mirror of
https://github.com/coder/coder.git
synced 2025-07-03 16:13:58 +00:00
chore: push rbac actions to policy package (#13274)
Just moved `rbac.Action` -> `policy.Action`. This is for the stacked PR to not have circular dependencies when doing autogen. Without this, the autogen can produce broken golang code, which prevents the autogen from compiling. So just avoiding circular dependencies. Doing this in it's own PR to reduce LoC diffs in the primary PR, since this has 0 functional changes.
This commit is contained in:
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -17,6 +17,7 @@ import (
|
||||
"golang.org/x/xerrors"
|
||||
|
||||
"cdr.dev/slog"
|
||||
"github.com/coder/coder/v2/coderd/rbac/policy"
|
||||
|
||||
"github.com/coder/coder/v2/coderd/coderdtest"
|
||||
"github.com/coder/coder/v2/coderd/database"
|
||||
@ -338,7 +339,7 @@ func (m *expects) Errors(err error) *expects {
|
||||
// AssertRBAC contains the object and actions to be asserted.
|
||||
type AssertRBAC struct {
|
||||
Object rbac.Object
|
||||
Actions []rbac.Action
|
||||
Actions []policy.Action
|
||||
}
|
||||
|
||||
// values is a convenience method for creating []reflect.Value.
|
||||
@ -368,15 +369,15 @@ func values(ins ...any) []reflect.Value {
|
||||
//
|
||||
// Even-numbered inputs are the objects, and odd-numbered inputs are the actions.
|
||||
// Objects must implement rbac.Objecter.
|
||||
// Inputs can be a single rbac.Action, or a slice of rbac.Action.
|
||||
// Inputs can be a single policy.Action, or a slice of policy.Action.
|
||||
//
|
||||
// asserts(workspace, rbac.ActionRead, template, slice(rbac.ActionRead, rbac.ActionWrite), ...)
|
||||
// asserts(workspace, policy.ActionRead, template, slice(policy.ActionRead, policy.ActionWrite), ...)
|
||||
//
|
||||
// is equivalent to
|
||||
//
|
||||
// []AssertRBAC{
|
||||
// {Object: workspace, Actions: []rbac.Action{rbac.ActionRead}},
|
||||
// {Object: template, Actions: []rbac.Action{rbac.ActionRead, rbac.ActionWrite)}},
|
||||
// {Object: workspace, Actions: []policy.Action{policy.ActionRead}},
|
||||
// {Object: template, Actions: []policy.Action{policy.ActionRead, policy.ActionWrite)}},
|
||||
// ...
|
||||
// }
|
||||
func asserts(inputs ...any) []AssertRBAC {
|
||||
@ -392,19 +393,19 @@ func asserts(inputs ...any) []AssertRBAC {
|
||||
}
|
||||
rbacObj := obj.RBACObject()
|
||||
|
||||
var actions []rbac.Action
|
||||
actions, ok = inputs[i+1].([]rbac.Action)
|
||||
var actions []policy.Action
|
||||
actions, ok = inputs[i+1].([]policy.Action)
|
||||
if !ok {
|
||||
action, ok := inputs[i+1].(rbac.Action)
|
||||
action, ok := inputs[i+1].(policy.Action)
|
||||
if !ok {
|
||||
// Could be the string type.
|
||||
actionAsString, ok := inputs[i+1].(string)
|
||||
if !ok {
|
||||
panic(fmt.Sprintf("action '%q' not a supported action", actionAsString))
|
||||
}
|
||||
action = rbac.Action(actionAsString)
|
||||
action = policy.Action(actionAsString)
|
||||
}
|
||||
actions = []rbac.Action{action}
|
||||
actions = []policy.Action{action}
|
||||
}
|
||||
|
||||
out = append(out, AssertRBAC{
|
||||
|
@ -22,6 +22,7 @@ import (
|
||||
"github.com/coder/coder/v2/coderd/database/provisionerjobs"
|
||||
"github.com/coder/coder/v2/coderd/database/pubsub"
|
||||
"github.com/coder/coder/v2/coderd/rbac"
|
||||
"github.com/coder/coder/v2/coderd/rbac/policy"
|
||||
"github.com/coder/coder/v2/cryptorand"
|
||||
)
|
||||
|
||||
@ -69,7 +70,7 @@ func Template(t testing.TB, db database.Store, seed database.Template) database.
|
||||
if seed.GroupACL == nil {
|
||||
// By default, all users in the organization can read the template.
|
||||
seed.GroupACL = database.TemplateACL{
|
||||
seed.OrganizationID.String(): []rbac.Action{rbac.ActionRead},
|
||||
seed.OrganizationID.String(): []policy.Action{policy.ActionRead},
|
||||
}
|
||||
}
|
||||
if seed.UserACL == nil {
|
||||
|
@ -14,12 +14,14 @@ import (
|
||||
|
||||
"github.com/coder/coder/v2/coderd/database"
|
||||
"github.com/coder/coder/v2/coderd/rbac"
|
||||
"github.com/coder/coder/v2/coderd/rbac/policy"
|
||||
)
|
||||
|
||||
var (
|
||||
// Force these imports, for some reason the autogen does not include them.
|
||||
_ uuid.UUID
|
||||
_ rbac.Action
|
||||
_ policy.Action
|
||||
_ rbac.Objecter
|
||||
)
|
||||
|
||||
const wrapname = "dbmetrics.metricsStore"
|
||||
|
@ -8,7 +8,7 @@ import (
|
||||
"github.com/google/uuid"
|
||||
"golang.org/x/xerrors"
|
||||
|
||||
"github.com/coder/coder/v2/coderd/rbac"
|
||||
"github.com/coder/coder/v2/coderd/rbac/policy"
|
||||
"github.com/coder/coder/v2/codersdk/healthsdk"
|
||||
)
|
||||
|
||||
@ -29,7 +29,7 @@ type HealthSettings struct {
|
||||
DismissedHealthchecks []healthsdk.HealthSection `db:"dismissed_healthchecks" json:"dismissed_healthchecks"`
|
||||
}
|
||||
|
||||
type Actions []rbac.Action
|
||||
type Actions []policy.Action
|
||||
|
||||
func (a *Actions) Scan(src interface{}) error {
|
||||
switch v := src.(type) {
|
||||
@ -46,7 +46,7 @@ func (a *Actions) Value() (driver.Value, error) {
|
||||
}
|
||||
|
||||
// TemplateACL is a map of ids to permissions.
|
||||
type TemplateACL map[string][]rbac.Action
|
||||
type TemplateACL map[string][]policy.Action
|
||||
|
||||
func (t *TemplateACL) Scan(src interface{}) error {
|
||||
switch v := src.(type) {
|
||||
|
Reference in New Issue
Block a user