mirror of
https://github.com/coder/coder.git
synced 2026-06-03 04:58:23 +00:00
Yevhenii Shcherbina
4124d1137d
# Summary Implements https://linear.app/codercom/issue/AIGOV-282/add-ai-model-price-table-and-seed-generator This PR lays the groundwork for AI Bridge cost controls (per the AI Governance RFC). It adds the foundation needed for future cost tracking: a place to store per-model token prices, a way to keep those prices in sync with upstream pricing data, and a startup mechanism that ensures every deployment has prices loaded before AI Bridge starts processing requests. The price data comes from [models.dev](https://models.dev/), a community-maintained catalogue of AI provider pricing. A generator script fetches the latest prices, filters to Anthropic and OpenAI for now, and produces a seed file checked into the repository. On every server startup the seed is applied to the database, so new releases automatically pick up any price corrections that landed since the previous one. Existing rows are overwritten with the latest prices; rows for models no longer in the seed are left untouched. # Batching the AI model price seed: three approaches Context: at server startup we seed the `ai_model_prices` table from an embedded JSON price book (~70 rows today, will grow as we add providers, potentially 4000+). Each row is: ```text (provider, model, input_price, output_price, cache_read_price, cache_write_price) ``` Any of the four price columns can be: - `NULL` → “price unknown for this dimension” - explicit `0` → “free” The batch must be an UPSERT so re-running is idempotent and existing rows pick up new prices. We considered three implementations. --- ## Approach 1 — Per-row UPSERT in a Go loop ```go for _, row := range rows { if err := db.UpsertAIModelPrice(ctx, database.UpsertAIModelPriceParams{ Provider: row.Provider, Model: row.Model, InputPrice: nullInt64(row.InputPrice), // ... }); err != nil { return err } } ``` ### Pros - Trivial. - NULL handling falls out naturally from `sql.NullInt64`. ### Cons - `N` round-trips per seed. - With ~70 rows that means ~70 statement executions on every startup, even inside a transaction. - Doesn't scale gracefully as the price book grows, potentially 4000+. --- ## Approach 2 — `UNNEST` with parallel arrays Pass each column as a separate Go slice. Postgres unnests them in parallel into a virtual table, then `INSERT ... SELECT`. ```sql INSERT INTO ai_model_prices ( provider, model, input_price, output_price, cache_read_price, cache_write_price ) SELECT UNNEST(@providers::text[]), UNNEST(@models::text[]), NULLIF(UNNEST(@input_prices::bigint[]), -1), NULLIF(UNNEST(@output_prices::bigint[]), -1), NULLIF(UNNEST(@cache_read_prices::bigint[]), -1), NULLIF(UNNEST(@cache_write_prices::bigint[]), -1) ON CONFLICT (provider, model) DO UPDATE SET input_price = EXCLUDED.input_price, output_price = EXCLUDED.output_price, cache_read_price = EXCLUDED.cache_read_price, cache_write_price = EXCLUDED.cache_write_price, updated_at = NOW(); ``` Go side: flatten rows into six parallel slices. Use a sentinel (`-1`) for “missing”, since `lib/pq` can't encode `NULL` into a `bigint[]` element. ```go providers := make([]string, len(rows)) models := make([]string, len(rows)) inputs := make([]int64, len(rows)) outputs := make([]int64, len(rows)) cacheR := make([]int64, len(rows)) cacheW := make([]int64, len(rows)) for i, r := range rows { providers[i] = r.Provider models[i] = r.Model inputs[i] = -1 if r.InputPrice != nil { inputs[i] = *r.InputPrice } outputs[i] = -1 if r.OutputPrice != nil { outputs[i] = *r.OutputPrice } cacheR[i] = -1 if r.CacheReadPrice != nil { cacheR[i] = *r.CacheReadPrice } cacheW[i] = -1 if r.CacheWritePrice != nil { cacheW[i] = *r.CacheWritePrice } } return db.UpsertAIModelPrices(ctx, database.UpsertAIModelPricesParams{ Providers: providers, Models: models, InputPrices: inputs, OutputPrices: outputs, CacheReadPrices: cacheR, CacheWritePrices: cacheW, }) ``` ### Pros - Single round-trip. ### Cons - The generated `sqlc` params become plain `[]int64`, which can't represent `NULL`. --- ## Approach 3 — `jsonb_array_elements` over a single `@seed::jsonb` (chosen) Pass the raw seed JSON as one parameter; let Postgres expand and parse it. ```sql INSERT INTO ai_model_prices ( provider, model, input_price, output_price, cache_read_price, cache_write_price ) SELECT elem->>'provider', elem->>'model', (elem->>'input_price')::bigint, (elem->>'output_price')::bigint, (elem->>'cache_read_price')::bigint, (elem->>'cache_write_price')::bigint FROM jsonb_array_elements(@seed::jsonb) AS elem ON CONFLICT (provider, model) DO UPDATE SET input_price = EXCLUDED.input_price, output_price = EXCLUDED.output_price, cache_read_price = EXCLUDED.cache_read_price, cache_write_price = EXCLUDED.cache_write_price, updated_at = NOW(); ``` Go side reduces to: ```go return db.UpsertAIModelPrices(ctx, seedJSON) ``` ### Pros - Single round-trip. - NULLs fall out naturally: - `(elem->>'cache_write_price')::bigint` becomes `NULL` - no sentinels - The seed is already JSON: - Existing precedent: - `jsonb_array_elements` is already used elsewhere in the codebase ### Cons - Less type-safe at the SQL boundary than `UNNEST` - Slightly less standard than `UNNEST` - Readers need familiarity with: - `jsonb_array_elements` - `->>` extraction syntax - Postgres pays JSON parse cost - negligible at our scale --- --- # Decision We picked Approach 3. It collapses the round-trips like `UNNEST` does, but without: - nullable-array workarounds - sentinel values
506 lines
21 KiB
Go
506 lines
21 KiB
Go
// Code generated by: go run ./scripts/typegen rbac scopenames; DO NOT EDIT.
|
|
package rbac
|
|
|
|
// ScopeName constants generated from policy.RBACPermissions.
|
|
// These represent low-level "<resource>:<action>" scope names.
|
|
// Built-in non-low-level scopes like "all" and "application_connect" remain
|
|
// declared in code, not here, to avoid duplication.
|
|
|
|
const (
|
|
ScopeAiModelPriceRead ScopeName = "ai_model_price:read"
|
|
ScopeAiModelPriceUpdate ScopeName = "ai_model_price:update"
|
|
ScopeAiSeatCreate ScopeName = "ai_seat:create"
|
|
ScopeAiSeatRead ScopeName = "ai_seat:read"
|
|
ScopeAibridgeInterceptionCreate ScopeName = "aibridge_interception:create"
|
|
ScopeAibridgeInterceptionRead ScopeName = "aibridge_interception:read"
|
|
ScopeAibridgeInterceptionUpdate ScopeName = "aibridge_interception:update"
|
|
ScopeApiKeyCreate ScopeName = "api_key:create"
|
|
ScopeApiKeyDelete ScopeName = "api_key:delete"
|
|
ScopeApiKeyRead ScopeName = "api_key:read"
|
|
ScopeApiKeyUpdate ScopeName = "api_key:update"
|
|
ScopeAssignOrgRoleAssign ScopeName = "assign_org_role:assign"
|
|
ScopeAssignOrgRoleCreate ScopeName = "assign_org_role:create"
|
|
ScopeAssignOrgRoleDelete ScopeName = "assign_org_role:delete"
|
|
ScopeAssignOrgRoleRead ScopeName = "assign_org_role:read"
|
|
ScopeAssignOrgRoleUnassign ScopeName = "assign_org_role:unassign"
|
|
ScopeAssignOrgRoleUpdate ScopeName = "assign_org_role:update"
|
|
