8000 chore: break down dbauthz.System into smaller roles by johnstcn · Pull Request #6218 · coder/coder · GitHub
[go: up one dir, main page]
Skip to content

chore: break down dbauthz.System into smaller roles #6218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 15, 2023
Merged

chore: break down dbauthz.System into smaller roles #6218

merged 4 commits into from
Feb 15, 2023

Conversation

johnstcn
Copy link
Member
@johnstcn johnstcn commented Feb 15, 2023
edited
Loading
  • rbac: export rbac.Permissions
  • dbauthz: move GetDeploymentDAUs, GetTemplateDAUs, GetTemplateAverageBuildTime from querier.go to system.go and removes auth checks
  • dbauthz: remove AsSystem(), add invididual roles for metrics cache, autostart, provisionerd, add restricted system role for everything else

Fixes #6158

@johnstcn
chore: break down dbauthz.System into smaller roles
603ec8e 
- rbac: export rbac.Permissions
- dbauthz: move GetDeploymentDAUs, GetTemplateDAUs,
  GetTemplateAverageBuildTime from querier.go to system.go
  and removes auth checks
- dbauthz: remove AsSystem(), add invididual roles for
  metrics cache, autostart, provisionerd, add restricted
  system role for everything else
@johnstcn johnstcn added the release/experimental These changes are feature-flagged, they may change or be removed in future releases label Feb 15, 2023
@johnstcn johnstcn self-assigned this Feb 15, 2023
Emyrk
Emyrk approved these changes Feb 15, 2023
View reviewed changes
Copy link
Member
@Emyrk Emyrk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the right path

coderd/database/dbauthz/dbauthz.go

// AsSystemRestricted returns a context with an actor that has permissions
// required for various system operations e.g. login, logout.
func AsSystemRestricted(ctx context.Context) context.Context {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we plan on keeping this around? Or is it a catch all for the remaining stuff for now?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a catch-all for the remaining stuff. It's mostly used for HTTP middleware.
I've pared down all the perms except read, which can still be pared down to the bare minimum if need be.

If we need to break it down further in future, we can do so. I think this is fine for now though.

8985
@johnstcn johnstcn merged commit f0f39b4 into main Feb 15, 2023
@johnstcn johnstcn deleted the cj/authz-system-breakup branch February 15, 2023 16:14
@github-actions github-actions bot locked and limited conversation to collaborators Feb 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Emyrk Emyrk Emyrk approved these changes

@spikecurtis spikecurtis Awaiting requested review from spikecurtis

Assignees

@johnstcn johnstcn

Labels
release/experimental These changes are feature-flagged, they may change or be removed in future releases
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

chore: coderd: refactor dbauthz.AsSystem to individual roles
2 participants
@johnstcn @Emyrk
0