Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 01dd35f

Browse files
Emyrkcoadler
Emyrk
and
coadler
authored
chore: Rename 'admin' to 'owner' (#3498)
Co-authored-by: Colin Adler <[email protected]>
1 parent 2306d2c commit 01dd35f

16 files changed

+98
-56
lines changed

coderd/database/migrations/000034_remove_admin_role.down.sql

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
UPDATE
2+
users
3+
SET
4+
-- Replace 'template-admin' and 'user-admin' role with 'admin'
5+
rbac_roles = array_append(
6+
array_remove(
7+
array_remove(rbac_roles, 'template-admin'),
8+
'user-admin'
9+
), 'admin')
10+
WHERE
11+
-- Only on existing admins. If they have either role, make them an admin
12+
ARRAY ['template-admin', 'user-admin'] && rbac_roles;
13+
14+
15+
UPDATE
16+
users
17+
SET
18+
-- Replace 'owner' with 'admin'
19+
rbac_roles = array_replace(rbac_roles, 'owner', 'admin')
20+
WHERE
21+
-- Only on the owner
22+
'owner' = ANY(rbac_roles);

coderd/database/migrations/000034_remove_admin_role.up.sql

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
UPDATE
2+
users
3+
SET
4+
-- Replace the role 'admin' with the role 'owner'
5+
rbac_roles = array_replace(rbac_roles, 'admin', 'owner')
6+
WHERE
7+
-- Update the first user with the role 'admin'. This should be the first
8+
-- user ever, but if that user was demoted from an admin, then choose
9+
-- the next best user.
10+
id = (SELECT id FROM users WHERE 'admin' = ANY(rbac_roles) ORDER BY created_at ASC LIMIT 1);
11+
12+
13+
UPDATE
14+
users
15+
SET
16+
-- Replace 'admin' role with 'template-admin' and 'user-admin'
17+
rbac_roles = array_cat(array_remove(rbac_roles, 'admin'), ARRAY ['template-admin', 'user-admin'])
18+
WHERE
19+
-- Only on existing admins
20+
'admin' = ANY(rbac_roles);

coderd/httpmw/authorize_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ func TestExtractUserRoles(t *testing.T) {
4040
{
4141
Name: "Admin",
4242
AddUser: func(db database.Store) (database.User, []string, string) {
43-
roles := []string{rbac.RoleAdmin()}
43+
roles := []string{rbac.RoleOwner()}
4444
user, token := addUser(t, db, roles...)
4545
return user, append(roles, rbac.RoleMember()), token
4646
},

coderd/provisionerjobs_internal_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,9 @@ import (
1717

1818
"cdr.dev/slog"
1919
"cdr.dev/slog/sloggers/slogtest"
20-
2120
"github.com/coder/coder/coderd/database"
2221
"github.com/coder/coder/coderd/database/databasefake"
22+
"github.com/coder/coder/coderd/rbac"
2323
"github.com/coder/coder/codersdk"
2424
"github.com/coder/coder/testutil"
2525
)
@@ -77,7 +77,7 @@ func TestProvisionerJobLogs_Unit(t *testing.T) {
7777
require.NoError(t, err)
7878
_, err = fDB.InsertUser(ctx, database.InsertUserParams{
7979
ID: userID,
80-
RBACRoles: []string{"admin"},
80+
RBACRoles: []string{rbac.RoleOwner()},
8181
})
8282
require.NoError(t, err)
8383
_, err = fDB.InsertWorkspaceBuild(ctx, database.InsertWorkspaceBuildParams{

