shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 13:08:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6b17aee4253a32d012c150e8be873f8943cdd708
coder/docs/reference/api/members.md
T
Ethan 08e17a07fc chore!: route connection logs to new table (#18340) 
### Breaking Change (changelog note):
> User connections to workspaces, and the opening of workspace apps or ports will no longer create entries in the audit log. Those events will now be included in the 'Connection Log'.
Please see the 'Connection Log' page in the dashboard, and the Connection Log [documentation](https://coder.com/docs/admin/monitoring/connection-logs) for details. Those with permission to view the Audit Log will also be able to view the Connection Log. The new Connection Log has the same licensing restrictions as the Audit Log, and requires a Premium Coder deployment.

### Context

This is the first PR of a few for moving connection events out of the audit log, and into a new database table and web UI page called the 'Connection Log'.

This PR:
- Creates the new table
- Adds and tests queries for inserting and reading, including reading with an RBAC filter.
- Implements the corresponding RBAC changes, such that anyone who can view the audit log can read from the table
- Implements, under the enterprise package, a `ConnectionLogger` abstraction to replace the `Auditor` abstraction for these logs. (No-op'd in AGPL, like the `Auditor`)
- Routes SSH connection and Workspace App events into the new `ConnectionLogger`
- Updates all existing tests to check the values of the `ConnectionLogger` instead of the `Auditor`.

Future PRs:
- Add filtering to the query
- Add an enterprise endpoint to query the new table
- Write a query to delete old events from the audit log, call it from dbpurge.
- Implement a table in the Web UI for viewing connection logs.


> [!NOTE]
> The PRs in this stack obviously won't be (completely) atomic. Whilst they'll each pass CI, the stack is designed to be merged all at once. I'm splitting them up for the sake of those reviewing, and so changes can be reviewed as early as possible.  Despite this, it's really hard to make this PR any smaller than it already is. I'll be keeping it in draft until it's actually ready to merge.
2025-07-15 14:36:06 +10:00

51 KiB
Generated
Raw Blame History

Members

List organization members

Code samples

# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/members \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

GET /organizations/{organization}/members

Parameters

Name In Type Required Description
organization path string true Organization ID

Example responses

200 Response

[
  {
    "avatar_url": "string",
    "created_at": "2019-08-24T14:15:22Z",
    "email": "string",
    "global_roles": [
      {
        "display_name": "string",
        "name": "string",
        "organization_id": "string"
      }
    ],
    "name": "string",
    "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
    "roles": [
      {
        "display_name": "string",
        "name": "string",
        "organization_id": "string"
      }
    ],
    "updated_at": "2019-08-24T14:15:22Z",
    "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
    "username": "string"
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.OrganizationMemberWithUserData

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» avatar_url string false
» created_at string(date-time) false
» email string false
» global_roles array false
»» display_name string false
»» name string false
»» organization_id string false
» name string false
» organization_id string(uuid) false
» roles array false
» updated_at string(date-time) false
» user_id string(uuid) false
» username string false

To perform this operation, you must be authenticated. Learn more.

Get member roles by organization

Code samples

# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/members/roles \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

GET /organizations/{organization}/members/roles

Parameters

Name In Type Required Description
organization path string(uuid) true Organization ID

Example responses

200 Response

[
  {
    "assignable": true,
    "built_in": true,
    "display_name": "string",
    "name": "string",
    "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
    "organization_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "site_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "user_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.AssignableRoles

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» assignable boolean false
» built_in boolean false Built in roles are immutable
» display_name string false
» name string false
» organization_id string(uuid) false
» organization_permissions array false Organization permissions are specific for the organization in the field 'OrganizationID' above.
»» action codersdk.RBACAction false
»» negate boolean false Negate makes this a negative permission
»» resource_type codersdk.RBACResource false
» site_permissions array false
» user_permissions array false

