Skip to content

Commit ecc356f

Browse files
EmyrkEmyrk
authored
chore: generate rbac resource types to typescript (coder#13975)
* chore: generate rbac resource types to typescript The existing typesGenerated.ts cannot support this as the generator only inspects the types, not the values. So traversing the value AST would have to be added. The rbac gen is already used for the sdk, this extends it to the typescript
1 parent b817c86 commit ecc356f

File tree

5 files changed

+196
-3
lines changed

5 files changed

+196
-3
lines changed

Makefile

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -487,6 +487,7 @@ gen: \
487487
site/src/api/typesGenerated.ts \
488488
coderd/rbac/object_gen.go \
489489
codersdk/rbacresources_gen.go \
490+
site/src/api/rbacresources_gen.ts \
490491
docs/admin/prometheus.md \
491492
docs/cli.md \
492493
docs/admin/audit-logs.md \
@@ -518,6 +519,7 @@ gen/mark-fresh:
518519
site/src/api/typesGenerated.ts \
519520
coderd/rbac/object_gen.go \
520521
codersdk/rbacresources_gen.go \
522+
site/src/api/rbacresources_gen.ts \
521523
docs/admin/prometheus.md \
522524
docs/cli.md \
523525
docs/admin/audit-logs.md \
@@ -622,6 +624,10 @@ coderd/rbac/object_gen.go: scripts/rbacgen/rbacobject.gotmpl scripts/rbacgen/mai
622624
codersdk/rbacresources_gen.go: scripts/rbacgen/codersdk.gotmpl scripts/rbacgen/main.go coderd/rbac/object.go coderd/rbac/policy/policy.go
623625
go run scripts/rbacgen/main.go codersdk > codersdk/rbacresources_gen.go
624626

627+
site/src/api/rbacresources_gen.ts: scripts/rbacgen/codersdk.gotmpl scripts/rbacgen/main.go coderd/rbac/object.go coderd/rbac/policy/policy.go
628+
go run scripts/rbacgen/main.go typescript > site/src/api/rbacresources_gen.ts
629+
630+
625631
docs/admin/prometheus.md: scripts/metricsdocgen/main.go scripts/metricsdocgen/metrics
626632
go run scripts/metricsdocgen/main.go
627633
./scripts/pnpm_install.sh

coderd/rbac/policy/policy.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,10 @@ type ActionDefinition struct {
3939
Description string
4040
}
4141

42+
func (d ActionDefinition) String() string {
43+
return d.Description
44+
}
45+
4246
func actDef(description string) ActionDefinition {
4347
return ActionDefinition{
4448
Description: description,

scripts/rbacgen/main.go

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,11 +10,11 @@ import (
1010
"go/format"
1111
"go/parser"
1212
"go/token"
13-
"html/template"
1413
"log"
1514
"os"
1615
"slices"
1716
"strings"
17+
"text/template"
1818

1919
"golang.org/x/xerrors"
2020

@@ -27,6 +27,9 @@ var rbacObjectTemplate string
2727
//go:embed codersdk.gotmpl
2828
var codersdkTemplate string
2929

30+
//go:embed typescript.tstmpl
31+
var typescriptTemplate string
32+
3033
func usage() {
3134
_, _ = fmt.Println("Usage: rbacgen <codersdk|rbac>")
3235
_, _ = fmt.Println("Must choose a template target.")
@@ -43,6 +46,7 @@ func main() {
4346
os.Exit(1)
4447
}
4548

49+
formatSource := format.Source
4650
// It did not make sense to have 2 different generators that do essentially
4751
// the same thing, but different format for the BE and the sdk.
4852
// So the argument switches the go template to use.
@@ -52,8 +56,14 @@ func main() {
5256
source = codersdkTemplate
5357
case "rbac":
5458
source = rbacObjectTemplate
59+
case "typescript":
60+
source = typescriptTemplate
61+
formatSource = func(src []byte) ([]byte, error) {
62+
// No typescript formatting
63+
return src, nil
64+
}
5565
default:
56-
_, _ = fmt.Fprintf(os.Stderr, "%q is not a valid templte target\n", flag.Args()[0])
66+
_, _ = fmt.Fprintf(os.Stderr, "%q is not a valid template target\n", flag.Args()[0])
5767
usage()
5868
os.Exit(2)
5969
}
@@ -63,7 +73,7 @@ func main() {
6373
log.Fatalf("Generate source: %s", err.Error())
6474
}
6575

66-
formatted, err := format.Source(out)
76+
formatted, err := formatSource(out)
6777
if err != nil {
6878
log.Fatalf("Format template: %s", err.Error())
6979
}

scripts/rbacgen/typescript.tstmpl

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
// Code generated by rbacgen/main.go. DO NOT EDIT.
2+
3+
import type { RBACAction, RBACResource } from "./typesGenerated";
4+
5+
// RBACResourceActions maps RBAC resources to their possible actions.
6+
// Descriptions are included to document the purpose of each action.
7+
// Source is in 'coderd/rbac/policy/policy.go'.
8+
export const RBACResourceActions: Partial<
9+
Record<RBACResource, Partial<Record<RBACAction, string>>>
10+
> = {
11+
{{- range $element := . }}
12+
{{- if eq $element.Type "*" }}{{ continue }}{{ end }}
13+
{{ $element.Type }}: {
14+
{{- range $actionValue, $actionDescription := $element.Actions }}
15+
{{ $actionValue }}: "{{ $actionDescription }}",
16+
{{- end }}
17+
},
18+
{{- end }}
19+
};

site/src/api/rbacresources_gen.ts

Lines changed: 154 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,154 @@
1+
// Code generated by rbacgen/main.go. DO NOT EDIT.
2+
3+
import type { RBACAction, RBACResource } from "./typesGenerated";
4+
5+
// RBACResourceActions maps RBAC resources to their possible actions.
6+
// Descriptions are included to document the purpose of each action.
7+
// Source is in 'coderd/rbac/policy/policy.go'.
8+
export const RBACResourceActions: Partial<
9+
Record<RBACResource, Partial<Record<RBACAction, string>>>
10+
> = {
11+
api_key: {
12+
create: "create an api key",
13+
delete: "delete an api key",
14+
read: "read api key details (secrets are not stored)",
15+
update: "update an api key, eg expires",
16+
},
17+
assign_org_role: {
18+
assign: "ability to assign org scoped roles",
19+
create: "ability to create/delete/edit custom roles within an organization",
20+
delete: "ability to delete org scoped roles",
21+
read: "view what roles are assignable",
22+
},
23+
assign_role: {
24+
assign: "ability to assign roles",
25+
create: "ability to create/delete/edit custom roles",
26+
delete: "ability to unassign roles",
27+
read: "view what roles are assignable",
28+
},
29+
audit_log: {
30+
create: "create new audit log entries",
31+
read: "read audit logs",
32+
},
33+
debug_info: {
34+
read: "access to debug routes",
35+
},
36+
deployment_config: {
37+
read: "read deployment config",
38+
update: "updating health information",
39+
},
40+
deployment_stats: {
41+
read: "read deployment stats",
42+
},
43+
file: {
44+
create: "create a file",
45+
read: "read files",
46+
},
47+
group: {
48+
create: "create a group",
49+
delete: "delete a group",
50+
read: "read groups",
51+
update: "update a group",
52+
},
53+
license: {
54+
create: "create a license",
55+
delete: "delete license",
56+
read: "read licenses",
57+
},
58+
oauth2_app: {
59+
create: "make an OAuth2 app.",
60+
delete: "delete an OAuth2 app",
61+
read: "read OAuth2 apps",
62+
update: "update the properties of the OAuth2 app.",
63+
},
64+
oauth2_app_code_token: {
65+
create: "",
66+
delete: "",
67+
read: "",
68+
},
69+
oauth2_app_secret: {
70+
create: "",
71+
delete: "",
72+
read: "",
73+
update: "",
74+
},
75+
organization: {
76+
create: "create an organization",
77+
delete: "delete an organization",
78+
read: "read organizations",
79+
update: "update an organization",
80+
},
81+
organization_member: {
82+
create: "create an organization member",
83+
delete: "delete member",
84+
read: "read member",
85+
update: "update an organization member",
86+
},
87+
provisioner_daemon: {
88+
create: "create a provisioner daemon",
89+
delete: "delete a provisioner daemon",
90+
read: "read provisioner daemon",
91+
update: "update a provisioner daemon",
92+
},
93+
provisioner_keys: {
94+
create: "create a provisioner key",
95+
delete: "delete a provisioner key",
96+
read: "read provisioner keys",
97+
},
98+
replicas: {
99+
read: "read replicas",
100+
},
101+
system: {
102+
create: "create system resources",
103+
delete: "delete system resources",
104+
read: "view system resources",
105+
update: "update system resources",
106+
},
107+
tailnet_coordinator: {
108+
create: "",
109+
delete: "",
110+
read: "",
111+
update: "",
112+
},
113+
template: {
114+
create: "create a template",
115+
delete: "delete a template",
116+
read: "read template",
117+
update: "update a template",
118+
view_insights: "view insights",
119+
},
120+
user: {
121+
create: "create a new user",
122+
delete: "delete an existing user",
123+
read: "read user data",
124+
read_personal: "read personal user data like user settings and auth links",
125+
update: "update an existing user",
126+
update_personal: "update personal data",
127+
},
128+
workspace: {
129+
application_connect: "connect to workspace apps via browser",
130+
create: "create a new workspace",
131+
delete: "delete workspace",
132+
read: "read workspace data to view on the UI",
133+
ssh: "ssh into a given workspace",
134+
start: "allows starting a workspace",
135+
stop: "allows stopping a workspace",
136+
update: "edit workspace settings (scheduling, permissions, parameters)",
137+
},
138+
workspace_dormant: {
139+
application_connect: "connect to workspace apps via browser",
140+
create: "create a new workspace",
141+
delete: "delete workspace",
142+
read: "read workspace data to view on the UI",
143+
ssh: "ssh into a given workspace",
144+
start: "allows starting a workspace",
145+
stop: "allows stopping a workspace",
146+
update: "edit workspace settings (scheduling, permissions, parameters)",
147+
},
148+
workspace_proxy: {
149+
create: "create a workspace proxy",
150+
delete: "delete a workspace proxy",
151+
read: "read and use a workspace proxy",
152+
update: "update a workspace proxy",
153+
},
154+
};

0 commit comments

Comments
 (0)