coderd/rbac/authz_internal_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ func TestFilter(t *testing.T) {
8787
{
8888
Name: "Admin",
8989
SubjectID: userIDs[0].String(),
90-
Roles: []string{RoleOrgMember(orgIDs[0]), "auditor", RoleAdmin(), RoleMember()},
90+
Roles: []string{RoleOrgMember(orgIDs[0]), "auditor", RoleOwner(), RoleMember()},
9191
ObjectType: ResourceWorkspace.Type,
9292
Action: ActionRead,
9393
},
@@ -292,7 +292,7 @@ func TestAuthorizeDomain(t *testing.T) {
292292
user = subject{
293293
UserID: "me",
294294
Roles: []Role{
295-
must(RoleByName(RoleAdmin())),
295+
must(RoleByName(RoleOwner())),
296296
must(RoleByName(RoleMember())),
297297
},
298298
}
@@ -499,7 +499,7 @@ func TestAuthorizeLevels(t *testing.T) {
499499
user := subject{
500500
UserID: "me",
501501
Roles: []Role{
502-
must(RoleByName(RoleAdmin())),
502+
must(RoleByName(RoleOwner())),
503503
{
504504
Name: "org-deny:" + defOrg.String(),
505505
Org: map[string][]Permission{

coderd/rbac/builtin.go

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ import (
99
)
1010

1111
const (
12-
admin string = "admin"
12+
owner string = "owner"
1313
member string = "member"
1414
templateAdmin string = "template-admin"
1515
userAdmin string = "user-admin"
@@ -24,8 +24,8 @@ const (
2424
// Once we have a database implementation, the "default" roles can be defined on the
2525
// site and orgs, and these functions can be removed.
2626

27-
func RoleAdmin() string {
28-
return roleName(admin, "")
27+
func RoleOwner() string {
28+
return roleName(owner, "")
2929
}
3030

3131
func RoleTemplateAdmin() string {
@@ -59,10 +59,10 @@ var (
5959
// https://github.com/coder/coder/issues/1194
6060
builtInRoles = map[string]func(orgID string) Role{
6161
// admin grants all actions to all resources.
62-
admin: func(_ string) Role {
62+
owner: func(_ string) Role {
6363
return Role{
64-
Name: admin,
65-
DisplayName: "Admin",
64+
Name: owner,
65+
DisplayName: "Owner",
6666
Site: permissions(map[Object][]Action{
6767
ResourceWildcard: {WildcardSymbol},
6868
}),
@@ -187,8 +187,8 @@ var (
187187
// The first key is the actor role, the second is the roles they can assign.
188188
// map[actor_role][assign_role]<can_assign>
189189
assignRoles = map[string]map[string]bool{
190-
admin: {
191-
admin: true,
190+
owner: {
191+
owner: true,
192192
auditor: true,
193193
member: true,
194194
orgAdmin: true,

coderd/rbac/builtin_internal_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ func TestRoleByName(t *testing.T) {
1616
testCases := []struct {
1717
Role Role
1818
}{
19-
{Role: builtInRoles[admin]("")},
19+
{Role: builtInRoles[owner]("")},
2020
{Role: builtInRoles[member]("")},
2121
{Role: builtInRoles[templateAdmin]("")},
2222
{Role: builtInRoles[userAdmin]("")},

coderd/rbac/builtin_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ func BenchmarkRBACFilter(b *testing.B) {
4141
{
4242
Name: "Admin",
4343
// Give some extra roles that an admin might have
44-
Roles: []string{rbac.RoleOrgMember(orgs[0]), "auditor", rbac.RoleAdmin(), rbac.RoleMember()},
44+
Roles: []string{rbac.RoleOrgMember(orgs[0]), "auditor", rbac.RoleOwner(), rbac.RoleMember()},
4545
UserID: users[0],
4646
},
4747
{
@@ -119,7 +119,7 @@ func TestRolePermissions(t *testing.T) {
119119
memberMe := authSubject{Name: "member_me", UserID: currentUser.String(), Roles: []string{rbac.RoleMember()}}
120120
orgMemberMe := authSubject{Name: "org_member_me", UserID: currentUser.String(), Roles: []string{rbac.RoleMember(), rbac.RoleOrgMember(orgID)}}
121121

