coder/coderd/database at 13668d82d6bf4938ef5907ebf878ee74086ac920 - coder - Gitea: Git with a cup of tea

shishantbiswas/coder

mirror of https://github.com/coder/coder.git synced 2026-06-03 04:58:23 +00:00

Files

T

History

Jake Howell ea00e72063 feat: add rbac specificity for dbpurge (#21088 )

Related to
[`internal#1139`](https://github.com/coder/internal/issues/1139)

Continuation of #21074 

This implements some RBAC role specificity for `dbpurge`, ensuring that
we follow the least-privileged model for removing data from the
database. It is specified as following.

```go
Site: rbac.Permissions(map[string][]policy.Action{
	// DeleteOldWorkspaceAgentLogs
	// DeleteOldWorkspaceAgentStats
	// DeleteOldProvisionerDaemons
	// DeleteOldTelemetryLocks
	// DeleteOldAuditLogConnectionEvents
	// DeleteOldConnectionLogs
	rbac.ResourceSystem.Type: {policy.ActionDelete},
	// DeleteOldNotificationMessages
	rbac.ResourceNotificationMessage.Type: {policy.ActionDelete},
	// ExpirePrebuildsAPIKeys
	// DeleteExpiredAPIKeys
	rbac.ResourceApiKey.Type: {policy.ActionDelete},
	// DeleteOldAIBridgeRecords
	rbac.ResourceAibridgeInterception.Type: {policy.ActionDelete},
}),
```

| Position | Pull-request |
| -------- | ------------ |
| | [feat: add prometheus observability metrics for
`dbpurge`](https://github.com/coder/coder/pull/21074) |
| ✅ | [feat: add rbac specificity for
`dbpurge`](https://github.com/coder/coder/pull/21088) |

2025-12-20 01:02:39 +11:00

..

test(coderd/database/awsiamrds): fix unclosed pubsub (#16202 )

2025-01-20 17:25:31 +00:00

feat: add prebuild invalidation via last_invalidated_at timestamp (#20582 )

2025-11-20 17:12:25 +01:00

feat: add rbac specificity for dbpurge (#21088 )

2025-12-20 01:02:39 +11:00

refactor: remove deprecated AITaskPromptParameterName constant (#21023 )

2025-12-16 15:14:59 +00:00

fix: mark users seen when activating on login (#21305 )

2025-12-17 16:49:40 +04:00

fix(coderd/database/dbpurge): allow disabling AI Bridge retention with 0 (#21062 )

2025-12-03 09:37:18 +00:00

fix(coderd/database/dbpurge): allow disabling AI Bridge retention with 0 (#21062 )

2025-12-03 09:37:18 +00:00

feat: add rbac specificity for dbpurge (#21088 )

2025-12-20 01:02:39 +11:00

chore: remove references to dbtestutil.WillUsePostgres (#20436 )

2025-10-23 14:24:54 +02:00

chore: fix test errors on newer debian-based systems due to deprecated TZ (#21115 )

2025-12-10 08:09:13 -08:00

fix(coderd/database): aggregate user engagement statistics by interval (#16150 )

2025-01-16 17:34:53 +02:00

test: change to explicitly compiling dbcleaner on posix (#20206 )

2025-10-08 16:18:02 +04:00

refactor: replace golang.org/x/exp/slices with slices (#16772 )

2025-03-04 00:46:49 +11:00

feat: add sharing info to /workspaces endpoint (#21049 )

2025-12-15 08:42:08 -08:00

provisionerjobs

chore: provisioner acquirer to respect organization ID of jobs (#13874 )

2024-07-11 11:26:47 -05:00

chore: remove references to dbtestutil.WillUsePostgres (#20436 )

2025-10-23 14:24:54 +02:00

fix: mark users seen when activating on login (#21305 )

2025-12-17 16:49:40 +04:00

feat: add filtering options to provisioners list (#19378 )

2025-08-21 16:03:34 -04:00

.gitignore

…

check_constraint.go

refactor(coderd): drop sidebar app constraint and simplify provisionerdserver for tasks (#20591 )

2025-11-03 13:46:38 +02:00

connector.go

fix: use authenticated urls for pubsub (#14261 )

2024-08-26 15:04:04 +00:00

constants.go

feat: allow TemplateAdmin to delete prebuilds via auth layer (#18333 )

2025-06-20 17:36:32 +01:00

db_test.go

chore: remove references to dbtestutil.WillUsePostgres (#20436 )

2025-10-23 14:24:54 +02:00

db.go

feat: enable soft delete for organizations (#16584 )

2025-02-24 12:59:41 -05:00

dump.sql

feat: add sharing info to /workspaces endpoint (#21049 )

2025-12-15 08:42:08 -08:00

errors.go

chore: improve build deadline code (#19203 )

2025-08-07 11:00:31 +10:00

foreign_key_constraint.go

fix(coderd): remove deprecated AITaskSidebarApp column (#20680 )

2025-11-07 12:45:45 +02:00

generate.sh

chore: avoid dbmock test errors in dbgen (#10923 )

2023-11-28 17:04:25 +00:00

lock.go

feat: implement reconciliation loop (#17261 )

2025-04-17 09:29:29 -04:00

modelmethods_internal_test.go

feat: add deployment-wide option to disable workspace sharing (#21172 )

2025-12-09 08:13:09 -08:00

modelmethods.go

feat: add sharing info to /workspaces endpoint (#21049 )

2025-12-15 08:42:08 -08:00

modelqueries_internal_test.go

feat(coderd): add task prompt modification endpoint (#20811 )

2025-11-25 11:13:32 +00:00

modelqueries.go

feat: add sharing info to /workspaces endpoint (#21049 )

2025-12-15 08:42:08 -08:00

models.go

feat: add sharing info to /workspaces endpoint (#21049 )

2025-12-15 08:42:08 -08:00

no_slim.go

chore: avoid depending on rbac in slim builds (#17959 )

2025-05-22 19:48:23 +10:00

oidcclaims_test.go

chore: remove dbmem (#18803 )

2025-07-09 09:46:31 +02:00

pglocks.go

chore: update golang to 1.24.1 (#17035 )

2025-03-26 01:56:39 -05:00

querier_test.go

test: move context to after db creation (#21224 )

2025-12-11 21:51:16 +00:00

querier.go

fix(coderd/database/dbpurge): allow disabling AI Bridge retention with 0 (#21062 )

2025-12-03 09:37:18 +00:00

queries.sql.go

fix: mark users seen when activating on login (#21305 )

2025-12-17 16:49:40 +04:00

sqlc.yaml

feat: add sharing info to /workspaces endpoint (#21049 )

2025-12-15 08:42:08 -08:00

tx_test.go

chore: add tx metrics and logs for serialization errors (#15215 )

2024-10-25 12:14:15 -04:00

tx.go

chore: add tx metrics and logs for serialization errors (#15215 )

2024-10-25 12:14:15 -04:00

types.go

feat: add sharing info to /workspaces endpoint (#21049 )

2025-12-15 08:42:08 -08:00

unique_constraint.go

chore: add aibridge data to telemetry (#20449 )

2025-10-28 03:16:41 +11:00