ScopeAssignRoleAssign ScopeName = "assign_role:assign"
|
|
ScopeAssignRoleRead ScopeName = "assign_role:read"
|
|
ScopeAssignRoleUnassign ScopeName = "assign_role:unassign"
|
|
ScopeAuditLogCreate ScopeName = "audit_log:create"
|
|
ScopeAuditLogRead ScopeName = "audit_log:read"
|
|
ScopeBoundaryUsageDelete ScopeName = "boundary_usage:delete"
|
|
ScopeBoundaryUsageRead ScopeName = "boundary_usage:read"
|
|
ScopeBoundaryUsageUpdate ScopeName = "boundary_usage:update"
|
|
ScopeChatCreate ScopeName = "chat:create"
|
|
ScopeChatDelete ScopeName = "chat:delete"
|
|
ScopeChatRead ScopeName = "chat:read"
|
|
ScopeChatUpdate ScopeName = "chat:update"
|
|
ScopeConnectionLogRead ScopeName = "connection_log:read"
|
|
ScopeConnectionLogUpdate ScopeName = "connection_log:update"
|
|
ScopeCryptoKeyCreate ScopeName = "crypto_key:create"
|
|
ScopeCryptoKeyDelete ScopeName = "crypto_key:delete"
|
|
ScopeCryptoKeyRead ScopeName = "crypto_key:read"
|
|
ScopeCryptoKeyUpdate ScopeName = "crypto_key:update"
|
|
ScopeDebugInfoRead ScopeName = "debug_info:read"
|
|
ScopeDeploymentConfigRead ScopeName = "deployment_config:read"
|
|
ScopeDeploymentConfigUpdate ScopeName = "deployment_config:update"
|
|
ScopeDeploymentStatsRead ScopeName = "deployment_stats:read"
|
|
ScopeFileCreate ScopeName = "file:create"
|
|
ScopeFileRead ScopeName = "file:read"
|
|
ScopeGroupCreate ScopeName = "group:create"
|
|
ScopeGroupDelete ScopeName = "group:delete"
|
|
ScopeGroupRead ScopeName = "group:read"
|
|
ScopeGroupUpdate ScopeName = "group:update"
|
|
ScopeGroupMemberRead ScopeName = "group_member:read"
|
|
ScopeIdpsyncSettingsRead ScopeName = "idpsync_settings:read"
|
|
ScopeIdpsyncSettingsUpdate ScopeName = "idpsync_settings:update"
|
|
ScopeInboxNotificationCreate ScopeName = "inbox_notification:create"
|
|
ScopeInboxNotificationRead ScopeName = "inbox_notification:read"
|
|
ScopeInboxNotificationUpdate ScopeName = "inbox_notification:update"
|
|
ScopeLicenseCreate ScopeName = "license:create"
|
|
ScopeLicenseDelete ScopeName = "license:delete"
|
|
ScopeLicenseRead ScopeName = "license:read"
|
|
ScopeNotificationMessageCreate ScopeName = "notification_message:create"
|
|
ScopeNotificationMessageDelete ScopeName = "notification_message:delete"
|
|
ScopeNotificationMessageRead ScopeName = "notification_message:read"
|
|
ScopeNotificationMessageUpdate ScopeName = "notification_message:update"
|
|
ScopeNotificationPreferenceRead ScopeName = "notification_preference:read"
|
|
ScopeNotificationPreferenceUpdate ScopeName = "notification_preference:update"
|
|
ScopeNotificationTemplateRead ScopeName = "notification_template:read"
|
|
ScopeNotificationTemplateUpdate ScopeName = "notification_template:update"
|
|
ScopeOauth2AppCreate ScopeName = "oauth2_app:create"
|
|
ScopeOauth2AppDelete ScopeName = "oauth2_app:delete"
|
|
ScopeOauth2AppRead ScopeName = "oauth2_app:read"
|
|
ScopeOauth2AppUpdate ScopeName = "oauth2_app:update"
|
|
ScopeOauth2AppCodeTokenCreate ScopeName = "oauth2_app_code_token:create"
|
|
ScopeOauth2AppCodeTokenDelete ScopeName = "oauth2_app_code_token:delete"
|
|
ScopeOauth2AppCodeTokenRead ScopeName = "oauth2_app_code_token:read"
|
|
ScopeOauth2AppSecretCreate ScopeName = "oauth2_app_secret:create"
|
|
ScopeOauth2AppSecretDelete ScopeName = "oauth2_app_secret:delete"
|
|
ScopeOauth2AppSecretRead ScopeName = "oauth2_app_secret:read"
|
|
ScopeOauth2AppSecretUpdate ScopeName = "oauth2_app_secret:update"
|
|
ScopeOrganizationCreate ScopeName = "organization:create"
|
|