122-
admin := authSubject{Name: "admin", UserID: adminID.String(), Roles: []string{rbac.RoleMember(), rbac.RoleAdmin()}}
122+
admin := authSubject{Name: "admin", UserID: adminID.String(), Roles: []string{rbac.RoleMember(), rbac.RoleOwner()}}
123123
orgAdmin := authSubject{Name: "org_admin", UserID: adminID.String(), Roles: []string{rbac.RoleMember(), rbac.RoleOrgMember(orgID), rbac.RoleOrgAdmin(orgID)}}
124124

125125
otherOrgMember := authSubject{Name: "org_member_other", UserID: uuid.NewString(), Roles: []string{rbac.RoleMember(), rbac.RoleOrgMember(otherOrg)}}
@@ -358,7 +358,7 @@ func TestIsOrgRole(t *testing.T) {
358358
OrgID string
359359
}{
360360
// Not org roles
361-
{RoleName: rbac.RoleAdmin()},
361+
{RoleName: rbac.RoleOwner()},
362362
{RoleName: rbac.RoleMember()},
363363
{RoleName: "auditor"},
364364

@@ -413,7 +413,7 @@ func TestListRoles(t *testing.T) {
413413
// Always use constant strings, as if the names change, we need to write
414414
// a SQL migration to change the name on the backend.
415415
require.ElementsMatch(t, []string{
416-
"admin",
416+
"owner",
417417
"member",
418418
"auditor",
419419
"template-admin",

coderd/roles_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -120,7 +120,7 @@ func TestListRoles(t *testing.T) {
120120
require.NoError(t, err, "create org")
121121

122122
const forbidden = "Forbidden"
123-
siteRoles := convertRoles(rbac.RoleAdmin(), "auditor", "template-admin", "user-admin")
123+
siteRoles := convertRoles(rbac.RoleOwner(), "auditor", "template-admin", "user-admin")
124124
orgRoles := convertRoles(rbac.RoleOrgAdmin(admin.OrganizationID))
125125

126126
testCases := []struct {

coderd/templates_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,8 @@ func TestTemplate(t *testing.T) {
3838
t.Parallel()
3939
client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerD: true})
4040
user := coderdtest.CreateFirstUser(t, client)
41-
member := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleAdmin())
42-
memberWithDeleted := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleAdmin())
41+
member := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleOwner())
42+
memberWithDeleted := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleOwner())
4343
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
4444
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
4545
coderdtest.AwaitTemplateVersionJob(t, client, version.ID)

coderd/users.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@ func (api *API) postFirstUser(rw http.ResponseWriter, r *http.Request) {
102102
// and add some rbac bypass when calling api functions this way??
103103
// Add the admin role to this first user.
104104
_, err = api.Database.UpdateUserRoles(r.Context(), database.UpdateUserRolesParams{
105-
GrantedRoles: []string{rbac.RoleAdmin()},
105+
GrantedRoles: []string{rbac.RoleOwner()},
106106
ID: user.ID,
107107
})
108108
if err != nil {

coderd/users_internal_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -53,11 +53,11 @@ func TestSearchUsers(t *testing.T) {
5353
},
5454
{
5555
Name: "OnlyParams",
56-
Query: "status:acTIve sEArch:User-Name role:Admin",
56+
Query: "status:acTIve sEArch:User-Name role:Owner",
5757
Expected: database.GetUsersParams{
5858
Search: "user-name",
5959
Status: []database.UserStatus{database.UserStatusActive},
60-
RbacRole: []string{rbac.RoleAdmin()},
60+
RbacRole: []string{rbac.RoleOwner()},
6161
},
6262
},
6363
{
@@ -71,11 +71,11 @@ func TestSearchUsers(t *testing.T) {
7171
},
7272
{
7373
Name: "QuotedKey",
74-
Query: `"status":acTIve "sEArch":User-Name "role":Admin`,
74+
Query: `"status":acTIve "sEArch":User-Name "role":Owner`,
7575
Expected: database.GetUsersParams{
7676
Search: "user-name",
7777
Status: []database.UserStatus{database.UserStatusActive},
78-
RbacRole: []string{rbac.RoleAdmin()},
78+
RbacRole: []string{rbac.RoleOwner()},
7979
},
8080
},
8181
{

