shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: add wildcard scope entries for API key scopes (#20032)

Browse Source 
# Add API Key Scope Wildcards

This PR adds wildcard API key scopes (`resource:*`) for all RBAC resources to ensure every resource has a matching wildcard value. It also adds all individual `resource:action`​ scopes to the API documentation and TypeScript definitions.

The changes include:

- Adding a new database migration (000377) that adds wildcard API key scopes
- Updating the API documentation to include all available scopes
- Enhancing the scope generation scripts to include all resource wildcards
- Updating the TypeScript definitions to match the expanded scope list

These changes make creating API keys with comprehensive permissions for specific resource types easier.
This commit is contained in:
Thomas Kosiewski
2025-10-06 12:08:17 +02:00
committed by GitHub
parent d17dd5d787
commit b60ae0a0c4
12 changed files with 1551 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files
coderd/apidoc/docs.go
Generated
+298 -2
View File
@@ -11530,11 +11530,29 @@ const docTemplate = `{
"enum": [ "enum": [
"all", "all",
"application_connect", "application_connect",
"aibridge_interception:*",
"aibridge_interception:create",
"aibridge_interception:read",
"aibridge_interception:update",
"api_key:*", "api_key:*",
"api_key:create", "api_key:create",
"api_key:delete", "api_key:delete",
"api_key:read", "api_key:read",
"api_key:update", "api_key:update",
"assign_org_role:*",
"assign_org_role:assign",
"assign_org_role:create",
"assign_org_role:delete",
"assign_org_role:read",
"assign_org_role:unassign",
"assign_org_role:update",
"assign_role:*",
"assign_role:assign",
"assign_role:read",
"assign_role:unassign",
"audit_log:*",
"audit_log:create",
"audit_log:read",
"coder:all", "coder:all",
"coder:apikeys.manage_self", "coder:apikeys.manage_self",
"coder:application_connect", "coder:application_connect",
@@ -11544,40 +11562,188 @@ const docTemplate = `{
"coder:workspaces.create", "coder:workspaces.create",
"coder:workspaces.delete", "coder:workspaces.delete",
"coder:workspaces.operate", "coder:workspaces.operate",
"connection_log:*",
"connection_log:read",
"connection_log:update",
"crypto_key:*",
"crypto_key:create",
"crypto_key:delete",
"crypto_key:read",
"crypto_key:update",
"debug_info:*",
"debug_info:read",
"deployment_config:*",
"deployment_config:read",
"deployment_config:update",
"deployment_stats:*",
"deployment_stats:read",
"file:*", "file:*",
"file:create", "file:create",
"file:read", "file:read",
"group:*",
"group:create",
"group:delete",
"group:read",
"group:update",
"group_member:*",
"group_member:read",
"idpsync_settings:*",
"idpsync_settings:read",
"idpsync_settings:update",
"inbox_notification:*",
"inbox_notification:create",
"inbox_notification:read",
"inbox_notification:update",
"license:*",
"license:create",
"license:delete",
"license:read",
"notification_message:*",
"notification_message:create",
"notification_message:delete",
"notification_message:read",
"notification_message:update",
"notification_preference:*",
"notification_preference:read",
"notification_preference:update",
"notification_template:*",
"notification_template:read",
"notification_template:update",
"oauth2_app:*",
"oauth2_app:create",
"oauth2_app:delete",
"oauth2_app:read",
"oauth2_app:update",
"oauth2_app_code_token:*",
"oauth2_app_code_token:create",
"oauth2_app_code_token:delete",
"oauth2_app_code_token:read",
"oauth2_app_secret:*",
"oauth2_app_secret:create",
"oauth2_app_secret:delete",
"oauth2_app_secret:read",
"oauth2_app_secret:update",
"organization:*",
"organization:create",
"organization:delete",
"organization:read",
"organization:update",
"organization_member:*",
"organization_member:create",
"organization_member:delete",
"organization_member:read",
"organization_member:update",
"prebuilt_workspace:*",
"prebuilt_workspace:delete",
"prebuilt_workspace:update",
"provisioner_daemon:*",
"provisioner_daemon:create",
"provisioner_daemon:delete",
"provisioner_daemon:read",
"provisioner_daemon:update",
"provisioner_jobs:*",
"provisioner_jobs:create",
"provisioner_jobs:read",
"provisioner_jobs:update",
"replicas:*",
"replicas:read",
"system:*",
"system:create",
"system:delete",
"system:read",
"system:update",
"tailnet_coordinator:*",
"tailnet_coordinator:create",
"tailnet_coordinator:delete",
"tailnet_coordinator:read",
"tailnet_coordinator:update",
"template:*", "template:*",
"template:create", "template:create",
"template:delete", "template:delete",
"template:read", "template:read",
"template:update", "template:update",
"template:use", "template:use",
"template:view_insights",
"usage_event:*",
"usage_event:create",
"usage_event:read",
"usage_event:update",
"user:*",
"user:create",
"user:delete",
"user:read",
"user:read_personal", "user:read_personal",
"user:update",
"user:update_personal", "user:update_personal",
"user_secret:*", "user_secret:*",
"user_secret:create", "user_secret:create",
"user_secret:delete", "user_secret:delete",
"user_secret:read", "user_secret:read",
"user_secret:update", "user_secret:update",
"webpush_subscription:*",
"webpush_subscription:create",
"webpush_subscription:delete",
"webpush_subscription:read",
"workspace:*", "workspace:*",
"workspace:application_connect", "workspace:application_connect",
"workspace:create", "workspace:create",
"workspace:create_agent",
"workspace:delete", "workspace:delete",
"workspace:delete_agent",
"workspace:read", "workspace:read",
"workspace:ssh", "workspace:ssh",
"workspace:start", "workspace:start",
"workspace:stop", "workspace:stop",
"workspace:update" "workspace:update",
"workspace_agent_devcontainers:*",
"workspace_agent_devcontainers:create",
"workspace_agent_resource_monitor:*",
"workspace_agent_resource_monitor:create",
"workspace_agent_resource_monitor:read",
"workspace_agent_resource_monitor:update",
"workspace_dormant:*",
"workspace_dormant:application_connect",
"workspace_dormant:create",
"workspace_dormant:create_agent",
"workspace_dormant:delete",
"workspace_dormant:delete_agent",
"workspace_dormant:read",
"workspace_dormant:ssh",
"workspace_dormant:start",
"workspace_dormant:stop",
"workspace_dormant:update",
"workspace_proxy:*",
"workspace_proxy:create",
"workspace_proxy:delete",
"workspace_proxy:read",
"workspace_proxy:update"
], ],
"x-enum-varnames": [ "x-enum-varnames": [
"APIKeyScopeAll", "APIKeyScopeAll",
"APIKeyScopeApplicationConnect", "APIKeyScopeApplicationConnect",
"APIKeyScopeAibridgeInterceptionAll",
"APIKeyScopeAibridgeInterceptionCreate",
"APIKeyScopeAibridgeInterceptionRead",
"APIKeyScopeAibridgeInterceptionUpdate",
"APIKeyScopeApiKeyAll", "APIKeyScopeApiKeyAll",
"APIKeyScopeApiKeyCreate", "APIKeyScopeApiKeyCreate",
"APIKeyScopeApiKeyDelete", "APIKeyScopeApiKeyDelete",
"APIKeyScopeApiKeyRead", "APIKeyScopeApiKeyRead",
"APIKeyScopeApiKeyUpdate", "APIKeyScopeApiKeyUpdate",
"APIKeyScopeAssignOrgRoleAll",
"APIKeyScopeAssignOrgRoleAssign",
"APIKeyScopeAssignOrgRoleCreate",
"APIKeyScopeAssignOrgRoleDelete",
"APIKeyScopeAssignOrgRoleRead",
"APIKeyScopeAssignOrgRoleUnassign",
"APIKeyScopeAssignOrgRoleUpdate",
"APIKeyScopeAssignRoleAll",
"APIKeyScopeAssignRoleAssign",
"APIKeyScopeAssignRoleRead",
"APIKeyScopeAssignRoleUnassign",
"APIKeyScopeAuditLogAll",
"APIKeyScopeAuditLogCreate",
"APIKeyScopeAuditLogRead",
"APIKeyScopeCoderAll", "APIKeyScopeCoderAll",
"APIKeyScopeCoderApikeysManageSelf", "APIKeyScopeCoderApikeysManageSelf",
"APIKeyScopeCoderApplicationConnect", "APIKeyScopeCoderApplicationConnect",
@@ -11587,31 +11753,161 @@ const docTemplate = `{
"APIKeyScopeCoderWorkspacesCreate", "APIKeyScopeCoderWorkspacesCreate",
"APIKeyScopeCoderWorkspacesDelete", "APIKeyScopeCoderWorkspacesDelete",
"APIKeyScopeCoderWorkspacesOperate", "APIKeyScopeCoderWorkspacesOperate",
"APIKeyScopeConnectionLogAll",
"APIKeyScopeConnectionLogRead",
"APIKeyScopeConnectionLogUpdate",
"APIKeyScopeCryptoKeyAll",
"APIKeyScopeCryptoKeyCreate",
"APIKeyScopeCryptoKeyDelete",
"APIKeyScopeCryptoKeyRead",
"APIKeyScopeCryptoKeyUpdate",
"APIKeyScopeDebugInfoAll",
"APIKeyScopeDebugInfoRead",
"APIKeyScopeDeploymentConfigAll",
"APIKeyScopeDeploymentConfigRead",
"APIKeyScopeDeploymentConfigUpdate",
"APIKeyScopeDeploymentStatsAll",
"APIKeyScopeDeploymentStatsRead",
"APIKeyScopeFileAll", "APIKeyScopeFileAll",
"APIKeyScopeFileCreate", "APIKeyScopeFileCreate",
"APIKeyScopeFileRead", "APIKeyScopeFileRead",
"APIKeyScopeGroupAll",
"APIKeyScopeGroupCreate",
"APIKeyScopeGroupDelete",
"APIKeyScopeGroupRead",
"APIKeyScopeGroupUpdate",
"APIKeyScopeGroupMemberAll",
"APIKeyScopeGroupMemberRead",
"APIKeyScopeIdpsyncSettingsAll",
"APIKeyScopeIdpsyncSettingsRead",
"APIKeyScopeIdpsyncSettingsUpdate",
"APIKeyScopeInboxNotificationAll",
"APIKeyScopeInboxNotificationCreate",
"APIKeyScopeInboxNotificationRead",
"APIKeyScopeInboxNotificationUpdate",
"APIKeyScopeLicenseAll",
"APIKeyScopeLicenseCreate",
"APIKeyScopeLicenseDelete",
"APIKeyScopeLicenseRead",
"APIKeyScopeNotificationMessageAll",
"APIKeyScopeNotificationMessageCreate",
"APIKeyScopeNotificationMessageDelete",
"APIKeyScopeNotificationMessageRead",
"APIKeyScopeNotificationMessageUpdate",
"APIKeyScopeNotificationPreferenceAll",
"APIKeyScopeNotificationPreferenceRead",
"APIKeyScopeNotificationPreferenceUpdate",
"APIKeyScopeNotificationTemplateAll",