ScopeOrganizationDelete ScopeName = "organization:delete"
|
|
ScopeOrganizationRead ScopeName = "organization:read"
|
|
ScopeOrganizationUpdate ScopeName = "organization:update"
|
|
ScopeOrganizationMemberCreate ScopeName = "organization_member:create"
|
|
ScopeOrganizationMemberDelete ScopeName = "organization_member:delete"
|
|
ScopeOrganizationMemberRead ScopeName = "organization_member:read"
|
|
ScopeOrganizationMemberUpdate ScopeName = "organization_member:update"
|
|
ScopePrebuiltWorkspaceDelete ScopeName = "prebuilt_workspace:delete"
|
|
ScopePrebuiltWorkspaceUpdate ScopeName = "prebuilt_workspace:update"
|
|
ScopeProvisionerDaemonCreate ScopeName = "provisioner_daemon:create"
|
|
ScopeProvisionerDaemonDelete ScopeName = "provisioner_daemon:delete"
|
|
ScopeProvisionerDaemonRead ScopeName = "provisioner_daemon:read"
|
|
ScopeProvisionerDaemonUpdate ScopeName = "provisioner_daemon:update"
|
|
ScopeProvisionerJobsCreate ScopeName = "provisioner_jobs:create"
|
|
ScopeProvisionerJobsRead ScopeName = "provisioner_jobs:read"
|
|
ScopeProvisionerJobsUpdate ScopeName = "provisioner_jobs:update"
|
|
ScopeReplicasRead ScopeName = "replicas:read"
|
|
ScopeSystemCreate ScopeName = "system:create"
|
|
ScopeSystemDelete ScopeName = "system:delete"
|
|
ScopeSystemRead ScopeName = "system:read"
|
|
ScopeSystemUpdate ScopeName = "system:update"
|
|
ScopeTailnetCoordinatorCreate ScopeName = "tailnet_coordinator:create"
|
|
ScopeTailnetCoordinatorDelete ScopeName = "tailnet_coordinator:delete"
|
|
ScopeTailnetCoordinatorRead ScopeName = "tailnet_coordinator:read"
|
|
ScopeTailnetCoordinatorUpdate ScopeName = "tailnet_coordinator:update"
|
|
ScopeTaskCreate ScopeName = "task:create"
|
|
ScopeTaskDelete ScopeName = "task:delete"
|
|
ScopeTaskRead ScopeName = "task:read"
|
|
ScopeTaskUpdate ScopeName = "task:update"
|
|
ScopeTemplateCreate ScopeName = "template:create"
|
|
ScopeTemplateDelete ScopeName = "template:delete"
|
|
ScopeTemplateRead ScopeName = "template:read"
|
|
ScopeTemplateUpdate ScopeName = "template:update"
|
|
ScopeTemplateUse ScopeName = "template:use"
|
|
ScopeTemplateViewInsights ScopeName = "template:view_insights"
|
|
ScopeUsageEventCreate ScopeName = "usage_event:create"
|
|
ScopeUsageEventRead ScopeName = "usage_event:read"
|
|
ScopeUsageEventUpdate ScopeName = "usage_event:update"
|
|
ScopeUserCreate ScopeName = "user:create"
|
|
ScopeUserDelete ScopeName = "user:delete"
|
|
ScopeUserRead ScopeName = "user:read"
|
|
ScopeUserReadPersonal ScopeName = "user:read_personal"
|
|
ScopeUserUpdate ScopeName = "user:update"
|
|
ScopeUserUpdatePersonal ScopeName = "user:update_personal"
|
|
ScopeUserSecretCreate ScopeName = "user_secret:create"
|
|
ScopeUserSecretDelete ScopeName = "user_secret:delete"
|
|
ScopeUserSecretRead ScopeName = "user_secret:read"
|
|
ScopeUserSecretUpdate ScopeName = "user_secret:update"
|
|
ScopeWebpushSubscriptionCreate ScopeName = "webpush_subscription:create"
|
|
ScopeWebpushSubscriptionDelete ScopeName = "webpush_subscription:delete"
|
|
ScopeWebpushSubscriptionRead ScopeName = "webpush_subscription:read"
|
|
ScopeWorkspaceApplicationConnect ScopeName = "workspace:application_connect"
|
|
ScopeWorkspaceCreate ScopeName = "workspace:create"
|
|
ScopeWorkspaceCreateAgent ScopeName = "workspace:create_agent"
|
|
ScopeWorkspaceDelete ScopeName = "workspace:delete"
|
|
ScopeWorkspaceDeleteAgent ScopeName = "workspace:delete_agent"
|
|
ScopeWorkspaceRead ScopeName = "workspace:read"
|
|
ScopeWorkspaceShare ScopeName = "workspace:share"
|
|
