": {
"property1": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"property2": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
},
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
]
```
### Responses
| Status | Meaning | Description | Schema |
| ------ | ------------------------------------------------------- | ----------- | ------------------------------------------------- |
| 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | OK | array of [codersdk.Role](schemas.md#codersdkrole) |
<h3 id="upsert-a-custom-site-wide-role-responseschema">Response Schema</h3>
Status Code **200**
| Name | Type | Required | Restrictions | Description |
| ---------------------------- | -------------------------------------------------------- | -------- | ------------ | --------------------------------------- |
| `[array item]` | array | false | | |
| `» display_name` | string | false | | |
| `» name` | string | false | | |
| `» organization_permissions` | object | false | | map[<org_id>] -> Permissions |
| `»» [any property]` | array | false | | |
| `»»» action` | [codersdk.RBACAction](schemas.md#codersdkrbacaction) | false | | |
| `»»» negate` | boolean | false | | Negate makes this a negative permission |
| `»»» resource_type` | [codersdk.RBACResource](schemas.md#codersdkrbacresource) | false | | |
| `» site_permissions` | array | false | | |
| `» user_permissions` | array | false | | |
#### Enumerated Values
| Property | Value |
| --------------- | ----------------------- |
| `action` | `application_connect` |
| `action` | `assign` |
| `action` | `create` |
| `action` | `delete` |
| `action` | `read` |
| `action` | `read_personal` |
| `action` | `ssh` |
| `action` | `update` |
| `action` | `update_personal` |
| `action` | `use` |
| `action` | `view_insights` |
| `action` | `start` |
| `action` | `stop` |
| `resource_type` | `*` |
| `resource_type` | `api_key` |
| `resource_type` | `assign_org_role` |
| `resource_type` | `assign_role` |
| `resource_type` | `audit_log` |
| `resource_type` | `debug_info` |
| `resource_type` | `deployment_config` |
| `resource_type` | `deployment_stats` |
| `resource_type` | `file` |
| `resource_type` | `group` |
| `resource_type` | `license` |
| `resource_type` | `oauth2_app` |
| `resource_type` | `oauth2_app_code_token` |
| `resource_type` | `oauth2_app_secret` |
| `resource_type` | `organization` |
| `resource_type` | `organization_member` |
| `resource_type` | `provisioner_daemon` |
| `resource_type` | `replicas` |
| `resource_type` | `system` |
| `resource_type` | `tailnet_coordinator` |
| `resource_type` | `template` |
| `resource_type` | `user` |
| `resource_type` | `workspace` |
| `resource_type` | `workspace_dormant` |
| `resource_type` | `workspace_proxy` |
To perform this operation, you must be authenticated. [Learn more](authentication.md).

151
docs/api/schemas.md generated
View File

@ -2694,6 +2694,7 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
| `example` |
| `auto-fill-parameters` |
| `multi-organization` |
| `custom-roles` |
## codersdk.ExternalAuth
@ -3579,13 +3580,13 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
### Properties
| Name | Type | Required | Restrictions | Description |
| ----------------- | --------------------------------------- | -------- | ------------ | ----------- |
| `created_at` | string | false | | |
| `organization_id` | string | false | | |
| `roles` | array of [codersdk.Role](#codersdkrole) | false | | |
| `updated_at` | string | false | | |
| `user_id` | string | false | | |
| Name | Type | Required | Restrictions | Description |
| ----------------- | ----------------------------------------------- | -------- | ------------ | ----------- |
| `created_at` | string | false | | |
| `organization_id` | string | false | | |
| `roles` | array of [codersdk.SlimRole](#codersdkslimrole) | false | | |
| `updated_at` | string | false | | |
| `user_id` | string | false | | |
## codersdk.PatchGroupRequest
@ -3649,6 +3650,24 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
| `name` | string | true | | |
| `regenerate_token` | boolean | false | | |
## codersdk.Permission
```json
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
```
### Properties
| Name | Type | Required | Restrictions | Description |
| --------------- | ---------------------------------------------- | -------- | ------------ | --------------------------------------- |
| `action` | [codersdk.RBACAction](#codersdkrbacaction) | false | | |
| `negate` | boolean | false | | Negate makes this a negative permission |
| `resource_type` | [codersdk.RBACResource](#codersdkrbacresource) | false | | |
## codersdk.PostOAuth2ProviderAppRequest
```json
@ -4271,16 +4290,50 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
```json
{
"display_name": "string",
"name": "string"
"name": "string",
"organization_permissions": {
"property1": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"property2": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
