From dc7a902f5d9e77c52a560d74eb0e1d819c544529 Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Wed, 23 Jul 2025 13:36:51 -0500 Subject: [PATCH 1/2] chore: remove actDef function, had no value --- coderd/rbac/policy/policy.go | 252 +++++++++++++++++------------------ 1 file changed, 120 insertions(+), 132 deletions(-) diff --git a/coderd/rbac/policy/policy.go b/coderd/rbac/policy/policy.go index a10abfb9605ca..8f05bbdbe544f 100644 --- a/coderd/rbac/policy/policy.go +++ b/coderd/rbac/policy/policy.go @@ -40,39 +40,27 @@ type PermissionDefinition struct { Comment string } -type ActionDefinition struct { - // Human friendly description to explain the action. - Description string -} - -func (d ActionDefinition) String() string { - return d.Description -} - -func actDef(description string) ActionDefinition { - return ActionDefinition{ - Description: description, - } -} +// Human friendly description to explain the action. +type ActionDefinition string var workspaceActions = map[Action]ActionDefinition{ - ActionCreate: actDef("create a new workspace"), - ActionRead: actDef("read workspace data to view on the UI"), + ActionCreate: "create a new workspace", + ActionRead: "read workspace data to view on the UI", // TODO: Make updates more granular - ActionUpdate: actDef("edit workspace settings (scheduling, permissions, parameters)"), - ActionDelete: actDef("delete workspace"), + ActionUpdate: "edit workspace settings (scheduling, permissions, parameters)", + ActionDelete: "delete workspace", // Workspace provisioning. Start & stop are different so dormant workspaces can be // stopped, but not stared. - ActionWorkspaceStart: actDef("allows starting a workspace"), - ActionWorkspaceStop: actDef("allows stopping a workspace"), + ActionWorkspaceStart: "allows starting a workspace", + ActionWorkspaceStop: "allows stopping a workspace", // Running a workspace - ActionSSH: actDef("ssh into a given workspace"), - ActionApplicationConnect: actDef("connect to workspace apps via browser"), + ActionSSH: "ssh into a given workspace", + ActionApplicationConnect: "connect to workspace apps via browser", - ActionCreateAgent: actDef("create a new workspace agent"), - ActionDeleteAgent: actDef("delete an existing workspace agent"), + ActionCreateAgent: "create a new workspace agent", + ActionDeleteAgent: "delete an existing workspace agent", } // RBACPermissions is indexed by the type @@ -86,13 +74,13 @@ var RBACPermissions = map[string]PermissionDefinition{ "user": { Actions: map[Action]ActionDefinition{ // Actions deal with site wide user objects. - ActionRead: actDef("read user data"), - ActionCreate: actDef("create a new user"), - ActionUpdate: actDef("update an existing user"), - ActionDelete: actDef("delete an existing user"), + ActionRead: "read user data", + ActionCreate: "create a new user", + ActionUpdate: "update an existing user", + ActionDelete: "delete an existing user", - ActionReadPersonal: actDef("read personal user data like user settings and auth links"), - ActionUpdatePersonal: actDef("update personal data"), + ActionReadPersonal: "read personal user data like user settings and auth links", + ActionUpdatePersonal: "update personal data", }, }, "workspace": { @@ -112,126 +100,126 @@ var RBACPermissions = map[string]PermissionDefinition{ // If the user lacks prebuilt_workspace update or delete permissions, // the authorization will always fall back to the corresponding permissions on workspace. Actions: map[Action]ActionDefinition{ - ActionUpdate: actDef("update prebuilt workspace settings"), - ActionDelete: actDef("delete prebuilt workspace"), + ActionUpdate: "update prebuilt workspace settings", + ActionDelete: "delete prebuilt workspace", }, }, "workspace_proxy": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create a workspace proxy"), - ActionDelete: actDef("delete a workspace proxy"), - ActionUpdate: actDef("update a workspace proxy"), - ActionRead: actDef("read and use a workspace proxy"), + ActionCreate: "create a workspace proxy", + ActionDelete: "delete a workspace proxy", + ActionUpdate: "update a workspace proxy", + ActionRead: "read and use a workspace proxy", }, }, "license": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create a license"), - ActionRead: actDef("read licenses"), - ActionDelete: actDef("delete license"), + ActionCreate: "create a license", + ActionRead: "read licenses", + ActionDelete: "delete license", // Licenses are immutable, so update makes no sense }, }, "audit_log": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("read audit logs"), - ActionCreate: actDef("create new audit log entries"), + ActionRead: "read audit logs", + ActionCreate: "create new audit log entries", }, }, "connection_log": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("read connection logs"), - ActionUpdate: actDef("upsert connection log entries"), + ActionRead: "read connection logs", + ActionUpdate: "upsert connection log entries", }, }, "deployment_config": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("read deployment config"), - ActionUpdate: actDef("updating health information"), + ActionRead: "read deployment config", + ActionUpdate: "updating health information", }, }, "deployment_stats": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("read deployment stats"), + ActionRead: "read deployment stats", }, }, "replicas": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("read replicas"), + ActionRead: "read replicas", }, }, "template": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create a template"), - ActionUse: actDef("use the template to initially create a workspace, then workspace lifecycle permissions take over"), - ActionRead: actDef("read template"), - ActionUpdate: actDef("update a template"), - ActionDelete: actDef("delete a template"), - ActionViewInsights: actDef("view insights"), + ActionCreate: "create a template", + ActionUse: "use the template to initially create a workspace, then workspace lifecycle permissions take over", + ActionRead: "read template", + ActionUpdate: "update a template", + ActionDelete: "delete a template", + ActionViewInsights: "view insights", }, }, "group": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create a group"), - ActionRead: actDef("read groups"), - ActionDelete: actDef("delete a group"), - ActionUpdate: actDef("update a group"), + ActionCreate: "create a group", + ActionRead: "read groups", + ActionDelete: "delete a group", + ActionUpdate: "update a group", }, }, "group_member": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("read group members"), + ActionRead: "read group members", }, }, "file": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create a file"), - ActionRead: actDef("read files"), + ActionCreate: "create a file", + ActionRead: "read files", }, }, "provisioner_daemon": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create a provisioner daemon/key"), + ActionCreate: "create a provisioner daemon/key", // TODO: Move to use? - ActionRead: actDef("read provisioner daemon"), - ActionUpdate: actDef("update a provisioner daemon"), - ActionDelete: actDef("delete a provisioner daemon/key"), + ActionRead: "read provisioner daemon", + ActionUpdate: "update a provisioner daemon", + ActionDelete: "delete a provisioner daemon/key", }, }, "provisioner_jobs": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("read provisioner jobs"), - ActionUpdate: actDef("update provisioner jobs"), - ActionCreate: actDef("create provisioner jobs"), + ActionRead: "read provisioner jobs", + ActionUpdate: "update provisioner jobs", + ActionCreate: "create provisioner jobs", }, }, "organization": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create an organization"), - ActionRead: actDef("read organizations"), - ActionUpdate: actDef("update an organization"), - ActionDelete: actDef("delete an organization"), + ActionCreate: "create an organization", + ActionRead: "read organizations", + ActionUpdate: "update an organization", + ActionDelete: "delete an organization", }, }, "organization_member": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create an organization member"), - ActionRead: actDef("read member"), - ActionUpdate: actDef("update an organization member"), - ActionDelete: actDef("delete member"), + ActionCreate: "create an organization member", + ActionRead: "read member", + ActionUpdate: "update an organization member", + ActionDelete: "delete member", }, }, "debug_info": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("access to debug routes"), + ActionRead: "access to debug routes", }, }, "system": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create system resources"), - ActionRead: actDef("view system resources"), - ActionUpdate: actDef("update system resources"), - ActionDelete: actDef("delete system resources"), + ActionCreate: "create system resources", + ActionRead: "view system resources", + ActionUpdate: "update system resources", + ActionDelete: "delete system resources", }, Comment: ` // DEPRECATED: New resources should be created for new things, rather than adding them to System, which has become @@ -240,119 +228,119 @@ var RBACPermissions = map[string]PermissionDefinition{ }, "api_key": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create an api key"), - ActionRead: actDef("read api key details (secrets are not stored)"), - ActionDelete: actDef("delete an api key"), - ActionUpdate: actDef("update an api key, eg expires"), + ActionCreate: "create an api key", + ActionRead: "read api key details (secrets are not stored)", + ActionDelete: "delete an api key", + ActionUpdate: "update an api key, eg expires", }, }, "tailnet_coordinator": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create a Tailnet coordinator"), - ActionRead: actDef("view info about a Tailnet coordinator"), - ActionUpdate: actDef("update a Tailnet coordinator"), - ActionDelete: actDef("delete a Tailnet coordinator"), + ActionCreate: "create a Tailnet coordinator", + ActionRead: "view info about a Tailnet coordinator", + ActionUpdate: "update a Tailnet coordinator", + ActionDelete: "delete a Tailnet coordinator", }, }, "assign_role": { Actions: map[Action]ActionDefinition{ - ActionAssign: actDef("assign user roles"), - ActionUnassign: actDef("unassign user roles"), - ActionRead: actDef("view what roles are assignable"), + ActionAssign: "assign user roles", + ActionUnassign: "unassign user roles", + ActionRead: "view what roles are assignable", }, }, "assign_org_role": { Actions: map[Action]ActionDefinition{ - ActionAssign: actDef("assign org scoped roles"), - ActionUnassign: actDef("unassign org scoped roles"), - ActionCreate: actDef("create/delete custom roles within an organization"), - ActionRead: actDef("view what roles are assignable within an organization"), - ActionUpdate: actDef("edit custom roles within an organization"), - ActionDelete: actDef("delete