"APIKeyScopeNotificationTemplateRead",
"APIKeyScopeNotificationTemplateUpdate",
"APIKeyScopeOauth2AppAll",
"APIKeyScopeOauth2AppCreate",
"APIKeyScopeOauth2AppDelete",
"APIKeyScopeOauth2AppRead",
"APIKeyScopeOauth2AppUpdate",
"APIKeyScopeOauth2AppCodeTokenAll",
"APIKeyScopeOauth2AppCodeTokenCreate",
"APIKeyScopeOauth2AppCodeTokenDelete",
"APIKeyScopeOauth2AppCodeTokenRead",
"APIKeyScopeOauth2AppSecretAll",
"APIKeyScopeOauth2AppSecretCreate",
"APIKeyScopeOauth2AppSecretDelete",
"APIKeyScopeOauth2AppSecretRead",
"APIKeyScopeOauth2AppSecretUpdate",
"APIKeyScopeOrganizationAll",
"APIKeyScopeOrganizationCreate",
"APIKeyScopeOrganizationDelete",
"APIKeyScopeOrganizationRead",
"APIKeyScopeOrganizationUpdate",
"APIKeyScopeOrganizationMemberAll",
"APIKeyScopeOrganizationMemberCreate",
"APIKeyScopeOrganizationMemberDelete",
"APIKeyScopeOrganizationMemberRead",
"APIKeyScopeOrganizationMemberUpdate",
"APIKeyScopePrebuiltWorkspaceAll",
"APIKeyScopePrebuiltWorkspaceDelete",
"APIKeyScopePrebuiltWorkspaceUpdate",
"APIKeyScopeProvisionerDaemonAll",
"APIKeyScopeProvisionerDaemonCreate",
"APIKeyScopeProvisionerDaemonDelete",
"APIKeyScopeProvisionerDaemonRead",
"APIKeyScopeProvisionerDaemonUpdate",
"APIKeyScopeProvisionerJobsAll",
"APIKeyScopeProvisionerJobsCreate",
"APIKeyScopeProvisionerJobsRead",
"APIKeyScopeProvisionerJobsUpdate",
"APIKeyScopeReplicasAll",
"APIKeyScopeReplicasRead",
"APIKeyScopeSystemAll",
"APIKeyScopeSystemCreate",
"APIKeyScopeSystemDelete",
"APIKeyScopeSystemRead",
"APIKeyScopeSystemUpdate",
"APIKeyScopeTailnetCoordinatorAll",
"APIKeyScopeTailnetCoordinatorCreate",
"APIKeyScopeTailnetCoordinatorDelete",
"APIKeyScopeTailnetCoordinatorRead",
"APIKeyScopeTailnetCoordinatorUpdate",
"APIKeyScopeTemplateAll", "APIKeyScopeTemplateAll",
"APIKeyScopeTemplateCreate", "APIKeyScopeTemplateCreate",
"APIKeyScopeTemplateDelete", "APIKeyScopeTemplateDelete",
"APIKeyScopeTemplateRead", "APIKeyScopeTemplateRead",
"APIKeyScopeTemplateUpdate", "APIKeyScopeTemplateUpdate",
"APIKeyScopeTemplateUse", "APIKeyScopeTemplateUse",
"APIKeyScopeTemplateViewInsights",
"APIKeyScopeUsageEventAll",
"APIKeyScopeUsageEventCreate",
"APIKeyScopeUsageEventRead",
"APIKeyScopeUsageEventUpdate",
"APIKeyScopeUserAll",
"APIKeyScopeUserCreate",
"APIKeyScopeUserDelete",
"APIKeyScopeUserRead",
"APIKeyScopeUserReadPersonal", "APIKeyScopeUserReadPersonal",
"APIKeyScopeUserUpdate",
"APIKeyScopeUserUpdatePersonal", "APIKeyScopeUserUpdatePersonal",
"APIKeyScopeUserSecretAll", "APIKeyScopeUserSecretAll",
"APIKeyScopeUserSecretCreate", "APIKeyScopeUserSecretCreate",
"APIKeyScopeUserSecretDelete", "APIKeyScopeUserSecretDelete",
"APIKeyScopeUserSecretRead", "APIKeyScopeUserSecretRead",
"APIKeyScopeUserSecretUpdate", "APIKeyScopeUserSecretUpdate",
"APIKeyScopeWebpushSubscriptionAll",
"APIKeyScopeWebpushSubscriptionCreate",
"APIKeyScopeWebpushSubscriptionDelete",
"APIKeyScopeWebpushSubscriptionRead",
"APIKeyScopeWorkspaceAll", "APIKeyScopeWorkspaceAll",
"APIKeyScopeWorkspaceApplicationConnect", "APIKeyScopeWorkspaceApplicationConnect",
"APIKeyScopeWorkspaceCreate", "APIKeyScopeWorkspaceCreate",
"APIKeyScopeWorkspaceCreateAgent",
"APIKeyScopeWorkspaceDelete", "APIKeyScopeWorkspaceDelete",
"APIKeyScopeWorkspaceDeleteAgent",
"APIKeyScopeWorkspaceRead", "APIKeyScopeWorkspaceRead",
"APIKeyScopeWorkspaceSsh", "APIKeyScopeWorkspaceSsh",
"APIKeyScopeWorkspaceStart", "APIKeyScopeWorkspaceStart",
"APIKeyScopeWorkspaceStop", "APIKeyScopeWorkspaceStop",
"APIKeyScopeWorkspaceUpdate" "APIKeyScopeWorkspaceUpdate",
"APIKeyScopeWorkspaceAgentDevcontainersAll",
"APIKeyScopeWorkspaceAgentDevcontainersCreate",
"APIKeyScopeWorkspaceAgentResourceMonitorAll",
"APIKeyScopeWorkspaceAgentResourceMonitorCreate",
"APIKeyScopeWorkspaceAgentResourceMonitorRead",
"APIKeyScopeWorkspaceAgentResourceMonitorUpdate",
"APIKeyScopeWorkspaceDormantAll",
"APIKeyScopeWorkspaceDormantApplicationConnect",
"APIKeyScopeWorkspaceDormantCreate",
"APIKeyScopeWorkspaceDormantCreateAgent",
"APIKeyScopeWorkspaceDormantDelete",
"APIKeyScopeWorkspaceDormantDeleteAgent",
"APIKeyScopeWorkspaceDormantRead",
"APIKeyScopeWorkspaceDormantSsh",
"APIKeyScopeWorkspaceDormantStart",
"APIKeyScopeWorkspaceDormantStop",
"APIKeyScopeWorkspaceDormantUpdate",
"APIKeyScopeWorkspaceProxyAll",
"APIKeyScopeWorkspaceProxyCreate",
"APIKeyScopeWorkspaceProxyDelete",
"APIKeyScopeWorkspaceProxyRead",
"APIKeyScopeWorkspaceProxyUpdate"
] ]
}, },
"codersdk.AddLicenseRequest": { "codersdk.AddLicenseRequest": {
coderd/apidoc/swagger.json
Generated
+298 -2
View File
@@ -10246,11 +10246,29 @@
"enum": [ "enum": [
"all", "all",
"application_connect", "application_connect",
"aibridge_interception:*",
"aibridge_interception:create",
"aibridge_interception:read",
"aibridge_interception:update",
"api_key:*", "api_key:*",
"api_key:create", "api_key:create",
"api_key:delete", "api_key:delete",
"api_key:read", "api_key:read",
"api_key:update", "api_key:update",
"assign_org_role:*",
"assign_org_role:assign",
"assign_org_role:create",
"assign_org_role:delete",
"assign_org_role:read",
"assign_org_role:unassign",
"assign_org_role:update",
"assign_role:*",
"assign_role:assign",
"assign_role:read",
"assign_role:unassign",
"audit_log:*",
"audit_log:create",
"audit_log:read",
"coder:all", "coder:all",
"coder:apikeys.manage_self", "coder:apikeys.manage_self",
"coder:application_connect", "coder:application_connect",
@@ -10260,40 +10278,188 @@
"coder:workspaces.create", "coder:workspaces.create",
"coder:workspaces.delete", "coder:workspaces.delete",
"coder:workspaces.operate", "coder:workspaces.operate",
"connection_log:*",
"connection_log:read",
"connection_log:update",
"crypto_key:*",
"crypto_key:create",
"crypto_key:delete",
"crypto_key:read",
"crypto_key:update",
"debug_info:*",
"debug_info:read",
"deployment_config:*",
"deployment_config:read",
"deployment_config:update",
"deployment_stats:*",
"deployment_stats:read",
"file:*", "file:*",
"file:create", "file:create",
"file:read", "file:read",
"group:*",
"group:create",
"group:delete",
"group:read",
"group:update",
"group_member:*",
"group_member:read",
"idpsync_settings:*",
"idpsync_settings:read",
"idpsync_settings:update",
"inbox_notification:*",
"inbox_notification:create",
"inbox_notification:read",
"inbox_notification:update",
"license:*",
"license:create",
"license:delete",
"license:read",
"notification_message:*",
"notification_message:create",
"notification_message:delete",
"notification_message:read",
"notification_message:update",
"notification_preference:*",
"notification_preference:read",
"notification_preference:update",
"notification_template:*",
"notification_template:read",
"notification_template:update",
"oauth2_app:*",
"oauth2_app:create",
"oauth2_app:delete",
"oauth2_app:read",
"oauth2_app:update",
"oauth2_app_code_token:*",
"oauth2_app_code_token:create",
"oauth2_app_code_token:delete",
"oauth2_app_code_token:read",
"oauth2_app_secret:*",
"oauth2_app_secret:create",
"oauth2_app_secret:delete",
"oauth2_app_secret:read",
"oauth2_app_secret:update",
"organization:*",
"organization:create",
"organization:delete",
"organization:read",
"organization:update",
"organization_member:*",
"organization_member:create",
"organization_member:delete",
"organization_member:read",
"organization_member:update",
"prebuilt_workspace:*",
"prebuilt_workspace:delete",
"prebuilt_workspace:update",
"provisioner_daemon:*",
"provisioner_daemon:create",
"provisioner_daemon:delete",
"provisioner_daemon:read",
"provisioner_daemon:update",
"provisioner_jobs:*",
"provisioner_jobs:create",
"provisioner_jobs:read",
"provisioner_jobs:update",
"replicas:*",
"replicas:read",
"system:*",
"system:create",
"system:delete",
"system:read",
"system:update",
"tailnet_coordinator:*",
"tailnet_coordinator:create",
"tailnet_coordinator:delete",
"tailnet_coordinator:read",
"tailnet_coordinator:update",
"template:*", "template:*",
"template:create", "template:create",
"template:delete", "template:delete",
"template:read", "template:read",
"template:update", "template:update",
"template:use", "template:use",
"template:view_insights",
"usage_event:*",
"usage_event:create",
"usage_event:read",
"usage_event:update",
"user:*",
"user:create",
"user:delete",
"user:read",
"user:read_personal", "user:read_personal",
"user:update",
"user:update_personal", "user:update_personal",
"user_secret:*", "user_secret:*",
"user_secret:create", "user_secret:create",
"user_secret:delete", "user_secret:delete",
"user_secret:read", "user_secret:read",
"user_secret:update", "user_secret:update",
"webpush_subscription:*",
"webpush_subscription:create",
"webpush_subscription:delete",
"webpush_subscription:read",
"workspace:*", "workspace:*",
"workspace:application_connect", "workspace:application_connect",
"workspace:create", "workspace:create",
"workspace:create_agent",
"workspace:delete", "workspace:delete",
"workspace:delete_agent",
"workspace:read", "workspace:read",
"workspace:ssh", "workspace:ssh",
"workspace:start", "workspace:start",
"workspace:stop", "workspace:stop",
"workspace:update" "workspace:update",
"workspace_agent_devcontainers:*",
"workspace_agent_devcontainers:create",
"workspace_agent_resource_monitor:*",
"workspace_agent_resource_monitor:create",
"workspace_agent_resource_monitor:read",
"workspace_agent_resource_monitor:update",
"workspace_dormant:*",