Enumerated Values

Property Value
action application_connect
action assign
action create
action create_agent
action delete
action delete_agent
action read
action read_personal
action ssh
action unassign
action update
action update_personal
action use
action view_insights
action start
action stop
resource_type *
resource_type api_key
resource_type assign_org_role
resource_type assign_role
resource_type audit_log
resource_type connection_log
resource_type crypto_key
resource_type debug_info
resource_type deployment_config
resource_type deployment_stats
resource_type file
resource_type group
resource_type group_member
resource_type idpsync_settings
resource_type inbox_notification
resource_type license
resource_type notification_message
resource_type notification_preference
resource_type notification_template
resource_type oauth2_app
resource_type oauth2_app_code_token
resource_type oauth2_app_secret
resource_type organization
resource_type organization_member
resource_type prebuilt_workspace
resource_type provisioner_daemon
resource_type provisioner_jobs
resource_type replicas
resource_type system
resource_type tailnet_coordinator
resource_type template
resource_type user
resource_type webpush_subscription
resource_type workspace
resource_type workspace_agent_devcontainers
resource_type workspace_agent_resource_monitor
resource_type workspace_dormant
resource_type workspace_proxy

To perform this operation, you must be authenticated. Learn more.

Upsert a custom organization role

Code samples

# Example request using curl
curl -X PUT http://coder-server:8080/api/v2/organizations/{organization}/members/roles \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

PUT /organizations/{organization}/members/roles

Body parameter

{
  "display_name": "string",
  "name": "string",
  "organization_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ],
  "site_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ],
  "user_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ]
}

Parameters

Name In Type Required Description
organization path string(uuid) true Organization ID
body body codersdk.CustomRoleRequest true Upsert role request

Example responses

200 Response

[
  {
    "display_name": "string",
    "name": "string",
    "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
    "organization_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "site_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "user_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.Role

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» display_name string false
» name string false
» organization_id string(uuid) false
» organization_permissions array false Organization permissions are specific for the organization in the field 'OrganizationID' above.
»» action codersdk.RBACAction false
»» negate boolean false Negate makes this a negative permission
»» resource_type codersdk.RBACResource false
» site_permissions array false
» user_permissions array false

Enumerated Values

Property Value
action application_connect
action assign
action create
action create_agent
action delete
action delete_agent
action read
action read_personal
action ssh
action unassign
action update
action update_personal
action use
action view_insights
action start
action stop
resource_type *
resource_type api_key
resource_type assign_org_role
resource_type assign_role
resource_type audit_log
resource_type connection_log
resource_type crypto_key
resource_type debug_info
resource_type deployment_config
resource_type deployment_stats
resource_type file
resource_type group
resource_type group_member
resource_type idpsync_settings
resource_type inbox_notification
resource_type license
resource_type notification_message
resource_type notification_preference
resource_type notification_template
resource_type oauth2_app
resource_type oauth2_app_code_token
resource_type oauth2_app_secret
resource_type organization
resource_type organization_member
resource_type prebuilt_workspace
resource_type provisioner_daemon
resource_type provisioner_jobs
resource_type replicas
resource_type system
resource_type tailnet_coordinator
resource_type template
resource_type user
resource_type webpush_subscription
resource_type workspace
resource_type workspace_agent_devcontainers
resource_type workspace_agent_resource_monitor
resource_type workspace_dormant
resource_type workspace_proxy

To perform this operation, you must be authenticated. Learn more.

Insert a custom organization role

Code samples

# Example request using curl
curl -X POST http://coder-server:8080/api/v2/organizations/{organization}/members/roles \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

POST /organizations/{organization}/members/roles

Body parameter

{
  "display_name": "string",
  "name": "string",
  "organization_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ],
  "site_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ],
  "user_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ]
}

Parameters

Name In Type Required Description
organization path string(uuid) true Organization ID
body body codersdk.CustomRoleRequest true Insert role request

Example responses

200 Response

[
  {
    "display_name": "string",
    "name": "string",
    "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
    "organization_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "site_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "user_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.Role

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» display_name string false
» name string false
» organization_id string(uuid) false
» organization_permissions array false Organization permissions are specific for the organization in the field 'OrganizationID' above.
»» action codersdk.RBACAction false
»» negate boolean false Negate makes this a negative permission
»» resource_type codersdk.RBACResource false
» site_permissions array false
» user_permissions array false

