34494fb330
chore: avoid depending on rbac in slim builds ( #17959 )
...
I noticed the `coder-vpn.dylib` (of course alongside the Agent/CLI binaries) had grown substantially (from 29MB to 37MB for the dylib), and discovered that importing RBAC in slim builds was the issue
This PR removes the dependency on RBAC in slim builds, and adds a compile-time check to ensure it can't be imported in the future:
```
$ make build
# github.com/coder/coder/v2/coderd/rbac
coderd/rbac/no_slim.go:8:2: initialization cycle: _DO_NOT_IMPORT_THIS_PACKAGE_IN_SLIM_BUILDS refers to itself
make: *** [Makefile:224: build/coder-slim_2.22.1-devel+7e46d24b4_linux_amd64] Error 1
```
Before and after for `coder-slim_darwin_arm64`:
```
$ gsa before after
┌───────────────────────────────────────────────────────────────────────────────────┐
│ Diff between before and after │
├─────────┬─────────────────────────────────────────┬──────────┬──────────┬─────────┤
│ PERCENT │ NAME │ OLD SIZE │ NEW SIZE │ DIFF │
├─────────┼─────────────────────────────────────────┼──────────┼──────────┼─────────┤
│ -100% │ github.com/gorilla/mux │ │ │ +0 B │
│ -100% │ github.com/ammario/tlru │ │ │ +0 B │
│ -100% │ github.com/armon/go-radix │ │ │ +0 B │
│ -0.00% │ gvisor.dev/gvisor │ 2.4 MB │ 2.4 MB │ -4 B │
│ -0.21% │ os │ 155 kB │ 155 kB │ -328 B │
│ -0.23% │ regexp │ 152 kB │ 152 kB │ -346 B │
│ -0.04% │ runtime │ 876 kB │ 876 kB │ -372 B │
│ -100% │ github.com/rcrowley/go-metrics │ 675 B │ │ -675 B │
│ -23.79% │ github.com/cespare/xxhash/v2 │ 3.0 kB │ 2.3 kB │ -715 B │
│ -100% │ github.com/agnivade/levenshtein │ 1.4 kB │ │ -1.4 kB │
│ -100% │ github.com/go-ini/ini │ 1.5 kB │ │ -1.5 kB │
│ -100% │ github.com/xeipuuv/gojsonreference │ 2.4 kB │ │ -2.4 kB │
│ -100% │ github.com/xeipuuv/gojsonpointer │ 5.2 kB │ │ -5.2 kB │
│ -2.43% │ go.opentelemetry.io/otel │ 316 kB │ 309 kB │ -7.7 kB │
│ -2.40% │ slices │ 381 kB │ 372 kB │ -9.2 kB │
│ -0.68% │ crypto │ 1.4 MB │ 1.4 MB │ -9.5 kB │
│ -100% │ github.com/tchap/go-patricia/v2 │ 23 kB │ │ -23 kB │
│ -100% │ github.com/yashtewari/glob-intersection │ 28 kB │ │ -28 kB │
│ -4.35% │ <autogenerated> │ 754 kB │ 721 kB │ -33 kB │
│ -100% │ github.com/sirupsen/logrus │ 72 kB │ │ -72 kB │
│ -2.56% │ github.com/coder/coder/v2 │ 3.3 MB │ 3.2 MB │ -84 kB │
│ -100% │ github.com/gobwas/glob │ 107 kB │ │ -107 kB │
│ -100% │ sigs.k8s.io/yaml │ 244 kB │ │ -244 kB │
│ -100% │ github.com/open-policy-agent/opa │ 2.2 MB │ │ -2.2 MB │
├─────────┼─────────────────────────────────────────┼──────────┼──────────┼─────────┤
│ -7.79% │ __go_buildinfo __DATA │ 18 kB │ 17 kB │ -1.4 kB │
│ -6.81% │ __itablink __DATA_CONST │ 23 kB │ 22 kB │ -1.6 kB │
│ -6.61% │ __typelink __DATA_CONST │ 71 kB │ 66 kB │ -4.7 kB │
│ -2.86% │ __noptrdata __DATA │ 1.0 MB │ 993 kB │ -29 kB │
│ -21.49% │ __data __DATA │ 320 kB │ 251 kB │ -69 kB │
│ -6.19% │ __rodata __DATA_CONST │ 6.0 MB │ 5.6 MB │ -372 kB │
│ -47.19% │ __rodata __TEXT │ 7.6 MB │ 4.0 MB │ -3.6 MB │
├─────────┼─────────────────────────────────────────┼──────────┼──────────┼─────────┤
│ -14.02% │ before │ 50 MB │ 43 MB │ -7.0 MB │
│ │ after │ │ │ │
└─────────┴─────────────────────────────────────────┴──────────┴──────────┴─────────┘
```
2025-05-22 19:48:23 +10:00
173dc0e35f
chore: refactor patch custom organization route to live in enterprise ( #14099 )
...
