Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore: include custom roles in list org roles #13336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 23, 2024
Merged

chore: include custom roles in list org roles #13336

merged 8 commits into from
May 23, 2024

Conversation

Emyrk
Copy link
Member

@Emyrk Emyrk commented May 21, 2024
edited
Loading

What this does

This moves the role list command to the organization subcommands, we are not going to do custom site wide roles at this time.

Listing org roles now includes custom org roles.

Role naming

In the rbac rego policy, role names across different scopes are deconflicted with rolenName:scopeID. The API uses a name field and an organizationID field, which is more intuitive for users.

This PR handles this translation for custom roles.

Cli command

Moves site-wide cli -> org cli. Org wide roles coming first, so removing site wide in favor of org.

The previous cli command was for site wide-roles. It was decided to do custom org roles first, so moving the site cli command to org scope, and removing the site wide cli command for now.

$ coder organizations roles show
NAME                DISPLAY NAME        SITE PERMISSIONS  ORG PERMISSIONS  USER PERMISSIONS  BUILT IN
organization-admin  Organization Admin  0 permissions     1 organizations  0 permissions     true

Future work

Implementing an api for submitting custom org roles and using them. This is just the foundation to assert they exist when I add the "edit roles" api.

Emyrk
Emyrk commented May 21, 2024
View reviewed changes
cli/organizationroles_test.go
Comment on lines +26 to +39
const expectedRole = "test-role"
dbgen.CustomRole(t, db, database.CustomRole{
Name: expectedRole,
DisplayName: "Expected",
SitePermissions: nil,
OrgPermissions: nil,
UserPermissions: nil,
OrganizationID: uuid.NullUUID{
UUID: owner.OrganizationID,
Valid: true,
},
})
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

API to make custom org roles does not exist yet. I'll circle back to this when I get org role editing in.

It's a chicken and the egg problem

Emyrk
Emyrk commented May 21, 2024
View reviewed changes
coderd/database/queries/roles.sql
Comment on lines +11 to +14
-- Case insensitive lookup with org_id appended (if non-null).
-- This will return just the name if org_id is null. It'll append
-- the org_id if not null
concat(name, NULLIF(concat(':', organization_id), ':')) ILIKE ANY(@lookup_roles :: text [])
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This logic is not ideal, but it removes a good chunk of logic in the APIKey middlewhere, which is where this argument is exclusively used atm.

I would prefer to do some tuple lookup, where the parameter is something like:

type RoleLookup struct {
  Name string
  OrganizationID string
}

type LookUp []RoleLookup

I am unsure if sqlc can support this. So this is what it will look like for now.

@Emyrk Emyrk marked this pull request as ready for review May 21, 2024 22:45
@Emyrk Emyrk requested a review from johnstcn May 21, 2024 22:45
johnstcn
johnstcn reviewed May 22, 2024
View reviewed changes
Copy link
Member

@johnstcn johnstcn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For some reason the roles command isn't recognised for me?

./scripts/coder-dev.sh roles 
Encountered an error running "coder", see "coder --help" for more information
error: unrecognized subcommand "roles"

There appears to have been no change to the CLI docs as well; is this intentional?

@Emyrk
Copy link
Member Author

Emyrk commented May 23, 2024
edited
Loading

For some reason the roles command isn't recognised for me?

./scripts/coder-dev.sh roles 
Encountered an error running "coder", see "coder --help" for more information
error: unrecognized subcommand "roles"

There appears to have been no change to the CLI docs as well; is this intentional?

Here is the merge for the roles command, which I removed in the PR and moved to organizations. Eg coder organization roles show

#13303

Cli docs are not updated as this is not a shipped feature. This is going to ship with multi-org, which is still underway. I don't think it is worth adding docs until the custom roles story is complete, which is still a few PRs away.

@Emyrk Emyrk force-pushed the stevenmasley/list_org_roles branch from 655a30a to a0e5aef Compare May 23, 2024 04:18
@Emyrk Emyrk requested a review from johnstcn May 23, 2024 06:15
@Emyrk Emyrk merged commit 1b4ca00 into main May 23, 2024
31 checks passed
@Emyrk Emyrk deleted the stevenmasley/list_org_roles branch May 23, 2024 17:55
@github-actions github-actions bot locked and limited conversation to collaborators May 23, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@johnstcn johnstcn johnstcn approved these changes

Assignees

@Emyrk Emyrk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Emyrk @johnstcn