Skip to content

feat: add hidden enterprise cmd command to list roles #13303

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
May 21, 2024
Merged

feat: add hidden enterprise cmd command to list roles #13303

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8263f27
feat: add hidden enterprise cmd command to list roles
Emyrk May 16, 2024
9fc4ec8
chore: add unit test for show
Emyrk May 16, 2024
5f83fc4
PR Comments, add unit test
Emyrk May 21, 2024
0d9074c
Bump migration number
Emyrk May 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions coderd/apidoc/docs.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

26 changes: 26 additions & 0 deletions coderd/apidoc/swagger.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 3 additions & 2 deletions coderd/database/dbauthz/dbauthz.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -835,11 +835,12 @@ func (q *querier) CleanTailnetTunnels(ctx context.Context) error {
return q.db.CleanTailnetTunnels(ctx)
}

func (q *querier) CustomRolesByName(ctx context.Context, lookupRoles []string) ([]database.CustomRole, error) {
// TODO: Handle org scoped lookups
func (q *querier) CustomRoles(ctx context.Context, arg database.CustomRolesParams) ([]database.CustomRole, error) {
if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceAssignRole); err != nil {
return nil, err
}
return q.db.CustomRolesByName(ctx, lookupRoles)
return q.db.CustomRoles(ctx, arg)
}

func (q *querier) DeleteAPIKeyByID(ctx context.Context, id string) error {
Expand Down
4 changes: 2 additions & 2 deletions coderd/database/dbauthz/dbauthz_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1177,8 +1177,8 @@ func (s *MethodTestSuite) TestUser() {
b := dbgen.User(s.T(), db, database.User{})
check.Args().Asserts(rbac.ResourceSystem, policy.ActionRead).Returns(slice.New(a.ID, b.ID))
}))
s.Run("CustomRolesByName", s.Subtest(func(db database.Store, check *expects) {
check.Args([]string{}).Asserts(rbac.ResourceAssignRole, policy.ActionRead).Returns([]database.CustomRole{})
s.Run("CustomRoles", s.Subtest(func(db database.Store, check *expects) {
check.Args(database.CustomRolesParams{}).Asserts(rbac.ResourceAssignRole, policy.ActionRead).Returns([]database.CustomRole{})
}))
s.Run("Blank/UpsertCustomRole", s.Subtest(func(db database.Store, check *expects) {
// Blank is no perms in the role
Expand Down
20 changes: 14 additions & 6 deletions coderd/database/dbmem/dbmem.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1175,18 +1175,26 @@ func (*FakeQuerier) CleanTailnetTunnels(context.Context) error {
return ErrUnimplemented
}

func (q *FakeQuerier) CustomRolesByName(_ context.Context, lookupRoles []string) ([]database.CustomRole, error) {
func (q *FakeQuerier) CustomRoles(_ context.Context, arg database.CustomRolesParams) ([]database.CustomRole, error) {
q.mutex.Lock()
defer q.mutex.Unlock()

found := make([]database.CustomRole, 0)
for _, role := range q.data.customRoles {
if slices.ContainsFunc(lookupRoles, func(s string) bool {
return strings.EqualFold(s, role.Name)
}) {
role := role
found = append(found, role)
role := role
if len(arg.LookupRoles) > 0 {
if !slices.ContainsFunc(arg.LookupRoles, func(s string) bool {
return strings.EqualFold(s, role.Name)
}) {
continue
}
}

if arg.ExcludeOrgRoles && role.OrganizationID.Valid {
continue
}

found = append(found, role)
}

return found, nil
Expand Down
6 changes: 3 additions & 3 deletions coderd/database/dbmetrics/dbmetrics.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 6 additions & 6 deletions coderd/database/dbmock/dbmock.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion coderd/database/dump.sql
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions coderd/database/migrations/000212_custom_role_orgs.down.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
ALTER TABLE custom_roles
-- This column is nullable, meaning no organization scope
DROP COLUMN organization_id;
5 changes: 5 additions & 0 deletions coderd/database/migrations/000212_custom_role_orgs.up.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
ALTER TABLE custom_roles
-- This column is nullable, meaning no organization scope
ADD COLUMN organization_id uuid;

COMMENT ON COLUMN custom_roles.organization_id IS 'Roles can optionally be scoped to an organization'
2 changes: 2 additions & 0 deletions coderd/database/models.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion coderd/database/querier.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

27 changes: 22 additions & 5 deletions coderd/database/queries.sql.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 11 additions & 2 deletions coderd/database/queries/roles.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,23 @@
-- name: CustomRolesByName :many
-- name: CustomRoles :many
SELECT
*
FROM
custom_roles
WHERE
true
-- Lookup roles filter
AND CASE WHEN array_length(@lookup_roles :: text[], 1) > 0 THEN
-- Case insensitive
name ILIKE ANY(@lookup_roles :: text [])
ELSE true
END
-- Org scoping filter, to only fetch site wide roles
AND CASE WHEN @exclude_org_roles :: boolean THEN
organization_id IS null
ELSE true
END
;


-- name: UpsertCustomRole :one
INSERT INTO
custom_roles (
Expand Down
2 changes: 1 addition & 1 deletion coderd/httpapi/name.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ func UsernameFrom(str string) string {
}

// NameValid returns whether the input string is a valid name.
// It is a generic validator for any name (user, workspace, template, etc.).
// It is a generic validator for any name (user, workspace, template, role name, etc.).
func NameValid(str string) error {
if len(str) > 32 {
return xerrors.New("must be <= 32 characters")
Expand Down
7 changes: 5 additions & 2 deletions coderd/rbac/rolestore/rolestore.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,10 @@ func Expand(ctx context.Context, db database.Store, names []string) (rbac.Roles,
// If some roles are missing from the database, they are omitted from
// the expansion. These roles are no-ops. Should we raise some kind of
// warning when this happens?
dbroles, err := db.CustomRolesByName(ctx, lookup)
dbroles, err := db.CustomRoles(ctx, database.CustomRolesParams{
LookupRoles: lookup,
ExcludeOrgRoles: false,
})
if err != nil {
return nil, xerrors.Errorf("fetch custom roles: %w", err)
}
Expand All @@ -81,7 +84,7 @@ func Expand(ctx context.Context, db database.Store, names []string) (rbac.Roles,
for _, dbrole := range dbroles {
converted, err := ConvertDBRole(dbrole)
if err != nil {
return nil, xerrors.Errorf("convert db role %q: %w", dbrole, err)
return nil, xerrors.Errorf("convert db role %q: %w", dbrole.Name, err)
}
roles = append(roles, converted)
cache.Store(dbrole.Name, converted)
Expand Down
Loading
Loading