"workspace_dormant:application_connect",
"workspace_dormant:create",
"workspace_dormant:create_agent",
"workspace_dormant:delete",
"workspace_dormant:delete_agent",
"workspace_dormant:read",
"workspace_dormant:ssh",
"workspace_dormant:start",
"workspace_dormant:stop",
"workspace_dormant:update",
"workspace_proxy:*",
"workspace_proxy:create",
"workspace_proxy:delete",
"workspace_proxy:read",
"workspace_proxy:update"
], ],
"x-enum-varnames": [ "x-enum-varnames": [
"APIKeyScopeAll", "APIKeyScopeAll",
"APIKeyScopeApplicationConnect", "APIKeyScopeApplicationConnect",
"APIKeyScopeAibridgeInterceptionAll",
"APIKeyScopeAibridgeInterceptionCreate",
"APIKeyScopeAibridgeInterceptionRead",
"APIKeyScopeAibridgeInterceptionUpdate",
"APIKeyScopeApiKeyAll", "APIKeyScopeApiKeyAll",
"APIKeyScopeApiKeyCreate", "APIKeyScopeApiKeyCreate",
"APIKeyScopeApiKeyDelete", "APIKeyScopeApiKeyDelete",
"APIKeyScopeApiKeyRead", "APIKeyScopeApiKeyRead",
"APIKeyScopeApiKeyUpdate", "APIKeyScopeApiKeyUpdate",
"APIKeyScopeAssignOrgRoleAll",
"APIKeyScopeAssignOrgRoleAssign",
"APIKeyScopeAssignOrgRoleCreate",
"APIKeyScopeAssignOrgRoleDelete",
"APIKeyScopeAssignOrgRoleRead",
"APIKeyScopeAssignOrgRoleUnassign",
"APIKeyScopeAssignOrgRoleUpdate",
"APIKeyScopeAssignRoleAll",
"APIKeyScopeAssignRoleAssign",
"APIKeyScopeAssignRoleRead",
"APIKeyScopeAssignRoleUnassign",
"APIKeyScopeAuditLogAll",
"APIKeyScopeAuditLogCreate",
"APIKeyScopeAuditLogRead",
"APIKeyScopeCoderAll", "APIKeyScopeCoderAll",
"APIKeyScopeCoderApikeysManageSelf", "APIKeyScopeCoderApikeysManageSelf",
"APIKeyScopeCoderApplicationConnect", "APIKeyScopeCoderApplicationConnect",
@@ -10303,31 +10469,161 @@
"APIKeyScopeCoderWorkspacesCreate", "APIKeyScopeCoderWorkspacesCreate",
"APIKeyScopeCoderWorkspacesDelete", "APIKeyScopeCoderWorkspacesDelete",
"APIKeyScopeCoderWorkspacesOperate", "APIKeyScopeCoderWorkspacesOperate",
"APIKeyScopeConnectionLogAll",
"APIKeyScopeConnectionLogRead",
"APIKeyScopeConnectionLogUpdate",
"APIKeyScopeCryptoKeyAll",
"APIKeyScopeCryptoKeyCreate",
"APIKeyScopeCryptoKeyDelete",
"APIKeyScopeCryptoKeyRead",
"APIKeyScopeCryptoKeyUpdate",
"APIKeyScopeDebugInfoAll",
"APIKeyScopeDebugInfoRead",
"APIKeyScopeDeploymentConfigAll",
"APIKeyScopeDeploymentConfigRead",
"APIKeyScopeDeploymentConfigUpdate",
"APIKeyScopeDeploymentStatsAll",
"APIKeyScopeDeploymentStatsRead",
"APIKeyScopeFileAll", "APIKeyScopeFileAll",
"APIKeyScopeFileCreate", "APIKeyScopeFileCreate",
"APIKeyScopeFileRead", "APIKeyScopeFileRead",
"APIKeyScopeGroupAll",
"APIKeyScopeGroupCreate",
"APIKeyScopeGroupDelete",
"APIKeyScopeGroupRead",
"APIKeyScopeGroupUpdate",
"APIKeyScopeGroupMemberAll",
"APIKeyScopeGroupMemberRead",
"APIKeyScopeIdpsyncSettingsAll",
"APIKeyScopeIdpsyncSettingsRead",
"APIKeyScopeIdpsyncSettingsUpdate",
"APIKeyScopeInboxNotificationAll",
"APIKeyScopeInboxNotificationCreate",
"APIKeyScopeInboxNotificationRead",
"APIKeyScopeInboxNotificationUpdate",
"APIKeyScopeLicenseAll",
"APIKeyScopeLicenseCreate",
"APIKeyScopeLicenseDelete",
"APIKeyScopeLicenseRead",
"APIKeyScopeNotificationMessageAll",
"APIKeyScopeNotificationMessageCreate",
"APIKeyScopeNotificationMessageDelete",
"APIKeyScopeNotificationMessageRead",
"APIKeyScopeNotificationMessageUpdate",
"APIKeyScopeNotificationPreferenceAll",
"APIKeyScopeNotificationPreferenceRead",
"APIKeyScopeNotificationPreferenceUpdate",
"APIKeyScopeNotificationTemplateAll",
"APIKeyScopeNotificationTemplateRead",
"APIKeyScopeNotificationTemplateUpdate",
"APIKeyScopeOauth2AppAll",
"APIKeyScopeOauth2AppCreate",
"APIKeyScopeOauth2AppDelete",
"APIKeyScopeOauth2AppRead",
"APIKeyScopeOauth2AppUpdate",
"APIKeyScopeOauth2AppCodeTokenAll",
"APIKeyScopeOauth2AppCodeTokenCreate",
"APIKeyScopeOauth2AppCodeTokenDelete",
"APIKeyScopeOauth2AppCodeTokenRead",
"APIKeyScopeOauth2AppSecretAll",
"APIKeyScopeOauth2AppSecretCreate",
"APIKeyScopeOauth2AppSecretDelete",
"APIKeyScopeOauth2AppSecretRead",
"APIKeyScopeOauth2AppSecretUpdate",
"APIKeyScopeOrganizationAll",
"APIKeyScopeOrganizationCreate",
"APIKeyScopeOrganizationDelete",
"APIKeyScopeOrganizationRead",
"APIKeyScopeOrganizationUpdate",
"APIKeyScopeOrganizationMemberAll",
"APIKeyScopeOrganizationMemberCreate",
"APIKeyScopeOrganizationMemberDelete",
"APIKeyScopeOrganizationMemberRead",
"APIKeyScopeOrganizationMemberUpdate",
"APIKeyScopePrebuiltWorkspaceAll",
"APIKeyScopePrebuiltWorkspaceDelete",
"APIKeyScopePrebuiltWorkspaceUpdate",
"APIKeyScopeProvisionerDaemonAll",
"APIKeyScopeProvisionerDaemonCreate",
"APIKeyScopeProvisionerDaemonDelete",
"APIKeyScopeProvisionerDaemonRead",
"APIKeyScopeProvisionerDaemonUpdate",
"APIKeyScopeProvisionerJobsAll",
"APIKeyScopeProvisionerJobsCreate",
"APIKeyScopeProvisionerJobsRead",
"APIKeyScopeProvisionerJobsUpdate",
"APIKeyScopeReplicasAll",
"APIKeyScopeReplicasRead",
"APIKeyScopeSystemAll",
"APIKeyScopeSystemCreate",
"APIKeyScopeSystemDelete",
"APIKeyScopeSystemRead",
"APIKeyScopeSystemUpdate",
"APIKeyScopeTailnetCoordinatorAll",
"APIKeyScopeTailnetCoordinatorCreate",
"APIKeyScopeTailnetCoordinatorDelete",
"APIKeyScopeTailnetCoordinatorRead",
"APIKeyScopeTailnetCoordinatorUpdate",
"APIKeyScopeTemplateAll", "APIKeyScopeTemplateAll",
"APIKeyScopeTemplateCreate", "APIKeyScopeTemplateCreate",
"APIKeyScopeTemplateDelete", "APIKeyScopeTemplateDelete",
"APIKeyScopeTemplateRead", "APIKeyScopeTemplateRead",
"APIKeyScopeTemplateUpdate", "APIKeyScopeTemplateUpdate",
"APIKeyScopeTemplateUse", "APIKeyScopeTemplateUse",
"APIKeyScopeTemplateViewInsights",
"APIKeyScopeUsageEventAll",
"APIKeyScopeUsageEventCreate",
"APIKeyScopeUsageEventRead",
"APIKeyScopeUsageEventUpdate",
"APIKeyScopeUserAll",
"APIKeyScopeUserCreate",
"APIKeyScopeUserDelete",
"APIKeyScopeUserRead",
"APIKeyScopeUserReadPersonal", "APIKeyScopeUserReadPersonal",
"APIKeyScopeUserUpdate",
"APIKeyScopeUserUpdatePersonal", "APIKeyScopeUserUpdatePersonal",
"APIKeyScopeUserSecretAll", "APIKeyScopeUserSecretAll",
"APIKeyScopeUserSecretCreate", "APIKeyScopeUserSecretCreate",
"APIKeyScopeUserSecretDelete", "APIKeyScopeUserSecretDelete",
"APIKeyScopeUserSecretRead", "APIKeyScopeUserSecretRead",
"APIKeyScopeUserSecretUpdate", "APIKeyScopeUserSecretUpdate",
"APIKeyScopeWebpushSubscriptionAll",
"APIKeyScopeWebpushSubscriptionCreate",
"APIKeyScopeWebpushSubscriptionDelete",
"APIKeyScopeWebpushSubscriptionRead",
"APIKeyScopeWorkspaceAll", "APIKeyScopeWorkspaceAll",
"APIKeyScopeWorkspaceApplicationConnect", "APIKeyScopeWorkspaceApplicationConnect",
"APIKeyScopeWorkspaceCreate", "APIKeyScopeWorkspaceCreate",
"APIKeyScopeWorkspaceCreateAgent",
"APIKeyScopeWorkspaceDelete", "APIKeyScopeWorkspaceDelete",
"APIKeyScopeWorkspaceDeleteAgent",
"APIKeyScopeWorkspaceRead", "APIKeyScopeWorkspaceRead",
"APIKeyScopeWorkspaceSsh", "APIKeyScopeWorkspaceSsh",
"APIKeyScopeWorkspaceStart", "APIKeyScopeWorkspaceStart",
"APIKeyScopeWorkspaceStop", "APIKeyScopeWorkspaceStop",
"APIKeyScopeWorkspaceUpdate" "APIKeyScopeWorkspaceUpdate",
"APIKeyScopeWorkspaceAgentDevcontainersAll",
"APIKeyScopeWorkspaceAgentDevcontainersCreate",
"APIKeyScopeWorkspaceAgentResourceMonitorAll",
"APIKeyScopeWorkspaceAgentResourceMonitorCreate",
"APIKeyScopeWorkspaceAgentResourceMonitorRead",
"APIKeyScopeWorkspaceAgentResourceMonitorUpdate",
"APIKeyScopeWorkspaceDormantAll",
"APIKeyScopeWorkspaceDormantApplicationConnect",
"APIKeyScopeWorkspaceDormantCreate",
"APIKeyScopeWorkspaceDormantCreateAgent",
"APIKeyScopeWorkspaceDormantDelete",
"APIKeyScopeWorkspaceDormantDeleteAgent",
"APIKeyScopeWorkspaceDormantRead",
"APIKeyScopeWorkspaceDormantSsh",
"APIKeyScopeWorkspaceDormantStart",
"APIKeyScopeWorkspaceDormantStop",
"APIKeyScopeWorkspaceDormantUpdate",
"APIKeyScopeWorkspaceProxyAll",
"APIKeyScopeWorkspaceProxyCreate",
"APIKeyScopeWorkspaceProxyDelete",
"APIKeyScopeWorkspaceProxyRead",
"APIKeyScopeWorkspaceProxyUpdate"
] ]
}, },
"codersdk.AddLicenseRequest": { "codersdk.AddLicenseRequest": {
coderd/database/dump.sql
Generated
+41 -1
View File
@@ -157,7 +157,47 @@ CREATE TYPE api_key_scope AS ENUM (
'coder:workspaces.access', 'coder:workspaces.access',
'coder:templates.build', 'coder:templates.build',
'coder:templates.author', 'coder:templates.author',
'coder:apikeys.manage_self' 'coder:apikeys.manage_self',
'aibridge_interception:*',
'api_key:*',
'assign_org_role:*',
'assign_role:*',
'audit_log:*',
'connection_log:*',
'crypto_key:*',
'debug_info:*',
'deployment_config:*',
'deployment_stats:*',
'file:*',
'group:*',
'group_member:*',
'idpsync_settings:*',
'inbox_notification:*',
'license:*',
'notification_message:*',
'notification_preference:*',
'notification_template:*',
'oauth2_app:*',
'oauth2_app_code_token:*',
'oauth2_app_secret:*',
'organization:*',
'organization_member:*',
'prebuilt_workspace:*',
'provisioner_daemon:*',
'provisioner_jobs:*',
'replicas:*',
'system:*',
'tailnet_coordinator:*',
'template:*',
'usage_event:*',
'user:*',
'user_secret:*',
'webpush_subscription:*',
'workspace:*',
'workspace_agent_devcontainers:*',
'workspace_agent_resource_monitor:*',
'workspace_dormant:*',
'workspace_proxy:*'
); );
CREATE TYPE app_sharing_level AS ENUM ( CREATE TYPE app_sharing_level AS ENUM (
coderd/database/migrations/000377_add_api_key_scope_wildcards.down.sql
+2
View File
@@ -0,0 +1,2 @@
-- No-op: enum values remain to avoid churn. Removing enum values requires
-- doing a create/cast/drop cycle which is intentionally omitted here.