roles within an organization"), + ActionAssign: "assign org scoped roles", + ActionUnassign: "unassign org scoped roles", + ActionCreate: "create/delete custom roles within an organization", + ActionRead: "view what roles are assignable within an organization", + ActionUpdate: "edit custom roles within an organization", + ActionDelete: "delete roles within an organization", }, }, "oauth2_app": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("make an OAuth2 app"), - ActionRead: actDef("read OAuth2 apps"), - ActionUpdate: actDef("update the properties of the OAuth2 app"), - ActionDelete: actDef("delete an OAuth2 app"), + ActionCreate: "make an OAuth2 app", + ActionRead: "read OAuth2 apps", + ActionUpdate: "update the properties of the OAuth2 app", + ActionDelete: "delete an OAuth2 app", }, }, "oauth2_app_secret": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create an OAuth2 app secret"), - ActionRead: actDef("read an OAuth2 app secret"), - ActionUpdate: actDef("update an OAuth2 app secret"), - ActionDelete: actDef("delete an OAuth2 app secret"), + ActionCreate: "create an OAuth2 app secret", + ActionRead: "read an OAuth2 app secret", + ActionUpdate: "update an OAuth2 app secret", + ActionDelete: "delete an OAuth2 app secret", }, }, "oauth2_app_code_token": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create an OAuth2 app code token"), - ActionRead: actDef("read an OAuth2 app code token"), - ActionDelete: actDef("delete an OAuth2 app code token"), + ActionCreate: "create an OAuth2 app code token", + ActionRead: "read an OAuth2 app code token", + ActionDelete: "delete an OAuth2 app code token", }, }, "notification_message": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create notification messages"), - ActionRead: actDef("read notification messages"), - ActionUpdate: actDef("update notification messages"), - ActionDelete: actDef("delete notification messages"), + ActionCreate: "create notification messages", + ActionRead: "read notification messages", + ActionUpdate: "update notification messages", + ActionDelete: "delete notification messages", }, }, "notification_template": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("read notification templates"), - ActionUpdate: actDef("update notification templates"), + ActionRead: "read notification templates", + ActionUpdate: "update notification templates", }, }, "notification_preference": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("read notification preferences"), - ActionUpdate: actDef("update notification preferences"), + ActionRead: "read notification preferences", + ActionUpdate: "update notification preferences", }, }, "webpush_subscription": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create webpush subscriptions"), - ActionRead: actDef("read webpush subscriptions"), - ActionDelete: actDef("delete webpush subscriptions"), + ActionCreate: "create webpush subscriptions", + ActionRead: "read webpush subscriptions", + ActionDelete: "delete webpush subscriptions", }, }, "inbox_notification": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create inbox notifications"), - ActionRead: actDef("read inbox notifications"), - ActionUpdate: actDef("update inbox notifications"), + ActionCreate: "create inbox notifications", + ActionRead: "read inbox notifications", + ActionUpdate: "update inbox notifications", }, }, "crypto_key": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("read crypto keys"), - ActionUpdate: actDef("update crypto keys"), - ActionDelete: actDef("delete crypto keys"), - ActionCreate: actDef("create crypto keys"), + ActionRead: "read crypto keys", + ActionUpdate: "update crypto keys", + ActionDelete: "delete crypto keys", + ActionCreate: "create crypto keys", }, }, // idpsync_settings should always be org scoped "idpsync_settings": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("read IdP sync settings"), - ActionUpdate: actDef("update IdP sync settings"), + ActionRead: "read IdP sync settings", + ActionUpdate: "update IdP sync settings", }, }, "workspace_agent_resource_monitor": { Actions: map[Action]ActionDefinition{ - ActionRead: actDef("read workspace agent resource monitor"), - ActionCreate: actDef("create workspace agent resource monitor"), - ActionUpdate: actDef("update workspace agent resource monitor"), + ActionRead: "read workspace agent resource monitor", + ActionCreate: "create workspace agent resource monitor", + ActionUpdate: "update workspace agent resource monitor", }, }, "workspace_agent_devcontainers": { Actions: map[Action]ActionDefinition{ - ActionCreate: actDef("create workspace agent devcontainers"), + ActionCreate: "create workspace agent devcontainers", }, }, } From ff10bea5f5d05a318ab8a9bc56907ba93a9e8319 Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Wed, 23 Jul 2025 13:45:56 -0500 Subject: [PATCH 2/2] fix gen --- scripts/typegen/rbacobject.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/typegen/rbacobject.gotmpl b/scripts/typegen/rbacobject.gotmpl index ee89a8801eaca..37aec00dc8b83 100644 --- a/scripts/typegen/rbacobject.gotmpl +++ b/scripts/typegen/rbacobject.gotmpl @@ -14,7 +14,7 @@ var ( // Resource{{ $Name }} // Valid Actions {{- range $action, $value := .Actions }} - // - "{{ actionEnum $action }}" :: {{ $value.Description }} + // - "{{ actionEnum $action }}" :: {{ $value }} {{- end }} {{- .Comment }} Resource{{ $Name }} = Object { pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy