shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: add wildcard scope entries for API key scopes (#20032)

Browse Source 
# Add API Key Scope Wildcards

This PR adds wildcard API key scopes (`resource:*`) for all RBAC resources to ensure every resource has a matching wildcard value. It also adds all individual `resource:action`​ scopes to the API documentation and TypeScript definitions.

The changes include:

- Adding a new database migration (000377) that adds wildcard API key scopes
- Updating the API documentation to include all available scopes
- Enhancing the scope generation scripts to include all resource wildcards
- Updating the TypeScript definitions to match the expanded scope list

These changes make creating API keys with comprehensive permissions for specific resource types easier.
This commit is contained in:
Thomas Kosiewski
2025-10-06 12:08:17 +02:00
committed by GitHub
parent d17dd5d787
commit b60ae0a0c4
12 changed files with 1551 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files
coderd/database/dump.sql
Generated
+41 -1
View File
@@ -157,7 +157,47 @@ CREATE TYPE api_key_scope AS ENUM (
'coder:workspaces.access',
'coder:templates.build',
'coder:templates.author',
'coder:apikeys.manage_self'
'coder:apikeys.manage_self',
'aibridge_interception:*',
'api_key:*',
'assign_org_role:*',
'assign_role:*',
'audit_log:*',
'connection_log:*',
'crypto_key:*',
'debug_info:*',
'deployment_config:*',
'deployment_stats:*',
'file:*',
'group:*',
'group_member:*',
'idpsync_settings:*',
'inbox_notification:*',
'license:*',
'notification_message:*',
'notification_preference:*',
'notification_template:*',
'oauth2_app:*',
'oauth2_app_code_token:*',
'oauth2_app_secret:*',
'organization:*',
'organization_member:*',
'prebuilt_workspace:*',
'provisioner_daemon:*',
'provisioner_jobs:*',
'replicas:*',
'system:*',
'tailnet_coordinator:*',
'template:*',
'usage_event:*',
'user:*',
'user_secret:*',
'webpush_subscription:*',
'workspace:*',
'workspace_agent_devcontainers:*',
'workspace_agent_resource_monitor:*',
'workspace_dormant:*',
'workspace_proxy:*'
);
CREATE TYPE app_sharing_level AS ENUM (