coderd/database/migrations/000377_add_api_key_scope_wildcards.up.sql
+42
View File
@@ -0,0 +1,42 @@
-- Add wildcard api_key_scope entries so every RBAC resource has a matching resource:* value.
-- Generated via: CGO_ENABLED=0 go run ./scripts/generate_api_key_scope_enum
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'aibridge_interception:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'api_key:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'assign_org_role:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'assign_role:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'audit_log:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'connection_log:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'crypto_key:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'debug_info:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'deployment_config:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'deployment_stats:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'file:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'group:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'group_member:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'idpsync_settings:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'inbox_notification:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'license:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'notification_message:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'notification_preference:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'notification_template:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'oauth2_app:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'oauth2_app_code_token:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'oauth2_app_secret:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'organization:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'organization_member:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'prebuilt_workspace:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'provisioner_daemon:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'provisioner_jobs:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'replicas:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'system:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'tailnet_coordinator:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'template:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'usage_event:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'user:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'user_secret:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'webpush_subscription:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'workspace:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'workspace_agent_devcontainers:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'workspace_agent_resource_monitor:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'workspace_dormant:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'workspace_proxy:*';
coderd/database/models.go
+121 -1
View File
@@ -166,6 +166,46 @@ const (
ApiKeyScopeCoderTemplatesbuild APIKeyScope = "coder:templates.build" ApiKeyScopeCoderTemplatesbuild APIKeyScope = "coder:templates.build"
ApiKeyScopeCoderTemplatesauthor APIKeyScope = "coder:templates.author" ApiKeyScopeCoderTemplatesauthor APIKeyScope = "coder:templates.author"
ApiKeyScopeCoderApikeysmanageSelf APIKeyScope = "coder:apikeys.manage_self" ApiKeyScopeCoderApikeysmanageSelf APIKeyScope = "coder:apikeys.manage_self"
ApiKeyScopeAibridgeInterception APIKeyScope = "aibridge_interception:*"
ApiKeyScopeApiKey APIKeyScope = "api_key:*"
ApiKeyScopeAssignOrgRole APIKeyScope = "assign_org_role:*"
ApiKeyScopeAssignRole APIKeyScope = "assign_role:*"
ApiKeyScopeAuditLog APIKeyScope = "audit_log:*"
ApiKeyScopeConnectionLog APIKeyScope = "connection_log:*"
ApiKeyScopeCryptoKey APIKeyScope = "crypto_key:*"
ApiKeyScopeDebugInfo APIKeyScope = "debug_info:*"
ApiKeyScopeDeploymentConfig APIKeyScope = "deployment_config:*"
ApiKeyScopeDeploymentStats APIKeyScope = "deployment_stats:*"
ApiKeyScopeFile APIKeyScope = "file:*"
ApiKeyScopeGroup APIKeyScope = "group:*"
ApiKeyScopeGroupMember APIKeyScope = "group_member:*"
ApiKeyScopeIdpsyncSettings APIKeyScope = "idpsync_settings:*"
ApiKeyScopeInboxNotification APIKeyScope = "inbox_notification:*"
ApiKeyScopeLicense APIKeyScope = "license:*"
ApiKeyScopeNotificationMessage APIKeyScope = "notification_message:*"
ApiKeyScopeNotificationPreference APIKeyScope = "notification_preference:*"
ApiKeyScopeNotificationTemplate APIKeyScope = "notification_template:*"
ApiKeyScopeOauth2App APIKeyScope = "oauth2_app:*"
ApiKeyScopeOauth2AppCodeToken APIKeyScope = "oauth2_app_code_token:*"
ApiKeyScopeOauth2AppSecret APIKeyScope = "oauth2_app_secret:*"
ApiKeyScopeOrganization APIKeyScope = "organization:*"
ApiKeyScopeOrganizationMember APIKeyScope = "organization_member:*"
ApiKeyScopePrebuiltWorkspace APIKeyScope = "prebuilt_workspace:*"
ApiKeyScopeProvisionerDaemon APIKeyScope = "provisioner_daemon:*"
ApiKeyScopeProvisionerJobs APIKeyScope = "provisioner_jobs:*"
ApiKeyScopeReplicas APIKeyScope = "replicas:*"
ApiKeyScopeSystem APIKeyScope = "system:*"
ApiKeyScopeTailnetCoordinator APIKeyScope = "tailnet_coordinator:*"
ApiKeyScopeTemplate APIKeyScope = "template:*"
ApiKeyScopeUsageEvent APIKeyScope = "usage_event:*"
ApiKeyScopeUser APIKeyScope = "user:*"
ApiKeyScopeUserSecret APIKeyScope = "user_secret:*"
ApiKeyScopeWebpushSubscription APIKeyScope = "webpush_subscription:*"
ApiKeyScopeWorkspace APIKeyScope = "workspace:*"
ApiKeyScopeWorkspaceAgentDevcontainers APIKeyScope = "workspace_agent_devcontainers:*"
ApiKeyScopeWorkspaceAgentResourceMonitor APIKeyScope = "workspace_agent_resource_monitor:*"
ApiKeyScopeWorkspaceDormant APIKeyScope = "workspace_dormant:*"
ApiKeyScopeWorkspaceProxy APIKeyScope = "workspace_proxy:*"
) )
func (e *APIKeyScope) Scan(src interface{}) error { func (e *APIKeyScope) Scan(src interface{}) error {
@@ -351,7 +391,47 @@ func (e APIKeyScope) Valid() bool {
ApiKeyScopeCoderWorkspacesaccess, ApiKeyScopeCoderWorkspacesaccess,
ApiKeyScopeCoderTemplatesbuild, ApiKeyScopeCoderTemplatesbuild,
ApiKeyScopeCoderTemplatesauthor, ApiKeyScopeCoderTemplatesauthor,
ApiKeyScopeCoderApikeysmanageSelf: ApiKeyScopeCoderApikeysmanageSelf,
ApiKeyScopeAibridgeInterception,
ApiKeyScopeApiKey,
ApiKeyScopeAssignOrgRole,
ApiKeyScopeAssignRole,
ApiKeyScopeAuditLog,
ApiKeyScopeConnectionLog,
ApiKeyScopeCryptoKey,
ApiKeyScopeDebugInfo,
ApiKeyScopeDeploymentConfig,
ApiKeyScopeDeploymentStats,
ApiKeyScopeFile,
ApiKeyScopeGroup,
ApiKeyScopeGroupMember,
ApiKeyScopeIdpsyncSettings,
ApiKeyScopeInboxNotification,
ApiKeyScopeLicense,
ApiKeyScopeNotificationMessage,
ApiKeyScopeNotificationPreference,
ApiKeyScopeNotificationTemplate,
ApiKeyScopeOauth2App,
ApiKeyScopeOauth2AppCodeToken,
ApiKeyScopeOauth2AppSecret,
ApiKeyScopeOrganization,
ApiKeyScopeOrganizationMember,
ApiKeyScopePrebuiltWorkspace,
ApiKeyScopeProvisionerDaemon,
ApiKeyScopeProvisionerJobs,
ApiKeyScopeReplicas,
ApiKeyScopeSystem,
ApiKeyScopeTailnetCoordinator,
ApiKeyScopeTemplate,
ApiKeyScopeUsageEvent,
ApiKeyScopeUser,
ApiKeyScopeUserSecret,
ApiKeyScopeWebpushSubscription,
ApiKeyScopeWorkspace,
ApiKeyScopeWorkspaceAgentDevcontainers,
ApiKeyScopeWorkspaceAgentResourceMonitor,
ApiKeyScopeWorkspaceDormant,
ApiKeyScopeWorkspaceProxy:
return true return true
} }
return false return false
@@ -506,6 +586,46 @@ func AllAPIKeyScopeValues() []APIKeyScope {
ApiKeyScopeCoderTemplatesbuild, ApiKeyScopeCoderTemplatesbuild,
ApiKeyScopeCoderTemplatesauthor, ApiKeyScopeCoderTemplatesauthor,
ApiKeyScopeCoderApikeysmanageSelf, ApiKeyScopeCoderApikeysmanageSelf,
ApiKeyScopeAibridgeInterception,
ApiKeyScopeApiKey,
ApiKeyScopeAssignOrgRole,
ApiKeyScopeAssignRole,
ApiKeyScopeAuditLog,
ApiKeyScopeConnectionLog,
ApiKeyScopeCryptoKey,
ApiKeyScopeDebugInfo,
ApiKeyScopeDeploymentConfig,
ApiKeyScopeDeploymentStats,
ApiKeyScopeFile,
ApiKeyScopeGroup,
ApiKeyScopeGroupMember,
ApiKeyScopeIdpsyncSettings,
ApiKeyScopeInboxNotification,
ApiKeyScopeLicense,
ApiKeyScopeNotificationMessage,
ApiKeyScopeNotificationPreference,
ApiKeyScopeNotificationTemplate,
ApiKeyScopeOauth2App,
ApiKeyScopeOauth2AppCodeToken,
ApiKeyScopeOauth2AppSecret,
ApiKeyScopeOrganization,
ApiKeyScopeOrganizationMember,
ApiKeyScopePrebuiltWorkspace,
ApiKeyScopeProvisionerDaemon,
ApiKeyScopeProvisionerJobs,
ApiKeyScopeReplicas,
ApiKeyScopeSystem,
ApiKeyScopeTailnetCoordinator,
ApiKeyScopeTemplate,
ApiKeyScopeUsageEvent,
ApiKeyScopeUser,
ApiKeyScopeUserSecret,
ApiKeyScopeWebpushSubscription,
ApiKeyScopeWorkspace,
ApiKeyScopeWorkspaceAgentDevcontainers,
ApiKeyScopeWorkspaceAgentResourceMonitor,
ApiKeyScopeWorkspaceDormant,
ApiKeyScopeWorkspaceProxy,
} }
} }
codersdk/apikey_scopes_gen.go
+188 -40
View File
@@ -5,46 +5,194 @@ const (
// Deprecated: use codersdk.APIKeyScopeCoderAll instead. // Deprecated: use codersdk.APIKeyScopeCoderAll instead.