Enumerated Values

Property Value
action application_connect
action assign
action create
action create_agent
action delete
action delete_agent
action read
action read_personal
action ssh
action unassign
action update
action update_personal
action use
action view_insights
action start
action stop
resource_type *
resource_type api_key
resource_type assign_org_role
resource_type assign_role
resource_type audit_log
resource_type connection_log
resource_type crypto_key
resource_type debug_info
resource_type deployment_config
resource_type deployment_stats
resource_type file
resource_type group
resource_type group_member
resource_type idpsync_settings
resource_type inbox_notification
resource_type license
resource_type notification_message
resource_type notification_preference
resource_type notification_template
resource_type oauth2_app
resource_type oauth2_app_code_token
resource_type oauth2_app_secret
resource_type organization
resource_type organization_member
resource_type prebuilt_workspace
resource_type provisioner_daemon
resource_type provisioner_jobs
resource_type replicas
resource_type system
resource_type tailnet_coordinator
resource_type template
resource_type user
resource_type webpush_subscription
resource_type workspace
resource_type workspace_agent_devcontainers
resource_type workspace_agent_resource_monitor
resource_type workspace_dormant
resource_type workspace_proxy

To perform this operation, you must be authenticated. Learn more.

Delete a custom organization role

Code samples

# Example request using curl
curl -X DELETE http://coder-server:8080/api/v2/organizations/{organization}/members/roles/{roleName} \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

DELETE /organizations/{organization}/members/roles/{roleName}

Parameters

Name In Type Required Description
organization path string(uuid) true Organization ID
roleName path string true Role name

Example responses

200 Response

[
  {
    "display_name": "string",
    "name": "string",
    "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
    "organization_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "site_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "user_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.Role

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» display_name string false
» name string false
» organization_id string(uuid) false
» organization_permissions array false Organization permissions are specific for the organization in the field 'OrganizationID' above.
»» action codersdk.RBACAction false
»» negate boolean false Negate makes this a negative permission
»» resource_type codersdk.RBACResource false
» site_permissions array false
» user_permissions array false

Enumerated Values

Property Value
action application_connect
action assign
action create
action create_agent
action delete
action delete_agent
action read
action read_personal
action ssh
action unassign
action update
action update_personal
action use
action view_insights
action start
action stop
resource_type *
resource_type api_key
resource_type assign_org_role
resource_type assign_role
resource_type audit_log
resource_type connection_log
resource_type crypto_key
resource_type debug_info
resource_type deployment_config
resource_type deployment_stats
resource_type file
resource_type group
resource_type group_member
resource_type idpsync_settings
resource_type inbox_notification
resource_type license
resource_type notification_message
resource_type notification_preference
resource_type notification_template
resource_type oauth2_app
resource_type oauth2_app_code_token
resource_type oauth2_app_secret
resource_type organization
resource_type organization_member
resource_type prebuilt_workspace
resource_type provisioner_daemon
resource_type provisioner_jobs
resource_type replicas
resource_type system
resource_type tailnet_coordinator
resource_type template
resource_type user
resource_type webpush_subscription
resource_type workspace
resource_type workspace_agent_devcontainers
resource_type workspace_agent_resource_monitor
resource_type workspace_dormant
resource_type workspace_proxy

To perform this operation, you must be authenticated. Learn more.

Add organization member

Code samples

# Example request using curl
curl -X POST http://coder-server:8080/api/v2/organizations/{organization}/members/{user} \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

POST /organizations/{organization}/members/{user}

Parameters

Name In Type Required Description
organization path string true Organization ID
user path string true User ID, name, or me

Example responses

200 Response

{
  "created_at": "2019-08-24T14:15:22Z",
  "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
  "roles": [
    {
      "display_name": "string",
      "name": "string",
      "organization_id": "string"
    }
  ],
  "updated_at": "2019-08-24T14:15:22Z",
  "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5"
}

Responses

Status Meaning Description Schema
200 OK OK codersdk.OrganizationMember

To perform this operation, you must be authenticated. Learn more.

Remove organization member

Code samples

# Example request using curl
curl -X DELETE http://coder-server:8080/api/v2/organizations/{organization}/members/{user} \
  -H 'Coder-Session-Token: API_KEY'

DELETE /organizations/{organization}/members/{user}

Parameters

Name In Type Required Description
organization path string true Organization ID
user path string true User ID, name, or me

Responses

Status Meaning Description Schema
204 No Content No Content

To perform this operation, you must be authenticated. Learn more.