ScopeWorkspaceSsh ScopeName = "workspace:ssh"
|
|
ScopeWorkspaceStart ScopeName = "workspace:start"
|
|
ScopeWorkspaceStop ScopeName = "workspace:stop"
|
|
ScopeWorkspaceUpdate ScopeName = "workspace:update"
|
|
ScopeWorkspaceUpdateAgent ScopeName = "workspace:update_agent"
|
|
ScopeWorkspaceAgentDevcontainersCreate ScopeName = "workspace_agent_devcontainers:create"
|
|
ScopeWorkspaceAgentResourceMonitorCreate ScopeName = "workspace_agent_resource_monitor:create"
|
|
ScopeWorkspaceAgentResourceMonitorRead ScopeName = "workspace_agent_resource_monitor:read"
|
|
ScopeWorkspaceAgentResourceMonitorUpdate ScopeName = "workspace_agent_resource_monitor:update"
|
|
ScopeWorkspaceDormantApplicationConnect ScopeName = "workspace_dormant:application_connect"
|
|
ScopeWorkspaceDormantCreate ScopeName = "workspace_dormant:create"
|
|
ScopeWorkspaceDormantCreateAgent ScopeName = "workspace_dormant:create_agent"
|
|
ScopeWorkspaceDormantDelete ScopeName = "workspace_dormant:delete"
|
|
ScopeWorkspaceDormantDeleteAgent ScopeName = "workspace_dormant:delete_agent"
|
|
ScopeWorkspaceDormantRead ScopeName = "workspace_dormant:read"
|
|
ScopeWorkspaceDormantShare ScopeName = "workspace_dormant:share"
|
|
ScopeWorkspaceDormantSsh ScopeName = "workspace_dormant:ssh"
|
|
ScopeWorkspaceDormantStart ScopeName = "workspace_dormant:start"
|
|
ScopeWorkspaceDormantStop ScopeName = "workspace_dormant:stop"
|
|
ScopeWorkspaceDormantUpdate ScopeName = "workspace_dormant:update"
|
|
ScopeWorkspaceDormantUpdateAgent ScopeName = "workspace_dormant:update_agent"
|
|
ScopeWorkspaceProxyCreate ScopeName = "workspace_proxy:create"
|
|
ScopeWorkspaceProxyDelete ScopeName = "workspace_proxy:delete"
|
|
ScopeWorkspaceProxyRead ScopeName = "workspace_proxy:read"
|
|
ScopeWorkspaceProxyUpdate ScopeName = "workspace_proxy:update"
|
|
)
|
|
|
|
// Valid reports whether the ScopeName matches one of the known scope values.
|
|
// This includes both builtin scope names and generated low-level scopes.
|
|
// Builtins are sourced from rbac.BuiltinScopeNames() at generation time to
|
|
// ensure changes in rbac/scopes.go remain in sync here.
|
|
func (e ScopeName) Valid() bool {
|
|
switch e {
|
|
case ScopeName("coder:all"),
|
|
ScopeName("coder:application_connect"),
|
|
ScopeName("no_user_data"),
|
|
ScopeAiModelPriceRead,
|
|
ScopeAiModelPriceUpdate,
|
|
ScopeAiSeatCreate,
|
|
ScopeAiSeatRead,
|
|
ScopeAibridgeInterceptionCreate,
|
|
ScopeAibridgeInterceptionRead,
|
|
ScopeAibridgeInterceptionUpdate,
|
|
ScopeApiKeyCreate,
|
|
ScopeApiKeyDelete,
|
|
ScopeApiKeyRead,
|
|
ScopeApiKeyUpdate,
|
|
ScopeAssignOrgRoleAssign,
|
|
ScopeAssignOrgRoleCreate,
|
|
ScopeAssignOrgRoleDelete,
|
|
ScopeAssignOrgRoleRead,
|
|
ScopeAssignOrgRoleUnassign,
|
|
ScopeAssignOrgRoleUpdate,
|
|
ScopeAssignRoleAssign,
|
|
ScopeAssignRoleRead,
|
|
ScopeAssignRoleUnassign,
|
|
ScopeAuditLogCreate,
|
|
ScopeAuditLogRead,
|
|
ScopeBoundaryUsageDelete,
|
|
ScopeBoundaryUsageRead,
|
|
ScopeBoundaryUsageUpdate,
|
|
ScopeChatCreate,
|
|
ScopeChatDelete,
|
|
ScopeChatRead,
|
|
ScopeChatUpdate,
|
|
ScopeConnectionLogRead,
|
|
ScopeConnectionLogUpdate,
|
|
ScopeCryptoKeyCreate,
|
|
ScopeCryptoKeyDelete,
|
|
ScopeCryptoKeyRead,
|
|
ScopeCryptoKeyUpdate,
|
|
ScopeDebugInfoRead,
|
|
ScopeDeploymentConfigRead,
|
|
ScopeDeploymentConfigUpdate,
|
|
ScopeDeploymentStatsRead,
|
|
ScopeFileCreate,
|
|
ScopeFileRead,
|
|
ScopeGroupCreate,
|
|
ScopeGroupDelete,
|
|
ScopeGroupRead,
|
|
ScopeGroupUpdate,
|
|
ScopeGroupMemberRead,
|
|
ScopeIdpsyncSettingsRead,