APIKeyScopeAll APIKeyScope = "all" APIKeyScopeAll APIKeyScope = "all"
// Deprecated: use codersdk.APIKeyScopeCoderApplicationConnect instead. // Deprecated: use codersdk.APIKeyScopeCoderApplicationConnect instead.
APIKeyScopeApplicationConnect APIKeyScope = "application_connect" APIKeyScopeApplicationConnect APIKeyScope = "application_connect"
APIKeyScopeApiKeyAll APIKeyScope = "api_key:*" APIKeyScopeAibridgeInterceptionAll APIKeyScope = "aibridge_interception:*"
APIKeyScopeApiKeyCreate APIKeyScope = "api_key:create" APIKeyScopeAibridgeInterceptionCreate APIKeyScope = "aibridge_interception:create"
APIKeyScopeApiKeyDelete APIKeyScope = "api_key:delete" APIKeyScopeAibridgeInterceptionRead APIKeyScope = "aibridge_interception:read"
APIKeyScopeApiKeyRead APIKeyScope = "api_key:read" APIKeyScopeAibridgeInterceptionUpdate APIKeyScope = "aibridge_interception:update"
APIKeyScopeApiKeyUpdate APIKeyScope = "api_key:update" APIKeyScopeApiKeyAll APIKeyScope = "api_key:*"
APIKeyScopeCoderAll APIKeyScope = "coder:all" APIKeyScopeApiKeyCreate APIKeyScope = "api_key:create"
APIKeyScopeCoderApikeysManageSelf APIKeyScope = "coder:apikeys.manage_self" APIKeyScopeApiKeyDelete APIKeyScope = "api_key:delete"
APIKeyScopeCoderApplicationConnect APIKeyScope = "coder:application_connect" APIKeyScopeApiKeyRead APIKeyScope = "api_key:read"
APIKeyScopeCoderTemplatesAuthor APIKeyScope = "coder:templates.author" APIKeyScopeApiKeyUpdate APIKeyScope = "api_key:update"
APIKeyScopeCoderTemplatesBuild APIKeyScope = "coder:templates.build" APIKeyScopeAssignOrgRoleAll APIKeyScope = "assign_org_role:*"
APIKeyScopeCoderWorkspacesAccess APIKeyScope = "coder:workspaces.access" APIKeyScopeAssignOrgRoleAssign APIKeyScope = "assign_org_role:assign"
APIKeyScopeCoderWorkspacesCreate APIKeyScope = "coder:workspaces.create" APIKeyScopeAssignOrgRoleCreate APIKeyScope = "assign_org_role:create"
APIKeyScopeCoderWorkspacesDelete APIKeyScope = "coder:workspaces.delete" APIKeyScopeAssignOrgRoleDelete APIKeyScope = "assign_org_role:delete"
APIKeyScopeCoderWorkspacesOperate APIKeyScope = "coder:workspaces.operate" APIKeyScopeAssignOrgRoleRead APIKeyScope = "assign_org_role:read"
APIKeyScopeFileAll APIKeyScope = "file:*" APIKeyScopeAssignOrgRoleUnassign APIKeyScope = "assign_org_role:unassign"
APIKeyScopeFileCreate APIKeyScope = "file:create" APIKeyScopeAssignOrgRoleUpdate APIKeyScope = "assign_org_role:update"
APIKeyScopeFileRead APIKeyScope = "file:read" APIKeyScopeAssignRoleAll APIKeyScope = "assign_role:*"
APIKeyScopeTemplateAll APIKeyScope = "template:*" APIKeyScopeAssignRoleAssign APIKeyScope = "assign_role:assign"
APIKeyScopeTemplateCreate APIKeyScope = "template:create" APIKeyScopeAssignRoleRead APIKeyScope = "assign_role:read"
APIKeyScopeTemplateDelete APIKeyScope = "template:delete" APIKeyScopeAssignRoleUnassign APIKeyScope = "assign_role:unassign"
APIKeyScopeTemplateRead APIKeyScope = "template:read" APIKeyScopeAuditLogAll APIKeyScope = "audit_log:*"
APIKeyScopeTemplateUpdate APIKeyScope = "template:update" APIKeyScopeAuditLogCreate APIKeyScope = "audit_log:create"
APIKeyScopeTemplateUse APIKeyScope = "template:use" APIKeyScopeAuditLogRead APIKeyScope = "audit_log:read"
APIKeyScopeUserReadPersonal APIKeyScope = "user:read_personal" APIKeyScopeCoderAll APIKeyScope = "coder:all"
APIKeyScopeUserUpdatePersonal APIKeyScope = "user:update_personal" APIKeyScopeCoderApikeysManageSelf APIKeyScope = "coder:apikeys.manage_self"
APIKeyScopeUserSecretAll APIKeyScope = "user_secret:*" APIKeyScopeCoderApplicationConnect APIKeyScope = "coder:application_connect"
APIKeyScopeUserSecretCreate APIKeyScope = "user_secret:create" APIKeyScopeCoderTemplatesAuthor APIKeyScope = "coder:templates.author"
APIKeyScopeUserSecretDelete APIKeyScope = "user_secret:delete" APIKeyScopeCoderTemplatesBuild APIKeyScope = "coder:templates.build"
APIKeyScopeUserSecretRead APIKeyScope = "user_secret:read" APIKeyScopeCoderWorkspacesAccess APIKeyScope = "coder:workspaces.access"
APIKeyScopeUserSecretUpdate APIKeyScope = "user_secret:update" APIKeyScopeCoderWorkspacesCreate APIKeyScope = "coder:workspaces.create"
APIKeyScopeWorkspaceAll APIKeyScope = "workspace:*" APIKeyScopeCoderWorkspacesDelete APIKeyScope = "coder:workspaces.delete"
APIKeyScopeWorkspaceApplicationConnect APIKeyScope = "workspace:application_connect" APIKeyScopeCoderWorkspacesOperate APIKeyScope = "coder:workspaces.operate"
APIKeyScopeWorkspaceCreate APIKeyScope = "workspace:create" APIKeyScopeConnectionLogAll APIKeyScope = "connection_log:*"
APIKeyScopeWorkspaceDelete APIKeyScope = "workspace:delete" APIKeyScopeConnectionLogRead APIKeyScope = "connection_log:read"
APIKeyScopeWorkspaceRead APIKeyScope = "workspace:read" APIKeyScopeConnectionLogUpdate APIKeyScope = "connection_log:update"
APIKeyScopeWorkspaceSsh APIKeyScope = "workspace:ssh" APIKeyScopeCryptoKeyAll APIKeyScope = "crypto_key:*"
APIKeyScopeWorkspaceStart APIKeyScope = "workspace:start" APIKeyScopeCryptoKeyCreate APIKeyScope = "crypto_key:create"
APIKeyScopeWorkspaceStop APIKeyScope = "workspace:stop" APIKeyScopeCryptoKeyDelete APIKeyScope = "crypto_key:delete"
APIKeyScopeWorkspaceUpdate APIKeyScope = "workspace:update" APIKeyScopeCryptoKeyRead APIKeyScope = "crypto_key:read"
APIKeyScopeCryptoKeyUpdate APIKeyScope = "crypto_key:update"
APIKeyScopeDebugInfoAll APIKeyScope = "debug_info:*"
APIKeyScopeDebugInfoRead APIKeyScope = "debug_info:read"
APIKeyScopeDeploymentConfigAll APIKeyScope = "deployment_config:*"
APIKeyScopeDeploymentConfigRead APIKeyScope = "deployment_config:read"
APIKeyScopeDeploymentConfigUpdate APIKeyScope = "deployment_config:update"
APIKeyScopeDeploymentStatsAll APIKeyScope = "deployment_stats:*"
APIKeyScopeDeploymentStatsRead APIKeyScope = "deployment_stats:read"
APIKeyScopeFileAll APIKeyScope = "file:*"
APIKeyScopeFileCreate APIKeyScope = "file:create"
APIKeyScopeFileRead APIKeyScope = "file:read"
APIKeyScopeGroupAll APIKeyScope = "group:*"
APIKeyScopeGroupCreate APIKeyScope = "group:create"
APIKeyScopeGroupDelete APIKeyScope = "group:delete"
APIKeyScopeGroupRead APIKeyScope = "group:read"
APIKeyScopeGroupUpdate APIKeyScope = "group:update"
APIKeyScopeGroupMemberAll APIKeyScope = "group_member:*"
APIKeyScopeGroupMemberRead APIKeyScope = "group_member:read"
APIKeyScopeIdpsyncSettingsAll APIKeyScope = "idpsync_settings:*"
APIKeyScopeIdpsyncSettingsRead APIKeyScope = "idpsync_settings:read"
APIKeyScopeIdpsyncSettingsUpdate APIKeyScope = "idpsync_settings:update"
APIKeyScopeInboxNotificationAll APIKeyScope = "inbox_notification:*"
APIKeyScopeInboxNotificationCreate APIKeyScope = "inbox_notification:create"
APIKeyScopeInboxNotificationRead APIKeyScope = "inbox_notification:read"
APIKeyScopeInboxNotificationUpdate APIKeyScope = "inbox_notification:update"
APIKeyScopeLicenseAll APIKeyScope = "license:*"
APIKeyScopeLicenseCreate APIKeyScope = "license:create"
APIKeyScopeLicenseDelete APIKeyScope = "license:delete"
APIKeyScopeLicenseRead APIKeyScope = "license:read"
APIKeyScopeNotificationMessageAll APIKeyScope = "notification_message:*"
APIKeyScopeNotificationMessageCreate APIKeyScope = "notification_message:create"
APIKeyScopeNotificationMessageDelete APIKeyScope = "notification_message:delete"
APIKeyScopeNotificationMessageRead APIKeyScope = "notification_message:read"
APIKeyScopeNotificationMessageUpdate APIKeyScope = "notification_message:update"
APIKeyScopeNotificationPreferenceAll APIKeyScope = "notification_preference:*"
APIKeyScopeNotificationPreferenceRead APIKeyScope = "notification_preference:read"
APIKeyScopeNotificationPreferenceUpdate APIKeyScope = "notification_preference:update"
APIKeyScopeNotificationTemplateAll APIKeyScope = "notification_template:*"
