coder

synced/coder

Fork 0

mirror of https://github.com/coder/coder.git synced 2025-07-06 15:41:45 +00:00

Commit Graph

Author	SHA1	Message	Date
Steven Masley	b0a16150a3	chore: Implement standard rbac.Subject to be reused everywhere (#5881 ) * chore: Implement standard rbac.Subject to be reused everywhere An rbac subject is created in multiple spots because of the way we expand roles, scopes, etc. This difference in use creates a list of arguments which is unwieldy. Use of the expander interface lets us conform to a single subject in every case	2023-01-26 14:42:54 -06:00
Steven Masley	08cce81ac8	feat: Implement allow_list for scopes for resource specific permissions (#5769 ) * feat: Implement allow_list for scopes for resource specific permissions Feature that adds an allow_list for scopes to specify particular resources. This enables workspace agent tokens to use the same RBAC system as users. - Add ID to compileSQL matchers * Plumb through WithID on rbac objects * Rename Scope -> ScopeName * Update input.json with scope allow_list Co-authored-by: Cian Johnston <cian@coder.com>	2023-01-19 13:41:36 -06:00
Steven Masley	eb48341696	chore: More complete tracing for RBAC functions (#5690 ) * chore: More complete tracing for RBAC functions * Add input.json as example rbac input for rego cli The input.json is required to play with the rego cli and debug the policy without golang. It is good to have an example to run the commands in the readme.md * Add span events to capture authorize and prepared results * chore: Add prometheus metrics to rbac authorizer	2023-01-13 16:07:15 -06:00

Author

SHA1

Message

Date

Steven Masley

b0a16150a3

chore: Implement standard rbac.Subject to be reused everywhere (#5881 )

* chore: Implement standard rbac.Subject to be reused everywhere

An rbac subject is created in multiple spots because of the way we
expand roles, scopes, etc. This difference in use creates a list
of arguments which is unwieldy.

Use of the expander interface lets us conform to a single subject
in every case

2023-01-26 14:42:54 -06:00

Steven Masley

08cce81ac8

feat: Implement allow_list for scopes for resource specific permissions (#5769 )

* feat: Implement allow_list for scopes for resource specific permissions

Feature that adds an allow_list for scopes to specify particular resources.
This enables workspace agent tokens to use the same RBAC system as users.

- Add ID to compileSQL matchers
* Plumb through WithID on rbac objects
* Rename Scope -> ScopeName
* Update input.json with scope allow_list

Co-authored-by: Cian Johnston <cian@coder.com>

2023-01-19 13:41:36 -06:00

Steven Masley

eb48341696

chore: More complete tracing for RBAC functions (#5690 )

* chore: More complete tracing for RBAC functions
* Add input.json as example rbac input for rego cli

The input.json is required to play with the rego cli and debug
the policy without golang. It is good to have an example to run
the commands in the readme.md

* Add span events to capture authorize and prepared results
* chore: Add prometheus metrics to rbac authorizer

2023-01-13 16:07:15 -06:00

3 Commits