|
|
ScopeIdpsyncSettingsUpdate,
|
|
ScopeInboxNotificationCreate,
|
|
ScopeInboxNotificationRead,
|
|
ScopeInboxNotificationUpdate,
|
|
ScopeLicenseCreate,
|
|
ScopeLicenseDelete,
|
|
ScopeLicenseRead,
|
|
ScopeNotificationMessageCreate,
|
|
ScopeNotificationMessageDelete,
|
|
ScopeNotificationMessageRead,
|
|
ScopeNotificationMessageUpdate,
|
|
ScopeNotificationPreferenceRead,
|
|
ScopeNotificationPreferenceUpdate,
|
|
ScopeNotificationTemplateRead,
|
|
ScopeNotificationTemplateUpdate,
|
|
ScopeOauth2AppCreate,
|
|
ScopeOauth2AppDelete,
|
|
ScopeOauth2AppRead,
|
|
ScopeOauth2AppUpdate,
|
|
ScopeOauth2AppCodeTokenCreate,
|
|
ScopeOauth2AppCodeTokenDelete,
|
|
ScopeOauth2AppCodeTokenRead,
|
|
ScopeOauth2AppSecretCreate,
|
|
ScopeOauth2AppSecretDelete,
|
|
ScopeOauth2AppSecretRead,
|
|
ScopeOauth2AppSecretUpdate,
|
|
ScopeOrganizationCreate,
|
|
ScopeOrganizationDelete,
|
|
ScopeOrganizationRead,
|
|
ScopeOrganizationUpdate,
|
|
ScopeOrganizationMemberCreate,
|
|
ScopeOrganizationMemberDelete,
|
|
ScopeOrganizationMemberRead,
|
|
ScopeOrganizationMemberUpdate,
|
|
ScopePrebuiltWorkspaceDelete,
|
|
ScopePrebuiltWorkspaceUpdate,
|
|
ScopeProvisionerDaemonCreate,
|
|
ScopeProvisionerDaemonDelete,
|
|
ScopeProvisionerDaemonRead,
|
|
ScopeProvisionerDaemonUpdate,
|
|
ScopeProvisionerJobsCreate,
|
|
ScopeProvisionerJobsRead,
|
|
ScopeProvisionerJobsUpdate,
|
|
ScopeReplicasRead,
|
|
ScopeSystemCreate,
|
|
ScopeSystemDelete,
|
|
ScopeSystemRead,
|
|
ScopeSystemUpdate,
|
|
ScopeTailnetCoordinatorCreate,
|
|
ScopeTailnetCoordinatorDelete,
|
|
ScopeTailnetCoordinatorRead,
|
|
ScopeTailnetCoordinatorUpdate,
|
|
ScopeTaskCreate,
|
|
ScopeTaskDelete,
|
|
ScopeTaskRead,
|
|
ScopeTaskUpdate,
|
|
ScopeTemplateCreate,
|
|
ScopeTemplateDelete,
|
|
ScopeTemplateRead,
|
|
ScopeTemplateUpdate,
|
|
ScopeTemplateUse,
|
|
ScopeTemplateViewInsights,
|
|
ScopeUsageEventCreate,
|
|
ScopeUsageEventRead,
|
|
ScopeUsageEventUpdate,
|
|
ScopeUserCreate,
|
|
ScopeUserDelete,
|
|
ScopeUserRead,
|
|
ScopeUserReadPersonal,
|
|
ScopeUserUpdate,
|
|
ScopeUserUpdatePersonal,
|
|
ScopeUserSecretCreate,
|
|
ScopeUserSecretDelete,
|
|
ScopeUserSecretRead,
|
|
ScopeUserSecretUpdate,
|
|
ScopeWebpushSubscriptionCreate,
|
|
ScopeWebpushSubscriptionDelete,
|
|
ScopeWebpushSubscriptionRead,
|
|
ScopeWorkspaceApplicationConnect,
|
|
ScopeWorkspaceCreate,
|
|
ScopeWorkspaceCreateAgent,
|
|
ScopeWorkspaceDelete,
|
|
ScopeWorkspaceDeleteAgent,
|
|
ScopeWorkspaceRead,
|
|
ScopeWorkspaceShare,
|
|
ScopeWorkspaceSsh,
|
|
ScopeWorkspaceStart,
|
|
ScopeWorkspaceStop,
|
|
ScopeWorkspaceUpdate,
|
|
ScopeWorkspaceUpdateAgent,
|
|
ScopeWorkspaceAgentDevcontainersCreate,
|
|
ScopeWorkspaceAgentResourceMonitorCreate,
|
|
ScopeWorkspaceAgentResourceMonitorRead,
|
|
ScopeWorkspaceAgentResourceMonitorUpdate,
|
|
ScopeWorkspaceDormantApplicationConnect,
|
|
ScopeWorkspaceDormantCreate,
|
|
ScopeWorkspaceDormantCreateAgent,
|
|
ScopeWorkspaceDormantDelete,
|
|
ScopeWorkspaceDormantDeleteAgent,
|
|
ScopeWorkspaceDormantRead,
|
|
ScopeWorkspaceDormantShare,
|
|
ScopeWorkspaceDormantSsh,
|
|
ScopeWorkspaceDormantStart,
|
|
ScopeWorkspaceDormantStop,
|
|
ScopeWorkspaceDormantUpdate,
|
|
ScopeWorkspaceDormantUpdateAgent,
|
|
ScopeWorkspaceProxyCreate,
|
|
ScopeWorkspaceProxyDelete,
|
|
ScopeWorkspaceProxyRead,
|
|
ScopeWorkspaceProxyUpdate:
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
// AllScopeNameValues returns a slice containing all known scope values,
|
|
// including builtin and generated low-level scopes.
|
|
func AllScopeNameValues() []ScopeName {
|
|
return []ScopeName{
|
|
ScopeName("coder:all"),
|
|
ScopeName("coder:application_connect"),
|
|
ScopeName("no_user_data"),
|
|
ScopeAiModelPriceRead,
|
|
ScopeAiModelPriceUpdate,
|
|
ScopeAiSeatCreate,
|
|
ScopeAiSeatRead,
|
|
ScopeAibridgeInterceptionCreate,
|
|
ScopeAibridgeInterceptionRead,
|
|
ScopeAibridgeInterceptionUpdate,
|
|
ScopeApiKeyCreate,
|
|
ScopeApiKeyDelete,
|
|
ScopeApiKeyRead,
|
|
ScopeApiKeyUpdate,
|
|
ScopeAssignOrgRoleAssign,
|
|
ScopeAssignOrgRoleCreate,
|
|
ScopeAssignOrgRoleDelete,
|
|
ScopeAssignOrgRoleRead,
|
|
ScopeAssignOrgRoleUnassign,
|
|
ScopeAssignOrgRoleUpdate,
|
|
ScopeAssignRoleAssign,
|
|
ScopeAssignRoleRead,
|
|
ScopeAssignRoleUnassign,
|
|
ScopeAuditLogCreate,
|
|
ScopeAuditLogRead,
|
|
ScopeBoundaryUsageDelete,
|
|
ScopeBoundaryUsageRead,
|
|
ScopeBoundaryUsageUpdate,
|
|
ScopeChatCreate,
|
|
ScopeChatDelete,
|
|
ScopeChatRead,
|
|
ScopeChatUpdate,
|
|
ScopeConnectionLogRead,
|
|
ScopeConnectionLogUpdate,
|
|
ScopeCryptoKeyCreate,
|
|
ScopeCryptoKeyDelete,
|
|
ScopeCryptoKeyRead,
|
|
ScopeCryptoKeyUpdate,
|
|
ScopeDebugInfoRead,
|
|
ScopeDeploymentConfigRead,
|
|
ScopeDeploymentConfigUpdate,
|
|
ScopeDeploymentStatsRead,
|
|
ScopeFileCreate,
|
|
ScopeFileRead,
|
|
ScopeGroupCreate,
|
|
ScopeGroupDelete,
|
|
ScopeGroupRead,
|
|
ScopeGroupUpdate,
|
|
ScopeGroupMemberRead,
|
|
ScopeIdpsyncSettingsRead,
|
|
ScopeIdpsyncSettingsUpdate,
|
|
ScopeInboxNotificationCreate,
|
|
ScopeInboxNotificationRead,
|
|
ScopeInboxNotificationUpdate,
|
|
ScopeLicenseCreate,
|
|
ScopeLicenseDelete,
|
|
ScopeLicenseRead,
|
|
ScopeNotificationMessageCreate,
|
|
ScopeNotificationMessageDelete,
|
|
ScopeNotificationMessageRead,
|
|
ScopeNotificationMessageUpdate,
|
|
ScopeNotificationPreferenceRead,
|
|
ScopeNotificationPreferenceUpdate,
|
|
ScopeNotificationTemplateRead,
|
|
ScopeNotificationTemplateUpdate,
|
|
ScopeOauth2AppCreate,
|
|
ScopeOauth2AppDelete,
|
|
ScopeOauth2AppRead,
|
|
ScopeOauth2AppUpdate,
|
|
ScopeOauth2AppCodeTokenCreate,
|
|
ScopeOauth2AppCodeTokenDelete,
|
|
ScopeOauth2AppCodeTokenRead,
|
|
ScopeOauth2AppSecretCreate,
|
|
ScopeOauth2AppSecretDelete,
|
|
ScopeOauth2AppSecretRead,
|
|
ScopeOauth2AppSecretUpdate,
|
|
ScopeOrganizationCreate,
|
|
ScopeOrganizationDelete,
|
|
ScopeOrganizationRead,
|
|
ScopeOrganizationUpdate,
|
|
ScopeOrganizationMemberCreate,