APIKeyScopeNotificationTemplateRead APIKeyScope = "notification_template:read"
APIKeyScopeNotificationTemplateUpdate APIKeyScope = "notification_template:update"
APIKeyScopeOauth2AppAll APIKeyScope = "oauth2_app:*"
APIKeyScopeOauth2AppCreate APIKeyScope = "oauth2_app:create"
APIKeyScopeOauth2AppDelete APIKeyScope = "oauth2_app:delete"
APIKeyScopeOauth2AppRead APIKeyScope = "oauth2_app:read"
APIKeyScopeOauth2AppUpdate APIKeyScope = "oauth2_app:update"
APIKeyScopeOauth2AppCodeTokenAll APIKeyScope = "oauth2_app_code_token:*"
APIKeyScopeOauth2AppCodeTokenCreate APIKeyScope = "oauth2_app_code_token:create"
APIKeyScopeOauth2AppCodeTokenDelete APIKeyScope = "oauth2_app_code_token:delete"
APIKeyScopeOauth2AppCodeTokenRead APIKeyScope = "oauth2_app_code_token:read"
APIKeyScopeOauth2AppSecretAll APIKeyScope = "oauth2_app_secret:*"
APIKeyScopeOauth2AppSecretCreate APIKeyScope = "oauth2_app_secret:create"
APIKeyScopeOauth2AppSecretDelete APIKeyScope = "oauth2_app_secret:delete"
APIKeyScopeOauth2AppSecretRead APIKeyScope = "oauth2_app_secret:read"
APIKeyScopeOauth2AppSecretUpdate APIKeyScope = "oauth2_app_secret:update"
APIKeyScopeOrganizationAll APIKeyScope = "organization:*"
APIKeyScopeOrganizationCreate APIKeyScope = "organization:create"
APIKeyScopeOrganizationDelete APIKeyScope = "organization:delete"
APIKeyScopeOrganizationRead APIKeyScope = "organization:read"
APIKeyScopeOrganizationUpdate APIKeyScope = "organization:update"
APIKeyScopeOrganizationMemberAll APIKeyScope = "organization_member:*"
APIKeyScopeOrganizationMemberCreate APIKeyScope = "organization_member:create"
APIKeyScopeOrganizationMemberDelete APIKeyScope = "organization_member:delete"
APIKeyScopeOrganizationMemberRead APIKeyScope = "organization_member:read"
APIKeyScopeOrganizationMemberUpdate APIKeyScope = "organization_member:update"
APIKeyScopePrebuiltWorkspaceAll APIKeyScope = "prebuilt_workspace:*"
APIKeyScopePrebuiltWorkspaceDelete APIKeyScope = "prebuilt_workspace:delete"
APIKeyScopePrebuiltWorkspaceUpdate APIKeyScope = "prebuilt_workspace:update"
APIKeyScopeProvisionerDaemonAll APIKeyScope = "provisioner_daemon:*"
APIKeyScopeProvisionerDaemonCreate APIKeyScope = "provisioner_daemon:create"
APIKeyScopeProvisionerDaemonDelete APIKeyScope = "provisioner_daemon:delete"
APIKeyScopeProvisionerDaemonRead APIKeyScope = "provisioner_daemon:read"
APIKeyScopeProvisionerDaemonUpdate APIKeyScope = "provisioner_daemon:update"
APIKeyScopeProvisionerJobsAll APIKeyScope = "provisioner_jobs:*"
APIKeyScopeProvisionerJobsCreate APIKeyScope = "provisioner_jobs:create"
APIKeyScopeProvisionerJobsRead APIKeyScope = "provisioner_jobs:read"
APIKeyScopeProvisionerJobsUpdate APIKeyScope = "provisioner_jobs:update"
APIKeyScopeReplicasAll APIKeyScope = "replicas:*"
APIKeyScopeReplicasRead APIKeyScope = "replicas:read"
APIKeyScopeSystemAll APIKeyScope = "system:*"
APIKeyScopeSystemCreate APIKeyScope = "system:create"
APIKeyScopeSystemDelete APIKeyScope = "system:delete"
APIKeyScopeSystemRead APIKeyScope = "system:read"
APIKeyScopeSystemUpdate APIKeyScope = "system:update"
APIKeyScopeTailnetCoordinatorAll APIKeyScope = "tailnet_coordinator:*"
APIKeyScopeTailnetCoordinatorCreate APIKeyScope = "tailnet_coordinator:create"
APIKeyScopeTailnetCoordinatorDelete APIKeyScope = "tailnet_coordinator:delete"
APIKeyScopeTailnetCoordinatorRead APIKeyScope = "tailnet_coordinator:read"
APIKeyScopeTailnetCoordinatorUpdate APIKeyScope = "tailnet_coordinator:update"
APIKeyScopeTemplateAll APIKeyScope = "template:*"
APIKeyScopeTemplateCreate APIKeyScope = "template:create"
APIKeyScopeTemplateDelete APIKeyScope = "template:delete"
APIKeyScopeTemplateRead APIKeyScope = "template:read"
APIKeyScopeTemplateUpdate APIKeyScope = "template:update"
APIKeyScopeTemplateUse APIKeyScope = "template:use"
APIKeyScopeTemplateViewInsights APIKeyScope = "template:view_insights"
APIKeyScopeUsageEventAll APIKeyScope = "usage_event:*"
APIKeyScopeUsageEventCreate APIKeyScope = "usage_event:create"
APIKeyScopeUsageEventRead APIKeyScope = "usage_event:read"
APIKeyScopeUsageEventUpdate APIKeyScope = "usage_event:update"
APIKeyScopeUserAll APIKeyScope = "user:*"
APIKeyScopeUserCreate APIKeyScope = "user:create"
APIKeyScopeUserDelete APIKeyScope = "user:delete"
APIKeyScopeUserRead APIKeyScope = "user:read"
APIKeyScopeUserReadPersonal APIKeyScope = "user:read_personal"
APIKeyScopeUserUpdate APIKeyScope = "user:update"
APIKeyScopeUserUpdatePersonal APIKeyScope = "user:update_personal"
APIKeyScopeUserSecretAll APIKeyScope = "user_secret:*"
APIKeyScopeUserSecretCreate APIKeyScope = "user_secret:create"
APIKeyScopeUserSecretDelete APIKeyScope = "user_secret:delete"
APIKeyScopeUserSecretRead APIKeyScope = "user_secret:read"
APIKeyScopeUserSecretUpdate APIKeyScope = "user_secret:update"
APIKeyScopeWebpushSubscriptionAll APIKeyScope = "webpush_subscription:*"
APIKeyScopeWebpushSubscriptionCreate APIKeyScope = "webpush_subscription:create"
APIKeyScopeWebpushSubscriptionDelete APIKeyScope = "webpush_subscription:delete"
APIKeyScopeWebpushSubscriptionRead APIKeyScope = "webpush_subscription:read"
APIKeyScopeWorkspaceAll APIKeyScope = "workspace:*"
APIKeyScopeWorkspaceApplicationConnect APIKeyScope = "workspace:application_connect"
APIKeyScopeWorkspaceCreate APIKeyScope = "workspace:create"
APIKeyScopeWorkspaceCreateAgent APIKeyScope = "workspace:create_agent"
APIKeyScopeWorkspaceDelete APIKeyScope = "workspace:delete"
APIKeyScopeWorkspaceDeleteAgent APIKeyScope = "workspace:delete_agent"
APIKeyScopeWorkspaceRead APIKeyScope = "workspace:read"
APIKeyScopeWorkspaceSsh APIKeyScope = "workspace:ssh"
APIKeyScopeWorkspaceStart APIKeyScope = "workspace:start"
APIKeyScopeWorkspaceStop APIKeyScope = "workspace:stop"
APIKeyScopeWorkspaceUpdate APIKeyScope = "workspace:update"
APIKeyScopeWorkspaceAgentDevcontainersAll APIKeyScope = "workspace_agent_devcontainers:*"
APIKeyScopeWorkspaceAgentDevcontainersCreate APIKeyScope = "workspace_agent_devcontainers:create"
APIKeyScopeWorkspaceAgentResourceMonitorAll APIKeyScope = "workspace_agent_resource_monitor:*"
APIKeyScopeWorkspaceAgentResourceMonitorCreate APIKeyScope = "workspace_agent_resource_monitor:create"
APIKeyScopeWorkspaceAgentResourceMonitorRead APIKeyScope = "workspace_agent_resource_monitor:read"
APIKeyScopeWorkspaceAgentResourceMonitorUpdate APIKeyScope = "workspace_agent_resource_monitor:update"
APIKeyScopeWorkspaceDormantAll APIKeyScope = "workspace_dormant:*"
APIKeyScopeWorkspaceDormantApplicationConnect APIKeyScope = "workspace_dormant:application_connect"
APIKeyScopeWorkspaceDormantCreate APIKeyScope = "workspace_dormant:create"
APIKeyScopeWorkspaceDormantCreateAgent APIKeyScope = "workspace_dormant:create_agent"
APIKeyScopeWorkspaceDormantDelete APIKeyScope = "workspace_dormant:delete"
APIKeyScopeWorkspaceDormantDeleteAgent APIKeyScope = "workspace_dormant:delete_agent"
APIKeyScopeWorkspaceDormantRead APIKeyScope = "workspace_dormant:read"
APIKeyScopeWorkspaceDormantSsh APIKeyScope = "workspace_dormant:ssh"
APIKeyScopeWorkspaceDormantStart APIKeyScope = "workspace_dormant:start"
APIKeyScopeWorkspaceDormantStop APIKeyScope = "workspace_dormant:stop"
APIKeyScopeWorkspaceDormantUpdate APIKeyScope = "workspace_dormant:update"
APIKeyScopeWorkspaceProxyAll APIKeyScope = "workspace_proxy:*"
APIKeyScopeWorkspaceProxyCreate APIKeyScope = "workspace_proxy:create"
APIKeyScopeWorkspaceProxyDelete APIKeyScope = "workspace_proxy:delete"
APIKeyScopeWorkspaceProxyRead APIKeyScope = "workspace_proxy:read"
APIKeyScopeWorkspaceProxyUpdate APIKeyScope = "workspace_proxy:update"
) )
// PublicAPIKeyScopes lists all public low-level API key scopes. // PublicAPIKeyScopes lists all public low-level API key scopes.