* chore: refactor patch custom organization route to live in enterprise
2024-08-05 13:42:11 -05:00
166467caf0
fix: don't require organization_id in body when updating a custom role ( #14102 )
2024-08-02 11:25:00 -06:00
d04959cea8
chore: implement custom role assignment for organization admins ( #13570 )
...
* chore: static role assignment mapping
Until a dynamic approach is created in the database, only org-admins
can assign custom organization roles.
2024-06-13 15:59:06 -05:00
5ccf5084e8
chore: create type for unique role names ( #13506 )
...
* chore: create type for unique role names
Using `string` was confusing when something should be combined with
org context, and when not to. Naming this new name, "RoleIdentifier"
2024-06-11 08:55:28 -05:00
0d65143301
chore: implement audit log for custom role edits ( #13494 )
...
* chore: implement audit log for custom role edits
2024-06-07 14:11:57 -05:00
e3206612e1
chore: implement typed database for custom permissions (breaks existing custom roles) ( #13457 )
...
* chore: typed database custom permissions
* add migration to fix any custom roles out there
2024-06-04 09:27:44 -05:00
afd9d3b35f
feat: add api for patching custom org roles ( #13357 )
...
* chore: implement patching custom organization roles
2024-05-29 09:49:43 -05:00
1b4ca00428
chore: include custom roles in list org roles ( #13336 )
...
* chore: include custom roles in list org roles
* move cli show roles to org scope
2024-05-23 07:54:59 -10:00
c61b64be61
feat: add hidden enterprise cmd command to list roles ( #13303 )
...
* feat: add hidden enterprise cmd command to list roles
This includes custom roles, and has a json ouput option for
more granular permissions
2024-05-21 13:14:00 -05:00
ad8c314130
chore: implement api for creating custom roles ( #13298 )
...
api endpoint (gated by experiment) to create custom_roles
2024-05-16 13:47:47 -05:00
1f5788feff
chore: remove rbac psuedo resources, add custom verbs ( #13276 )
...
Removes our pseudo rbac resources like `WorkspaceApplicationConnect` in favor of additional verbs like `ssh`. This is to make more intuitive permissions for building custom roles.
The source of truth is now `policy.go`
2024-05-15 11:09:42 -05:00
cb6b5e8fbd
chore: push rbac actions to policy package ( #13274 )
...
Just moved `rbac.Action` -> `policy.Action`. This is for the stacked PR to not have circular dependencies when doing autogen. Without this, the autogen can produce broken golang code, which prevents the autogen from compiling.
So just avoiding circular dependencies. Doing this in it's own PR to reduce LoC diffs in the primary PR, since this has 0 functional changes.
2024-05-15 09:46:35 -05:00
eeb3d63be6
chore: merge authorization contexts ( #12816 )
...
* chore: merge authorization contexts
Instead of 2 auth contexts from apikey and dbauthz, merge them to
just use dbauthz. It is annoying to have two.
* fixup authorization reference
2024-03-29 10:14:27 -05:00
88605b9d01
chore: add display name to member role ( #10239 )
...
* chore: add display name to member role
* Do not let member role be assignable
* Ignore org member role for assignability atm
2023-10-12 10:52:32 -05:00
22e781eced
chore: add /v2 to import module path ( #9072 )
...
* chore: add /v2 to import module path
go mod requires semantic versioning with versions greater than 1.x
This was a mechanical update by running:
```
go install github.com/marwan-at-work/mod/cmd/mod@latest
mod upgrade
```
Migrate generated files to import /v2
* Fix gen
2023-08-18 18:55:43 +00:00
9df9ad4503
feat: embed common client requests into the template html ( #8076 )
...
This should reduce the number of API requests a client makes
when loading the dashboard dramatically!
2023-06-18 13:57:27 -05:00
6fb8aff6d0
feat: Add initial AuthzQuerier implementation ( #5919 )
...
feat: Add initial AuthzQuerier implementation
- Adds package database/dbauthz that adds a database.Store implementation where each method goes through AuthZ checks
- Implements all database.Store methods on AuthzQuerier
- Updates and fixes unit tests where required
- Updates coderd initialization to use AuthzQuerier if codersdk.ExperimentAuthzQuerier is enabled
2023-02-14 14:27:06 +00:00
b0a16150a3
chore: Implement standard rbac.Subject to be reused everywhere ( #5881 )
...
* chore: Implement standard rbac.Subject to be reused everywhere
An rbac subject is created in multiple spots because of the way we
expand roles, scopes, etc. This difference in use creates a list
of arguments which is unwieldy.
Use of the expander interface lets us conform to a single subject
in every case
2023-01-26 14:42:54 -06:00
8e9cbdd71b
docs: API users ( #5620 )
...
