chore: move scripts from rbac to main scripts directory

ssncferreira · ssncferreira · commit e49fd2de11cb · 2025-06-27T10:26:32.000Z
diff --git a/scripts/rbac-authz/benchmark_authz.sh b/scripts/rbac-authz/benchmark_authz.sh
@@ -10,8 +10,8 @@
 # Benchmark results are saved with filenames based on the branch name.
 #
 # Usage:
-#   benchmark_authz.sh --single												# Run benchmarks on current branch
-#   benchmark_authz.sh --compare <branchA> <branchB>	# Compare benchmarks between two branches
+#   benchmark_authz.sh --single                       # Run benchmarks on current branch
+#   benchmark_authz.sh --compare <branchA> <branchB>  # Compare benchmarks between two branches
 
 set -euo pipefail
 
@@ -22,7 +22,8 @@ BENCHTIME=5s
 COUNT=5
 
 # Script configuration
-OUTPUT_DIR="benchmark_outputs"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+OUTPUT_DIR="${SCRIPT_DIR}/benchmark_outputs"
 
 # List of benchmark tests
 BENCHMARKS=(
@@ -43,14 +44,20 @@ function run_benchmarks() {
 	echo "Checking out $branch..."
 	git checkout "$branch"
 
+	# Move into the rbac directory to run the benchmark tests
+	pushd ../../coderd/rbac/ >/dev/null
+
 	for bench in "${BENCHMARKS[@]}"; do
 		local output_file="${output_file_prefix}_${bench}.txt"
 		echo "Running benchmark $bench on $branch..."
 		GOMAXPROCS=$GOMAXPROCS go test -timeout $TIMEOUT -bench="^${bench}$" -run=^$ -benchtime=$BENCHTIME -count=$COUNT | tee "$output_file"
 	done
+
+	# Return to original directory
+	popd >/dev/null
 }
 
-if [[ "${1:-}" == "--single" ]]; then
+if [[ $# -eq 0 || "${1:-}" == "--single" ]]; then
 	current_branch=$(git rev-parse --abbrev-ref HEAD)
 	run_benchmarks "$current_branch"
 elif [[ "${1:-}" == "--compare" ]]; then
@@ -72,7 +79,7 @@ elif [[ "${1:-}" == "--compare" ]]; then
 	done
 else
 	echo "Usage:"
-	echo "  $0 --single										# run benchmarks on current branch"
-	echo "  $0 --compare branchA branchB	# compare benchmarks between two branches"
+	echo "  $0 --single                   # run benchmarks on current branch"
+	echo "  $0 --compare branchA branchB  # compare benchmarks between two branches"
 	exit 1
 fi
diff --git a/scripts/rbac-authz/gen_input.go b/scripts/rbac-authz/gen_input.go
@@ -1,3 +1,7 @@
+// This program generates an input.json file containing action, object, and subject fields
+// to be used as input for `opa eval`, e.g.:
+// > opa eval --format=pretty "data.authz.allow" -d policy.rego -i input.json
+// This helps verify that the policy returns the expected authorization decision.
 package main
 
 import (
@@ -41,7 +45,10 @@ func newSubjectJSON(s rbac.Subject) (*SubjectJSON, error) {
 	}, nil
 }
 
-// TODO: support arguments for subject, action and object
+// TODO: Support optional CLI flags to customize the input:
+// --action=[one of the supported actions]
+// --subject=[one of the built-in roles]
+// --object=[one of the supported resources]
 func main() {
 	// Template Admin user
 	subject := rbac.Subject{