coderd/users_test.go

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -279,7 +279,7 @@ func TestPostUsers(t *testing.T) {
279279
client := coderdtest.New(t, nil)
280280
first := coderdtest.CreateFirstUser(t, client)
281281
notInOrg := coderdtest.CreateAnotherUser(t, client, first.OrganizationID)
282-
other := coderdtest.CreateAnotherUser(t, client, first.OrganizationID, rbac.RoleAdmin(), rbac.RoleMember())
282+
other := coderdtest.CreateAnotherUser(t, client, first.OrganizationID, rbac.RoleOwner(), rbac.RoleMember())
283283

284284
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
285285
defer cancel()
@@ -513,7 +513,7 @@ func TestGrantSiteRoles(t *testing.T) {
513513
Name: "UserNotExists",
514514
Client: admin,
515515
AssignToUser: uuid.NewString(),
516-
Roles: []string{rbac.RoleAdmin()},
516+
Roles: []string{rbac.RoleOwner()},
517517
Error: true,
518518
StatusCode: http.StatusBadRequest,
519519
},
@@ -539,7 +539,7 @@ func TestGrantSiteRoles(t *testing.T) {
539539
Client: admin,
540540
OrgID: first.OrganizationID,
541541
AssignToUser: codersdk.Me,
542-
Roles: []string{rbac.RoleAdmin()},
542+
Roles: []string{rbac.RoleOwner()},
543543
Error: true,
544544
StatusCode: http.StatusBadRequest,
545545
},
@@ -629,7 +629,7 @@ func TestInitialRoles(t *testing.T) {
629629
roles, err := client.GetUserRoles(ctx, codersdk.Me)
630630
require.NoError(t, err)
631631
require.ElementsMatch(t, roles.Roles, []string{
632-
rbac.RoleAdmin(),
632+
rbac.RoleOwner(),
633633
}, "should be a member and admin")
634634

635635
require.ElementsMatch(t, roles.OrganizationRoles[first.OrganizationID], []string{
@@ -744,7 +744,7 @@ func TestUsersFilter(t *testing.T) {
744744
for i := 0; i < 15; i++ {
745745
roles := []string{}
746746
if i%2 == 0 {
747-
roles = append(roles, rbac.RoleAdmin())
747+
roles = append(roles, rbac.RoleOwner())
748748
}
749749
if i%3 == 0 {
750750
roles = append(roles, "auditor")
@@ -823,12 +823,12 @@ func TestUsersFilter(t *testing.T) {
823823
{
824824
Name: "Admins",
825825
Filter: codersdk.UsersRequest{
826-
Role: rbac.RoleAdmin(),
826+
Role: rbac.RoleOwner(),
827827
Status: codersdk.UserStatusSuspended + "," + codersdk.UserStatusActive,
828828
},
829829
FilterF: func(_ codersdk.UsersRequest, u codersdk.User) bool {
830830
for _, r := range u.Roles {
831-
if r.Name == rbac.RoleAdmin() {
831+
if r.Name == rbac.RoleOwner() {
832832
return true
833833
}
834834
}
@@ -838,12 +838,12 @@ func TestUsersFilter(t *testing.T) {
838838
{
839839
Name: "AdminsUppercase",
840840
Filter: codersdk.UsersRequest{
841-
Role: "ADMIN",
841+
Role: "OWNER",
842842
Status: codersdk.UserStatusSuspended + "," + codersdk.UserStatusActive,
843843
},
844844
FilterF: func(_ codersdk.UsersRequest, u codersdk.User) bool {
845845
for _, r := range u.Roles {
846-
if r.Name == rbac.RoleAdmin() {
846+
if r.Name == rbac.RoleOwner() {
847847
return true
848848
}
849849
}
@@ -863,11 +863,11 @@ func TestUsersFilter(t *testing.T) {
863863
{
864864
Name: "SearchQuery",
865865
Filter: codersdk.UsersRequest{
866-
SearchQuery: "i role:admin status:active",
866+
SearchQuery: "i role:owner status:active",
867867
},
868868
FilterF: func(_ codersdk.UsersRequest, u codersdk.User) bool {
869869
for _, r := range u.Roles {
870-
if r.Name == rbac.RoleAdmin() {
870+
if r.Name == rbac.RoleOwner() {
871871
return (strings.ContainsAny(u.Username, "iI") || strings.ContainsAny(u.Email, "iI")) &&
872872
u.Status == codersdk.UserStatusActive
873873
}
@@ -878,11 +878,11 @@ func TestUsersFilter(t *testing.T) {
878878
{
879879
Name: "SearchQueryInsensitive",
880880
Filter: codersdk.UsersRequest{
881-
SearchQuery: "i Role:Admin STATUS:Active",
881+
SearchQuery: "i Role:Owner STATUS:Active",
882882
},
883883
FilterF: func(_ codersdk.UsersRequest, u codersdk.User) bool {
884884
for _, r := range u.Roles {
885-
if r.Name == rbac.RoleAdmin() {
885+
if r.Name == rbac.RoleOwner() {
886886
return (strings.ContainsAny(u.Username, "iI") || strings.ContainsAny(u.Email, "iI")) &&
887887
u.Status == codersdk.UserStatusActive
888888
}