Assign role to organization member

Code samples

# Example request using curl
curl -X PUT http://coder-server:8080/api/v2/organizations/{organization}/members/{user}/roles \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

PUT /organizations/{organization}/members/{user}/roles

Body parameter

{
  "roles": [
    "string"
  ]
}

Parameters

Name In Type Required Description
organization path string true Organization ID
user path string true User ID, name, or me
body body codersdk.UpdateRoles true Update roles request

Example responses

200 Response

{
  "created_at": "2019-08-24T14:15:22Z",
  "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
  "roles": [
    {
      "display_name": "string",
      "name": "string",
      "organization_id": "string"
    }
  ],
  "updated_at": "2019-08-24T14:15:22Z",
  "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5"
}

Responses

Status Meaning Description Schema
200 OK OK codersdk.OrganizationMember

To perform this operation, you must be authenticated. Learn more.

Paginated organization members

Code samples

# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/paginated-members \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

GET /organizations/{organization}/paginated-members

Parameters

Name In Type Required Description
organization path string true Organization ID
limit query integer false Page limit, if 0 returns all members
offset query integer false Page offset

Example responses

200 Response

[
  {
    "count": 0,
    "members": [
      {
        "avatar_url": "string",
        "created_at": "2019-08-24T14:15:22Z",
        "email": "string",
        "global_roles": [
          {
            "display_name": "string",
            "name": "string",
            "organization_id": "string"
          }
        ],
        "name": "string",
        "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
        "roles": [
          {
            "display_name": "string",
            "name": "string",
            "organization_id": "string"
          }
        ],
        "updated_at": "2019-08-24T14:15:22Z",
        "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
        "username": "string"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.PaginatedMembersResponse

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» count integer false
» members array false
»» avatar_url string false
»» created_at string(date-time) false
»» email string false
»» global_roles array false
»»» display_name string false
»»» name string false
»»» organization_id string false
»» name string false
»» organization_id string(uuid) false
»» roles array false
»» updated_at string(date-time) false
»» user_id string(uuid) false
»» username string false

To perform this operation, you must be authenticated. Learn more.

Get site member roles

Code samples

# Example request using curl
curl -X GET http://coder-server:8080/api/v2/users/roles \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

GET /users/roles

Example responses

200 Response

[
  {
    "assignable": true,
    "built_in": true,
    "display_name": "string",
    "name": "string",
    "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
    "organization_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "site_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "user_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.AssignableRoles

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» assignable boolean false
» built_in boolean false Built in roles are immutable
» display_name string false
» name string false
» organization_id string(uuid) false
» organization_permissions array false Organization permissions are specific for the organization in the field 'OrganizationID' above.
»» action codersdk.RBACAction false
»» negate boolean false Negate makes this a negative permission
»» resource_type codersdk.RBACResource false
» site_permissions array false
» user_permissions array false

Enumerated Values

Property Value
action application_connect
action assign
action create
action create_agent
action delete
action delete_agent
action read
action read_personal
action ssh
action unassign
action update
action update_personal
action use
action view_insights
action start
action stop
resource_type *
resource_type api_key
resource_type assign_org_role
resource_type assign_role
resource_type audit_log
resource_type connection_log
resource_type crypto_key
resource_type debug_info
resource_type deployment_config
resource_type deployment_stats
resource_type file
resource_type group
resource_type group_member
resource_type idpsync_settings
resource_type inbox_notification
resource_type license
resource_type notification_message
resource_type notification_preference
resource_type notification_template
resource_type oauth2_app
resource_type oauth2_app_code_token
resource_type oauth2_app_secret
resource_type organization
resource_type organization_member
resource_type prebuilt_workspace
resource_type provisioner_daemon
resource_type provisioner_jobs
resource_type replicas
resource_type system
resource_type tailnet_coordinator
resource_type template
resource_type user
resource_type webpush_subscription
resource_type workspace
resource_type workspace_agent_devcontainers
resource_type workspace_agent_resource_monitor
resource_type workspace_dormant
resource_type workspace_proxy

To perform this operation, you must be authenticated. Learn more.

Reference in New Issue View Git Blame Copy Permalink