|
|
ScopeOrganizationMemberDelete,
|
|
ScopeOrganizationMemberRead,
|
|
ScopeOrganizationMemberUpdate,
|
|
ScopePrebuiltWorkspaceDelete,
|
|
ScopePrebuiltWorkspaceUpdate,
|
|
ScopeProvisionerDaemonCreate,
|
|
ScopeProvisionerDaemonDelete,
|
|
ScopeProvisionerDaemonRead,
|
|
ScopeProvisionerDaemonUpdate,
|
|
ScopeProvisionerJobsCreate,
|
|
ScopeProvisionerJobsRead,
|
|
ScopeProvisionerJobsUpdate,
|
|
ScopeReplicasRead,
|
|
ScopeSystemCreate,
|
|
ScopeSystemDelete,
|
|
ScopeSystemRead,
|
|
ScopeSystemUpdate,
|
|
ScopeTailnetCoordinatorCreate,
|
|
ScopeTailnetCoordinatorDelete,
|
|
ScopeTailnetCoordinatorRead,
|
|
ScopeTailnetCoordinatorUpdate,
|
|
ScopeTaskCreate,
|
|
ScopeTaskDelete,
|
|
ScopeTaskRead,
|
|
ScopeTaskUpdate,
|
|
ScopeTemplateCreate,
|
|
ScopeTemplateDelete,
|
|
ScopeTemplateRead,
|
|
ScopeTemplateUpdate,
|
|
ScopeTemplateUse,
|
|
ScopeTemplateViewInsights,
|
|
ScopeUsageEventCreate,
|
|
ScopeUsageEventRead,
|
|
ScopeUsageEventUpdate,
|
|
ScopeUserCreate,
|
|
ScopeUserDelete,
|
|
ScopeUserRead,
|
|
ScopeUserReadPersonal,
|
|
ScopeUserUpdate,
|
|
ScopeUserUpdatePersonal,
|
|
ScopeUserSecretCreate,
|
|
ScopeUserSecretDelete,
|
|
ScopeUserSecretRead,
|
|
ScopeUserSecretUpdate,
|
|
ScopeWebpushSubscriptionCreate,
|
|
ScopeWebpushSubscriptionDelete,
|
|
ScopeWebpushSubscriptionRead,
|
|
ScopeWorkspaceApplicationConnect,
|
|
ScopeWorkspaceCreate,
|
|
ScopeWorkspaceCreateAgent,
|
|
ScopeWorkspaceDelete,
|
|
ScopeWorkspaceDeleteAgent,
|
|
ScopeWorkspaceRead,
|
|
ScopeWorkspaceShare,
|
|
ScopeWorkspaceSsh,
|
|
ScopeWorkspaceStart,
|
|
ScopeWorkspaceStop,
|
|
ScopeWorkspaceUpdate,
|
|
ScopeWorkspaceUpdateAgent,
|
|
ScopeWorkspaceAgentDevcontainersCreate,
|
|
ScopeWorkspaceAgentResourceMonitorCreate,
|
|
ScopeWorkspaceAgentResourceMonitorRead,
|
|
ScopeWorkspaceAgentResourceMonitorUpdate,
|
|
ScopeWorkspaceDormantApplicationConnect,
|
|
ScopeWorkspaceDormantCreate,
|
|
ScopeWorkspaceDormantCreateAgent,
|
|
ScopeWorkspaceDormantDelete,
|
|
ScopeWorkspaceDormantDeleteAgent,
|
|
ScopeWorkspaceDormantRead,
|
|
ScopeWorkspaceDormantShare,
|
|
ScopeWorkspaceDormantSsh,
|
|
ScopeWorkspaceDormantStart,
|
|
ScopeWorkspaceDormantStop,
|
|
ScopeWorkspaceDormantUpdate,
|
|
ScopeWorkspaceDormantUpdateAgent,
|
|
ScopeWorkspaceProxyCreate,
|
|
ScopeWorkspaceProxyDelete,
|
|
ScopeWorkspaceProxyRead,
|
|
ScopeWorkspaceProxyUpdate,
|
|
}
|
|
}
|