coderd/workspaces_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@ func TestAdminViewAllWorkspaces(t *testing.T) {
102102

103103
// This other user is not in the first user's org. Since other is an admin, they can
104104
// still see the "first" user's workspace.
105-
other := coderdtest.CreateAnotherUser(t, client, otherOrg.ID, rbac.RoleAdmin())
105+
other := coderdtest.CreateAnotherUser(t, client, otherOrg.ID, rbac.RoleOwner())
106106
otherWorkspaces, err := other.Workspaces(ctx, codersdk.WorkspaceFilter{})
107107
require.NoError(t, err, "(other) fetch workspaces")
108108

@@ -137,7 +137,7 @@ func TestPostWorkspacesByOrganization(t *testing.T) {
137137
client := coderdtest.New(t, nil)
138138
first := coderdtest.CreateFirstUser(t, client)
139139

140-
other := coderdtest.CreateAnotherUser(t, client, first.OrganizationID, rbac.RoleMember(), rbac.RoleAdmin())
140+
other := coderdtest.CreateAnotherUser(t, client, first.OrganizationID, rbac.RoleMember(), rbac.RoleOwner())
141141

142142
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
143143
defer cancel()
@@ -406,7 +406,7 @@ func TestWorkspaceFilter(t *testing.T) {
406406

407407
users := make([]coderUser, 0)
408408
for i := 0; i < 10; i++ {
409-
userClient := coderdtest.CreateAnotherUser(t, client, first.OrganizationID, rbac.RoleAdmin())
409+
userClient := coderdtest.CreateAnotherUser(t, client, first.OrganizationID, rbac.RoleOwner())
410410
user, err := userClient.User(ctx, codersdk.Me)
411411
require.NoError(t, err, "fetch me")
412412

docs/quickstart.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,10 +7,10 @@ possible way to use Coder.
77

88
Please [install Coder](../install.md) before proceeding with the steps below.
99

10-
## First time admin user setup
10+
## First time owner user setup
1111

1212
1. Run `coder login <your Access URL>` in a new terminal and follow the
13-
interactive instructions to create your admin user and password.
13+
interactive instructions to create your owner user and password.
1414

1515
> If using `coder server --tunnel`, the Access URL appears in the terminal logs.
1616
@@ -45,7 +45,7 @@ coder ssh <workspaceName>
4545
```
4646

4747
To access your workspace in the Coder dashboard, navigate to the [configured access URL](../configure.md),
48-
and log in with the admin credentials provided to you by Coder.
48+
and log in with the owner credentials provided to you by Coder.
4949

5050
![Coder Web UI with code-server](./images/code-server.png)
5151

0 commit comments

Comments
 (0)