docs/reference/api/schemas.md
Generated
+191 -43
View File
@@ -711,49 +711,197 @@
#### Enumerated Values #### Enumerated Values
| Value | | Value |
|---------------------------------| |-------------------------------------------|
| `all` | | `all` |
| `application_connect` | | `application_connect` |
| `api_key:*` | | `aibridge_interception:*` |
| `api_key:create` | | `aibridge_interception:create` |
| `api_key:delete` | | `aibridge_interception:read` |
| `api_key:read` | | `aibridge_interception:update` |
| `api_key:update` | | `api_key:*` |
| `coder:all` | | `api_key:create` |
| `coder:apikeys.manage_self` | | `api_key:delete` |
| `coder:application_connect` | | `api_key:read` |
| `coder:templates.author` | | `api_key:update` |
| `coder:templates.build` | | `assign_org_role:*` |
| `coder:workspaces.access` | | `assign_org_role:assign` |
| `coder:workspaces.create` | | `assign_org_role:create` |
| `coder:workspaces.delete` | | `assign_org_role:delete` |
| `coder:workspaces.operate` | | `assign_org_role:read` |
| `file:*` | | `assign_org_role:unassign` |
| `file:create` | | `assign_org_role:update` |
| `file:read` | | `assign_role:*` |
| `template:*` | | `assign_role:assign` |
| `template:create` | | `assign_role:read` |
| `template:delete` | | `assign_role:unassign` |
| `template:read` | | `audit_log:*` |
| `template:update` | | `audit_log:create` |
| `template:use` | | `audit_log:read` |
| `user:read_personal` | | `coder:all` |
| `user:update_personal` | | `coder:apikeys.manage_self` |
| `user_secret:*` | | `coder:application_connect` |
| `user_secret:create` | | `coder:templates.author` |
| `user_secret:delete` | | `coder:templates.build` |
| `user_secret:read` | | `coder:workspaces.access` |
| `user_secret:update` | | `coder:workspaces.create` |
| `workspace:*` | | `coder:workspaces.delete` |
| `workspace:application_connect` | | `coder:workspaces.operate` |
| `workspace:create` | | `connection_log:*` |
| `workspace:delete` | | `connection_log:read` |
| `workspace:read` | | `connection_log:update` |
| `workspace:ssh` | | `crypto_key:*` |
| `workspace:start` | | `crypto_key:create` |
| `workspace:stop` | | `crypto_key:delete` |
| `workspace:update` | | `crypto_key:read` |
| `crypto_key:update` |
| `debug_info:*` |
| `debug_info:read` |
| `deployment_config:*` |
| `deployment_config:read` |
| `deployment_config:update` |
| `deployment_stats:*` |
| `deployment_stats:read` |
| `file:*` |
| `file:create` |
| `file:read` |
| `group:*` |
| `group:create` |
| `group:delete` |
| `group:read` |
| `group:update` |
| `group_member:*` |
| `group_member:read` |
| `idpsync_settings:*` |
| `idpsync_settings:read` |
| `idpsync_settings:update` |
| `inbox_notification:*` |
| `inbox_notification:create` |
| `inbox_notification:read` |
| `inbox_notification:update` |
| `license:*` |
| `license:create` |
| `license:delete` |
| `license:read` |
| `notification_message:*` |
| `notification_message:create` |
| `notification_message:delete` |
| `notification_message:read` |
| `notification_message:update` |
| `notification_preference:*` |
| `notification_preference:read` |
| `notification_preference:update` |
| `notification_template:*` |
| `notification_template:read` |
| `notification_template:update` |
| `oauth2_app:*` |
| `oauth2_app:create` |
| `oauth2_app:delete` |
| `oauth2_app:read` |
| `oauth2_app:update` |
| `oauth2_app_code_token:*` |
| `oauth2_app_code_token:create` |
| `oauth2_app_code_token:delete` |
| `oauth2_app_code_token:read` |
| `oauth2_app_secret:*` |
| `oauth2_app_secret:create` |
| `oauth2_app_secret:delete` |
| `oauth2_app_secret:read` |
| `oauth2_app_secret:update` |
| `organization:*` |
| `organization:create` |
| `organization:delete` |
| `organization:read` |
| `organization:update` |
| `organization_member:*` |
| `organization_member:create` |
| `organization_member:delete` |
| `organization_member:read` |
| `organization_member:update` |
| `prebuilt_workspace:*` |
| `prebuilt_workspace:delete` |
| `prebuilt_workspace:update` |
| `provisioner_daemon:*` |
| `provisioner_daemon:create` |
| `provisioner_daemon:delete` |
| `provisioner_daemon:read` |
| `provisioner_daemon:update` |
| `provisioner_jobs:*` |
| `provisioner_jobs:create` |
| `provisioner_jobs:read` |
| `provisioner_jobs:update` |
| `replicas:*` |
| `replicas:read` |
| `system:*` |
| `system:create` |
| `system:delete` |
| `system:read` |
| `system:update` |
| `tailnet_coordinator:*` |
| `tailnet_coordinator:create` |
| `tailnet_coordinator:delete` |
| `tailnet_coordinator:read` |
| `tailnet_coordinator:update` |
| `template:*` |
| `template:create` |
| `template:delete` |
| `template:read` |
| `template:update` |
| `template:use` |
| `template:view_insights` |
| `usage_event:*` |
| `usage_event:create` |
| `usage_event:read` |
| `usage_event:update` |
| `user:*` |
| `user:create` |
| `user:delete` |
| `user:read` |
| `user:read_personal` |
| `user:update` |
| `user:update_personal` |
| `user_secret:*` |
| `user_secret:create` |
| `user_secret:delete` |
| `user_secret:read` |
| `user_secret:update` |
| `webpush_subscription:*` |
| `webpush_subscription:create` |
| `webpush_subscription:delete` |
| `webpush_subscription:read` |
| `workspace:*` |
| `workspace:application_connect` |
| `workspace:create` |
| `workspace:create_agent` |
| `workspace:delete` |
| `workspace:delete_agent` |
| `workspace:read` |
| `workspace:ssh` |
| `workspace:start` |
| `workspace:stop` |
| `workspace:update` |
| `workspace_agent_devcontainers:*` |
| `workspace_agent_devcontainers:create` |
| `workspace_agent_resource_monitor:*` |
| `workspace_agent_resource_monitor:create` |
| `workspace_agent_resource_monitor:read` |
| `workspace_agent_resource_monitor:update` |
| `workspace_dormant:*` |
| `workspace_dormant:application_connect` |
| `workspace_dormant:create` |
| `workspace_dormant:create_agent` |
| `workspace_dormant:delete` |
| `workspace_dormant:delete_agent` |
| `workspace_dormant:read` |
| `workspace_dormant:ssh` |
| `workspace_dormant:start` |
| `workspace_dormant:stop` |
| `workspace_dormant:update` |
| `workspace_proxy:*` |
| `workspace_proxy:create` |
| `workspace_proxy:delete` |
| `workspace_proxy:read` |
| `workspace_proxy:update` |
## codersdk.AddLicenseRequest ## codersdk.AddLicenseRequest
scripts/apikeyscopesgen/main.go
+55 -15
View File
@@ -25,8 +25,8 @@ func main() {
} }
func generate() ([]byte, error) { func generate() ([]byte, error) {
names := rbac.ExternalScopeNames() allNames := collectAllScopeNames()
slices.Sort(names) publicNames := rbac.ExternalScopeNames()
var b bytes.Buffer var b bytes.Buffer
if _, err := b.WriteString("// Code generated by scripts/apikeyscopesgen. DO NOT EDIT.\n"); err != nil { if _, err := b.WriteString("// Code generated by scripts/apikeyscopesgen. DO NOT EDIT.\n"); err != nil {
@@ -61,13 +61,9 @@ func generate() ([]byte, error) {
if _, err := b.WriteString("\tAPIKeyScopeApplicationConnect APIKeyScope = \"application_connect\"\n"); err != nil { if _, err := b.WriteString("\tAPIKeyScopeApplicationConnect APIKeyScope = \"application_connect\"\n"); err != nil {
return nil, err return nil, err
} }
for _, n := range names { for _, name := range allNames {
res, act := splitRA(n) constName := constNameForScope(name)
if act == policy.WildcardSymbol { if _, err := fmt.Fprintf(&b, "\t%s APIKeyScope = \"%s\"\n", constName, name); err != nil {
act = "All"
}
constName := fmt.Sprintf("APIKeyScope%s%s", pascal(res), pascal(act))
if _, err := fmt.Fprintf(&b, "\t%s APIKeyScope = \"%s\"\n", constName, n); err != nil {
return nil, err return nil, err
} }
} }
@@ -82,12 +78,8 @@ func generate() ([]byte, error) {
if _, err := b.WriteString("var PublicAPIKeyScopes = []APIKeyScope{\n"); err != nil { if _, err := b.WriteString("var PublicAPIKeyScopes = []APIKeyScope{\n"); err != nil {
return nil, err return nil, err
} }
for _, n := range names { for _, name := range publicNames {
res, act := splitRA(n) constName := constNameForScope(name)
if act == policy.WildcardSymbol {
act = "All"
}
constName := fmt.Sprintf("APIKeyScope%s%s", pascal(res), pascal(act))
if _, err := fmt.Fprintf(&b, "\t%s,\n", constName); err != nil { if _, err := fmt.Fprintf(&b, "\t%s,\n", constName); err != nil {
return nil, err return nil, err
} }
@@ -99,6 +91,54 @@ func generate() ([]byte, error) {
return format.Source(b.Bytes()) return format.Source(b.Bytes())
} }
func collectAllScopeNames() []string {
seen := make(map[string]struct{})
var names []string
add := func(name string) {
if name == "" {
return
}
if _, ok := seen[name]; ok {
return
}
seen[name] = struct{}{}
names = append(names, name)
}
for resource, def := range policy.RBACPermissions {
if resource == policy.WildcardSymbol {
continue
}
add(resource + ":" + policy.WildcardSymbol)
for action := range def.Actions {
add(resource + ":" + string(action))
}
}
for _, name := range rbac.CompositeScopeNames() {
add(name)
}
for _, name := range rbac.BuiltinScopeNames() {
s := string(name)
if !strings.Contains(s, ":") {
continue
}
add(s)
}
slices.Sort(names)
return names
}
func constNameForScope(name string) string {
resource, action := splitRA(name)
if action == policy.WildcardSymbol {
action = "All"
}
return fmt.Sprintf("APIKeyScope%s%s", pascal(resource), pascal(action))
}
func splitRA(name string) (resource string, action string) { func splitRA(name string) (resource string, action string) {
parts := strings.SplitN(name, ":", 2) parts := strings.SplitN(name, ":", 2)
if len(parts) != 2 { if len(parts) != 2 {
scripts/check-scopes/main.go
+19 -5
View File
@@ -58,23 +58,37 @@ func main() {
os.Exit(1) os.Exit(1)
} }
// expectedFromRBAC returns the set of <resource>:<action> pairs derived from RBACPermissions. // expectedFromRBAC returns the set of scope names the DB enum must support.
func expectedFromRBAC() map[string]struct{} { func expectedFromRBAC() map[string]struct{} {
want := make(map[string]struct{}) want := make(map[string]struct{})
// Low-level <resource>:<action> add := func(name string) {
if name == "" {
return
}
want[name] = struct{}{}
}
// Low-level <resource>:<action> and synthesized <resource>:* wildcards
for resource, def := range policy.RBACPermissions { for resource, def := range policy.RBACPermissions {
if resource == policy.WildcardSymbol { if resource == policy.WildcardSymbol {
// Ignore wildcard entry; it has no concrete <resource>:<action> pairs. // Ignore wildcard entry; it has no concrete <resource>:<action> pairs.
continue continue
} }
add(resource + ":" + policy.WildcardSymbol)
for action := range def.Actions { for action := range def.Actions {
key := resource + ":" + string(action) add(resource + ":" + string(action))
want[key] = struct{}{}
} }
} }
// Composite coder:* names // Composite coder:* names
for _, n := range rbac.CompositeScopeNames() { for _, n := range rbac.CompositeScopeNames() {
want[n] = struct{}{} add(n)
}
// Built-in coder-prefixed scopes such as coder:all
for _, n := range rbac.BuiltinScopeNames() {
s := string(n)
if !strings.Contains(s, ":") {
continue
}
add(s)
} }
return want return want
} }
scripts/generate_api_key_scope_enum/main.go
-32
View File
@@ -1,32 +0,0 @@
package main
import (
"fmt"
"sort"
"github.com/coder/coder/v2/coderd/rbac"
"github.com/coder/coder/v2/coderd/rbac/policy"
)
func main() {
seen := map[string]struct{}{}
var vals []string
for resource, def := range policy.RBACPermissions {
if resource == policy.WildcardSymbol {
continue
}
for action := range def.Actions {
vals = append(vals, fmt.Sprintf("%s:%s", resource, action))
}
}
// Include composite coder:* scopes as first-class enum values
vals = append(vals, rbac.CompositeScopeNames()...)