},
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
```
### Properties
| Name | Type | Required | Restrictions | Description |
| -------------- | ------ | -------- | ------------ | ----------- |
| `display_name` | string | false | | |
| `name` | string | false | | |
| Name | Type | Required | Restrictions | Description |
| -------------------------- | --------------------------------------------------- | -------- | ------------ | ---------------------------- |
| `display_name` | string | false | | |
| `name` | string | false | | |
| `organization_permissions` | object | false | | map[<org_id>] -> Permissions |
| » `[any property]` | array of [codersdk.Permission](#codersdkpermission) | false | | |
| `site_permissions` | array of [codersdk.Permission](#codersdkpermission) | false | | |
| `user_permissions` | array of [codersdk.Permission](#codersdkpermission) | false | | |
## codersdk.SSHConfig
@ -4356,6 +4409,22 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
| `disable_expiry_refresh` | boolean | false | | Disable expiry refresh will disable automatically refreshing api keys when they are used from the api. This means the api key lifetime at creation is the lifetime of the api key. |
| `max_token_lifetime` | integer | false | | |
## codersdk.SlimRole
```json
{
"display_name": "string",
"name": "string"
}
```
### Properties
| Name | Type | Required | Restrictions | Description |
| -------------- | ------ | -------- | ------------ | ----------- |
| `display_name` | string | false | | |
| `name` | string | false | | |
## codersdk.SupportConfig
```json
@ -4906,21 +4975,21 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
### Properties
| Name | Type | Required | Restrictions | Description |
| ------------------ | ---------------------------------------------- | -------- | ------------ | ----------- |
| `avatar_url` | string | false | | |
| `created_at` | string | true | | |
| `email` | string | true | | |
| `id` | string | true | | |
| `last_seen_at` | string | false | | |
| `login_type` | [codersdk.LoginType](#codersdklogintype) | false | | |
| `name` | string | false | | |
| `organization_ids` | array of string | false | | |
| `role` | [codersdk.TemplateRole](#codersdktemplaterole) | false | | |
| `roles` | array of [codersdk.Role](#codersdkrole) | false | | |
| `status` | [codersdk.UserStatus](#codersdkuserstatus) | false | | |
| `theme_preference` | string | false | | |
| `username` | string | true | | |
| Name | Type | Required | Restrictions | Description |
| ------------------ | ----------------------------------------------- | -------- | ------------ | ----------- |
| `avatar_url` | string | false | | |
| `created_at` | string | true | | |
| `email` | string | true | | |
| `id` | string | true | | |
| `last_seen_at` | string | false | | |
| `login_type` | [codersdk.LoginType](#codersdklogintype) | false | | |
| `name` | string | false | | |
| `organization_ids` | array of string | false | | |
| `role` | [codersdk.TemplateRole](#codersdktemplaterole) | false | | |
| `roles` | array of [codersdk.SlimRole](#codersdkslimrole) | false | | |
| `status` | [codersdk.UserStatus](#codersdkuserstatus) | false | | |
| `theme_preference` | string | false | | |
| `username` | string | true | | |
#### Enumerated Values
@ -5497,20 +5566,20 @@ If the schedule is empty, the user will be updated to use the default schedule.|
### Properties
| Name | Type | Required | Restrictions | Description |
| ------------------ | ------------------------------------------ | -------- | ------------ | ----------- |
| `avatar_url` | string | false | | |
| `created_at` | string | true | | |
| `email` | string | true | | |
| `id` | string | true | | |
| `last_seen_at` | string | false | | |
| `login_type` | [codersdk.LoginType](#codersdklogintype) | false | | |
| `name` | string | false | | |
| `organization_ids` | array of string | false | | |
| `roles` | array of [codersdk.Role](#codersdkrole) | false | | |
| `status` | [codersdk.UserStatus](#codersdkuserstatus) | false | | |
| `theme_preference` | string | false | | |
| `username` | string | true | | |
| Name | Type | Required | Restrictions | Description |
| ------------------ | ----------------------------------------------- | -------- | ------------ | ----------- |
| `avatar_url` | string | false | | |
| `created_at` | string | true | | |
| `email` | string | true | | |
| `id` | string | true | | |
| `last_seen_at` | string | false | | |
| `login_type` | [codersdk.LoginType](#codersdklogintype) | false | | |
| `name` | string | false | | |
| `organization_ids` | array of string | false | | |
| `roles` | array of [codersdk.SlimRole](#codersdkslimrole) | false | | |
| `status` | [codersdk.UserStatus](#codersdkuserstatus) | false | | |
| `theme_preference` | string | false | | |
| `username` | string | true | | |
#### Enumerated Values