* docs: audit, deploymentconfig, files, parameters
* Swagger comments in workspacebuilds.go
* structs in workspacebuilds.go
* workspaceagents: instance identity
* workspaceagents.go in progress
* workspaceagents.go in progress
* Agents
* workspacebuilds.go
* /workspaces
* templates.go, templateversions.go
* templateversion.go in progress
* cancel
* templateversions
* wip
* Merge
* x-apidocgen
* NullTime hack not needed anymore
* Fix: x-apidocgen
* Members
* Fixes
* Fix
* WIP
* WIP
* Users
* Logout
* User profile
* Status suspend activate
* User roles
* User tokens
* Keys
* SSH key
* All
* Typo
* Fix
* Fix
* Fix: LoginWithPasswordRequest
2023-01-11 14:08:04 +01:00
84120767a7
docs: API templateversions, templates, members, organizations ( #5546 )
...
* docs: audit, deploymentconfig, files, parameters
* Swagger comments in workspacebuilds.go
* structs in workspacebuilds.go
* workspaceagents: instance identity
* workspaceagents.go in progress
* workspaceagents.go in progress
* Agents
* workspacebuilds.go
* /workspaces
* templates.go, templateversions.go
* templateversion.go in progress
* cancel
* templateversions
* wip
* Merge
* x-apidocgen
* NullTime hack not needed anymore
* Fix: x-apidocgen
* Members
* Fixes
* Fix
2023-01-11 12:16:09 +01:00
6deef06ad2
feat: secure and cross-domain subdomain-based proxying ( #4136 )
...
Co-authored-by: Kyle Carberry <kyle@carberry.com >
2022-09-22 22:30:32 +00:00
5de6f86959
feat: trace httpapi.{Read,Write} ( #4134 )
2022-09-21 17:07:00 -05:00
29d804e692
feat: add API key scopes and application_connect scope ( #4067 )
2022-09-19 17:39:02 +00:00
4be61d9250
fix: Role assign ui fixes ( #3521 )
...
Co-authored-by: Kira Pilot <kira@coder.com >
2022-08-16 10:39:42 -05:00
40e68cb80b
feat: Add template-admin + user-admin role for managing templates + users ( #3490 )
...
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com >
2022-08-12 17:27:48 -05:00
db665e7261
chore: Drop resource_id support in rbac system ( #3426 )
2022-08-09 18:16:53 +00:00
7e9819f2a8
ref: move httpapi.Reponse into codersdk ( #2954 )
2022-07-12 19:15:02 -05:00
251316751e
feat: Return more 404s vs 403s ( #2194 )
...
* feat: Return more 404s vs 403s
* Return vague 404 in all cases
2022-06-14 10:14:05 -05:00
af401e3fe1
chore: Linter rule for properly formatted api errors ( #2123 )
...
* chore: Linter rule for properly formatted api errors
* Add omitempty to 'Detail' field
2022-06-07 14:33:06 +00:00
c9a4642a12
chore: Update BE http errors to be ui friendly ( #1994 )
...
* chore: More UI friendly errors
Mainly capitlization + messages prefix error
2022-06-03 21:48:09 +00:00
cc87a0cf6b
feat: Implied 'member' roles for site and organization ( #1917 )
...
* feat: Member roles are implied and never exlpicitly added
* Rename "GetAllUserRoles" to "GetAuthorizationRoles"
* feat: Add migration to remove implied roles
* rename user auth role middleware
2022-06-01 09:07:50 -05:00
24d1a6744a
fix: Add route for user to change own password ( #1812 )
2022-05-27 17:29:55 +00:00
31b819e83f
chore: Remove interface from coderd and lift API surface ( #1772 )
...
Abstracting coderd into an interface added misdirection because
the interface was never intended to be fulfilled outside of a single
implementation.
This lifts the abstraction, and attaches all handlers to a root struct
named `*coderd.API`.
2022-05-26 03:14:08 +00:00
eea8dc6c16
feat: Add rbac to templateversion+orgmember endpoints ( #1713 )
2022-05-25 11:00:59 -05:00
4ad5ac2d4a
feat: Rbac more coderd endpoints, unit test to confirm ( #1437 )
...
* feat: Enforce authorize call on all endpoints
- Make 'request()' exported for running custom requests
* Rbac users endpoints
* 401 -> 403
2022-05-17 13:43:19 -05:00
e6168ba238
feat: Add permissions for links ( #1407 )
2022-05-13 14:25:57 +00:00
64e408c954
feat: Check permissions endpoint ( #1389 )
...
* feat: Check permissions endpoint
Allows FE to query backend for permission capabilities.
Batch requests supported
2022-05-12 20:56:23 +00:00
e54324d880
refactor: Add roles into the user response ( #1347 )
2022-05-09 16:38:14 +00:00
00806580f5
refactor: Return the display_name and name in the roles endpoint ( #1328 )
2022-05-06 19:18:00 +00:00
d0293e4d33
feat: Implement list roles & enforce authorize examples ( #1273 )
2022-05-03 16:10:19 -05:00