sort.Strings(vals)
for _, v := range vals {
if _, ok := seen[v]; ok {
continue
}
seen[v] = struct{}{}
_, _ = fmt.Printf("ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS '%s';\n", v)
}
}
site/src/api/typesGenerated.ts
Generated
+296
View File
@@ -112,6 +112,10 @@ export interface APIKey {
// From codersdk/apikey.go // From codersdk/apikey.go
export type APIKeyScope = export type APIKeyScope =
| "aibridge_interception:*"
| "aibridge_interception:create"
| "aibridge_interception:read"
| "aibridge_interception:update"
| "all" | "all"
| "api_key:*" | "api_key:*"
| "api_key:create" | "api_key:create"
@@ -119,6 +123,20 @@ export type APIKeyScope =
| "api_key:read" | "api_key:read"
| "api_key:update" | "api_key:update"
| "application_connect" | "application_connect"
| "assign_org_role:*"
| "assign_org_role:assign"
| "assign_org_role:create"
| "assign_org_role:delete"
| "assign_org_role:read"
| "assign_org_role:unassign"
| "assign_org_role:update"
| "assign_role:*"
| "assign_role:assign"
| "assign_role:read"
| "assign_role:unassign"
| "audit_log:*"
| "audit_log:create"
| "audit_log:read"
| "coder:all" | "coder:all"
| "coder:apikeys.manage_self" | "coder:apikeys.manage_self"
| "coder:application_connect" | "coder:application_connect"
@@ -128,26 +146,156 @@ export type APIKeyScope =
| "coder:workspaces.create" | "coder:workspaces.create"
| "coder:workspaces.delete" | "coder:workspaces.delete"
| "coder:workspaces.operate" | "coder:workspaces.operate"
| "connection_log:*"
| "connection_log:read"
| "connection_log:update"
| "crypto_key:*"
| "crypto_key:create"
| "crypto_key:delete"
| "crypto_key:read"
| "crypto_key:update"
| "debug_info:*"
| "debug_info:read"
| "deployment_config:*"
| "deployment_config:read"
| "deployment_config:update"
| "deployment_stats:*"
| "deployment_stats:read"
| "file:*" | "file:*"
| "file:create" | "file:create"
| "file:read" | "file:read"
| "group:*"
| "group:create"
| "group:delete"
| "group_member:*"
| "group_member:read"
| "group:read"
| "group:update"
| "idpsync_settings:*"
| "idpsync_settings:read"
| "idpsync_settings:update"
| "inbox_notification:*"
| "inbox_notification:create"
| "inbox_notification:read"
| "inbox_notification:update"
| "license:*"
| "license:create"
| "license:delete"
| "license:read"
| "notification_message:*"
| "notification_message:create"
| "notification_message:delete"
| "notification_message:read"
| "notification_message:update"
| "notification_preference:*"
| "notification_preference:read"
| "notification_preference:update"
| "notification_template:*"
| "notification_template:read"
| "notification_template:update"
| "oauth2_app:*"
| "oauth2_app_code_token:*"
| "oauth2_app_code_token:create"
| "oauth2_app_code_token:delete"
| "oauth2_app_code_token:read"
| "oauth2_app:create"
| "oauth2_app:delete"
| "oauth2_app:read"
| "oauth2_app_secret:*"
| "oauth2_app_secret:create"
| "oauth2_app_secret:delete"
| "oauth2_app_secret:read"
| "oauth2_app_secret:update"
| "oauth2_app:update"
| "organization:*"
| "organization:create"
| "organization:delete"
| "organization_member:*"
| "organization_member:create"
| "organization_member:delete"
| "organization_member:read"
| "organization_member:update"
| "organization:read"
| "organization:update"
| "prebuilt_workspace:*"
| "prebuilt_workspace:delete"
| "prebuilt_workspace:update"
| "provisioner_daemon:*"
| "provisioner_daemon:create"
| "provisioner_daemon:delete"
| "provisioner_daemon:read"
| "provisioner_daemon:update"
| "provisioner_jobs:*"
| "provisioner_jobs:create"
| "provisioner_jobs:read"
| "provisioner_jobs:update"
| "replicas:*"
| "replicas:read"
| "system:*"
| "system:create"
| "system:delete"
| "system:read"
| "system:update"
| "tailnet_coordinator:*"
| "tailnet_coordinator:create"
| "tailnet_coordinator:delete"
| "tailnet_coordinator:read"
| "tailnet_coordinator:update"
| "template:*" | "template:*"
| "template:create" | "template:create"
| "template:delete" | "template:delete"
| "template:read" | "template:read"
| "template:update" | "template:update"
| "template:use" | "template:use"
| "template:view_insights"
| "usage_event:*"
| "usage_event:create"
| "usage_event:read"
| "usage_event:update"
| "user:*"
| "user:create"
| "user:delete"
| "user:read"
| "user:read_personal" | "user:read_personal"
| "user_secret:*" | "user_secret:*"
| "user_secret:create" | "user_secret:create"
| "user_secret:delete" | "user_secret:delete"
| "user_secret:read" | "user_secret:read"
| "user_secret:update" | "user_secret:update"
| "user:update"
| "user:update_personal" | "user:update_personal"
| "webpush_subscription:*"
| "webpush_subscription:create"
| "webpush_subscription:delete"
| "webpush_subscription:read"
| "workspace_agent_devcontainers:*"
| "workspace_agent_devcontainers:create"
| "workspace_agent_resource_monitor:*"
| "workspace_agent_resource_monitor:create"
| "workspace_agent_resource_monitor:read"
| "workspace_agent_resource_monitor:update"
| "workspace:*" | "workspace:*"
| "workspace:application_connect" | "workspace:application_connect"
| "workspace:create" | "workspace:create"
| "workspace:create_agent"
| "workspace:delete" | "workspace:delete"
| "workspace:delete_agent"
| "workspace_dormant:*"
| "workspace_dormant:application_connect"
| "workspace_dormant:create"
| "workspace_dormant:create_agent"
| "workspace_dormant:delete"
| "workspace_dormant:delete_agent"
| "workspace_dormant:read"
| "workspace_dormant:ssh"
| "workspace_dormant:start"
| "workspace_dormant:stop"
| "workspace_dormant:update"
| "workspace_proxy:*"
| "workspace_proxy:create"
| "workspace_proxy:delete"
| "workspace_proxy:read"
| "workspace_proxy:update"
| "workspace:read" | "workspace:read"
| "workspace:ssh" | "workspace:ssh"
| "workspace:start" | "workspace:start"
@@ -155,6 +303,10 @@ export type APIKeyScope =
| "workspace:update"; | "workspace:update";
export const APIKeyScopes: APIKeyScope[] = [ export const APIKeyScopes: APIKeyScope[] = [
"aibridge_interception:*",
"aibridge_interception:create",
"aibridge_interception:read",
"aibridge_interception:update",
"all", "all",
"api_key:*", "api_key:*",
"api_key:create", "api_key:create",
@@ -162,6 +314,20 @@ export const APIKeyScopes: APIKeyScope[] = [
"api_key:read", "api_key:read",
"api_key:update", "api_key:update",
"application_connect", "application_connect",
"assign_org_role:*",
"assign_org_role:assign",
"assign_org_role:create",
"assign_org_role:delete",
"assign_org_role:read",
"assign_org_role:unassign",
"assign_org_role:update",
"assign_role:*",
"assign_role:assign",
"assign_role:read",
"assign_role:unassign",
"audit_log:*",
"audit_log:create",
"audit_log:read",
"coder:all", "coder:all",
"coder:apikeys.manage_self", "coder:apikeys.manage_self",
"coder:application_connect", "coder:application_connect",
@@ -171,26 +337,156 @@ export const APIKeyScopes: APIKeyScope[] = [
"coder:workspaces.create", "coder:workspaces.create",
"coder:workspaces.delete", "coder:workspaces.delete",
"coder:workspaces.operate", "coder:workspaces.operate",
"connection_log:*",
"connection_log:read",
"connection_log:update",
"crypto_key:*",
"crypto_key:create",
"crypto_key:delete",
"crypto_key:read",
"crypto_key:update",
"debug_info:*",
"debug_info:read",
"deployment_config:*",
"deployment_config:read",
"deployment_config:update",
"deployment_stats:*",
"deployment_stats:read",
"file:*", "file:*",
"file:create", "file:create",
"file:read", "file:read",
"group:*",
"group:create",
"group:delete",
"group_member:*",
"group_member:read",
"group:read",
"group:update",
"idpsync_settings:*",
"idpsync_settings:read",
"idpsync_settings:update",
"inbox_notification:*",
"inbox_notification:create",
"inbox_notification:read",
"inbox_notification:update",
"license:*",
"license:create",
"license:delete",
"license:read",
"notification_message:*",
"notification_message:create",
"notification_message:delete",
"notification_message:read",
"notification_message:update",
"notification_preference:*",
"notification_preference:read",
"notification_preference:update",
"notification_template:*",
"notification_template:read",
"notification_template:update",
"oauth2_app:*",
"oauth2_app_code_token:*",
"oauth2_app_code_token:create",
"oauth2_app_code_token:delete",
"oauth2_app_code_token:read",
"oauth2_app:create",
"oauth2_app:delete",
"oauth2_app:read",
"oauth2_app_secret:*",
"oauth2_app_secret:create",
"oauth2_app_secret:delete",
"oauth2_app_secret:read",
"oauth2_app_secret:update",
"oauth2_app:update",
"organization:*",
"organization:create",
"organization:delete",
"organization_member:*",
"organization_member:create",
"organization_member:delete",
"organization_member:read",
"organization_member:update",
"organization:read",
"organization:update",
"prebuilt_workspace:*",
"prebuilt_workspace:delete",
"prebuilt_workspace:update",
"provisioner_daemon:*",
"provisioner_daemon:create",
"provisioner_daemon:delete",
"provisioner_daemon:read",
"provisioner_daemon:update",
"provisioner_jobs:*",
"provisioner_jobs:create",
"provisioner_jobs:read",
"provisioner_jobs:update",
"replicas:*",
"replicas:read",
"system:*",
"system:create",
"system:delete",
"system:read",
"system:update",
"tailnet_coordinator:*",
"tailnet_coordinator:create",
"tailnet_coordinator:delete",
"tailnet_coordinator:read",
"tailnet_coordinator:update",
"template:*", "template:*",
"template:create", "template:create",
"template:delete", "template:delete",
"template:read", "template:read",
"template:update", "template:update",
"template:use", "template:use",
"template:view_insights",
"usage_event:*",
"usage_event:create",
"usage_event:read",
"usage_event:update",
"user:*",
"user:create",
"user:delete",
"user:read",
"user:read_personal", "user:read_personal",
"user_secret:*", "user_secret:*",
"user_secret:create", "user_secret:create",
"user_secret:delete", "user_secret:delete",
"user_secret:read", "user_secret:read",
"user_secret:update", "user_secret:update",
"user:update",
"user:update_personal", "user:update_personal",
"webpush_subscription:*",
"webpush_subscription:create",
"webpush_subscription:delete",
"webpush_subscription:read",
"workspace_agent_devcontainers:*",
"workspace_agent_devcontainers:create",
"workspace_agent_resource_monitor:*",
"workspace_agent_resource_monitor:create",
"workspace_agent_resource_monitor:read",
"workspace_agent_resource_monitor:update",
"workspace:*", "workspace:*",
"workspace:application_connect", "workspace:application_connect",
"workspace:create", "workspace:create",
"workspace:create_agent",
"workspace:delete", "workspace:delete",
"workspace:delete_agent",
"workspace_dormant:*",
"workspace_dormant:application_connect",
"workspace_dormant:create",
"workspace_dormant:create_agent",
"workspace_dormant:delete",
"workspace_dormant:delete_agent",
"workspace_dormant:read",
"workspace_dormant:ssh",
"workspace_dormant:start",
"workspace_dormant:stop",
"workspace_dormant:update",
"workspace_proxy:*",
"workspace_proxy:create",
"workspace_proxy:delete",
"workspace_proxy:read",
"workspace_proxy:update",
"workspace:read", "workspace:read",
"workspace:ssh", "workspace:ssh",
"workspace:start", "workspace:start",