shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
edee917d881eebcd2fba88d3e2bb29358c3f1989
coder/coderd/database/migrations/000377_add_api_key_scope_wildcards.up.sql
T
Thomas Kosiewski b60ae0a0c4 refactor: add wildcard scope entries for API key scopes (#20032) 
# Add API Key Scope Wildcards

This PR adds wildcard API key scopes (`resource:*`) for all RBAC resources to ensure every resource has a matching wildcard value. It also adds all individual `resource:action`​ scopes to the API documentation and TypeScript definitions.

The changes include:

- Adding a new database migration (000377) that adds wildcard API key scopes
- Updating the API documentation to include all available scopes
- Enhancing the scope generation scripts to include all resource wildcards
- Updating the TypeScript definitions to match the expanded scope list

These changes make creating API keys with comprehensive permissions for specific resource types easier.
2025-10-06 12:08:17 +02:00

43 lines
2.9 KiB
SQL
Raw Blame History

-- Add wildcard api_key_scope entries so every RBAC resource has a matching resource:* value.
-- Generated via: CGO_ENABLED=0 go run ./scripts/generate_api_key_scope_enum
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'aibridge_interception:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'api_key:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'assign_org_role:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'assign_role:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'audit_log:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'connection_log:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'crypto_key:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'debug_info:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'deployment_config:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'deployment_stats:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'file:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'group:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'group_member:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'idpsync_settings:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'inbox_notification:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'license:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'notification_message:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'notification_preference:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'notification_template:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'oauth2_app:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'oauth2_app_code_token:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'oauth2_app_secret:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'organization:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'organization_member:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'prebuilt_workspace:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'provisioner_daemon:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'provisioner_jobs:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'replicas:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'system:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'tailnet_coordinator:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'template:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'usage_event:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'user:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'user_secret:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'webpush_subscription:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'workspace:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'workspace_agent_devcontainers:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'workspace_agent_resource_monitor:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'workspace_dormant:*';
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'workspace_proxy:*';
Reference in New Issue View Git Blame Copy Permalink