cleanup

Emyrk · Emyrk · commit 171dbf06ee42 · 2024-05-15T21:25:12.000-05:00
diff --git a/coderd/audit.go b/coderd/audit.go
@@ -196,12 +196,12 @@ func (api *API) convertAuditLog(ctx context.Context, dblog database.GetAuditLogs
 				CreatedAt: dblog.UserCreatedAt.Time,
 				Status:    codersdk.UserStatus(dblog.UserStatus.UserStatus),
 			},
-			Roles: []codersdk.Role{},
+			Roles: []codersdk.SlimRole{},
 		}
 
 		for _, roleName := range dblog.UserRoles {
 			rbacRole, _ := rbac.RoleByName(roleName)
-			user.Roles = append(user.Roles, db2sdk.Role(rbacRole))
+			user.Roles = append(user.Roles, db2sdk.SlimRole(rbacRole))
 		}
 	}
 
diff --git a/coderd/database/db2sdk/db2sdk.go b/coderd/database/db2sdk/db2sdk.go
@@ -167,17 +167,17 @@ func User(user database.User, organizationIDs []uuid.UUID) codersdk.User {
 	convertedUser := codersdk.User{
 		ReducedUser:     ReducedUser(user),
 		OrganizationIDs: organizationIDs,
-		Roles:           make([]codersdk.Role, 0, len(user.RBACRoles)),
+		Roles:           make([]codersdk.SlimRole, 0, len(user.RBACRoles)),
 	}
 
 	for _, roleName := range user.RBACRoles {
 		rbacRole, err := rbac.RoleByName(roleName)
 		if err == nil {
-			convertedUser.Roles = append(convertedUser.Roles, Role(rbacRole))
+			convertedUser.Roles = append(convertedUser.Roles, SlimRole(rbacRole))
 		} else {
 			// TODO: Fix this for custom roles to display the actual display_name
 			//		Requires plumbing either a cached role value, or the db.
-			convertedUser.Roles = append(convertedUser.Roles, codersdk.Role{
+			convertedUser.Roles = append(convertedUser.Roles, codersdk.SlimRole{
 				Name: roleName,
 			})
 		}
@@ -205,8 +205,8 @@ func Group(group database.Group, members []database.User) codersdk.Group {
 	}
 }
 
-func Role(role rbac.Role) codersdk.Role {
-	return codersdk.Role{
+func SlimRole(role rbac.Role) codersdk.SlimRole {
+	return codersdk.SlimRole{
 		DisplayName: role.DisplayName,
 		Name:        role.Name,
 	}
@@ -526,8 +526,8 @@ func ProvisionerDaemon(dbDaemon database.ProvisionerDaemon) codersdk.Provisioner
 	return result
 }
 
-func RolePermissions(role rbac.Role) codersdk.RolePermissions {
-	return codersdk.RolePermissions{
+func Role(role rbac.Role) codersdk.Role {
+	return codersdk.Role{
 		Name:                    role.Name,
 		DisplayName:             role.DisplayName,
 		SitePermissions:         List(role.Site, Permission),
@@ -544,16 +544,16 @@ func Permission(permission rbac.Permission) codersdk.Permission {
 	}
 }
 
-func RolePermissionsDB(role codersdk.RolePermissions) rbac.Role {
+func RoleToRBAC(role codersdk.Role) rbac.Role {
 	return rbac.Role{
 		Name:        role.Name,
 		DisplayName: role.DisplayName,
-		Site:        List(role.SitePermissions, PermissionToDB),
-		Org:         Map(role.OrganizationPermissions, ListLazy(PermissionToDB)),
-		User:        List(role.UserPermissions, PermissionToDB),
+		Site:        List(role.SitePermissions, PermissionToRBAC),
+		Org:         Map(role.OrganizationPermissions, ListLazy(PermissionToRBAC)),
+		User:        List(role.UserPermissions, PermissionToRBAC),
 	}
 }
-func PermissionToDB(permission codersdk.Permission) rbac.Permission {
+func PermissionToRBAC(permission codersdk.Permission) rbac.Permission {
 	return rbac.Permission{
 		Negate:       permission.Negate,
 		ResourceType: string(permission.ResourceType),
diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go
@@ -3361,10 +3361,10 @@ func (q *querier) UpsertApplicationName(ctx context.Context, value string) error
 	return q.db.UpsertApplicationName(ctx, value)
 }
 
-// UpsertCustomRole does a series of authz checks to protect custom routes.
+// UpsertCustomRole does a series of authz checks to protect custom roles.
 // - Check custom roles are valid for their resource types + actions
 // - Check the actor can create the custom role
-// - Check the custom role does not grant perms the user does not have
+// - Check the custom role does not grant perms the actor does not have
 // - Prevent negative perms
 // - Prevent roles with site and org permissions.
 func (q *querier) UpsertCustomRole(ctx context.Context, arg database.UpsertCustomRoleParams) (database.CustomRole, error) {
diff --git a/coderd/database/dbmem/dbmem.go b/coderd/database/dbmem/dbmem.go
@@ -896,10 +896,6 @@ func (q *FakeQuerier) getLatestWorkspaceAppByTemplateIDUserIDSlugNoLock(ctx cont
 	return database.WorkspaceApp{}, sql.ErrNoRows
 }
 
-func (q *FakeQuerier) CustomRoles(ctx context.Context, lookupRoles []string) ([]database.CustomRole, error) {
-	panic("not implemented")
-}
-
 func (*FakeQuerier) AcquireLock(_ context.Context, _ int64) error {
 	return xerrors.New("AcquireLock must only be called within a transaction")
 }
diff --git a/coderd/database/migrations/000209_custom_roles.down.sql b/coderd/database/migrations/000209_custom_roles.down.sql
@@ -0,0 +1,2 @@
+DROP INDEX IF EXISTS idx_custom_roles_name_lower;
+DROP TABLE IF EXISTS custom_roles;
diff --git a/coderd/members.go b/coderd/members.go
@@ -99,12 +99,12 @@ func convertOrganizationMember(mem database.OrganizationMember) codersdk.Organiz
 		OrganizationID: mem.OrganizationID,
 		CreatedAt:      mem.CreatedAt,
 		UpdatedAt:      mem.UpdatedAt,
-		Roles:          make([]codersdk.Role, 0, len(mem.Roles)),
+		Roles:          make([]codersdk.SlimRole, 0, len(mem.Roles)),
 	}
 
 	for _, roleName := range mem.Roles {
 		rbacRole, _ := rbac.RoleByName(roleName)
-		convertedMember.Roles = append(convertedMember.Roles, db2sdk.Role(rbacRole))
+		convertedMember.Roles = append(convertedMember.Roles, db2sdk.SlimRole(rbacRole))
 	}
 	return convertedMember
 }
diff --git a/coderd/roles.go b/coderd/roles.go
@@ -29,8 +29,6 @@ func (api *API) assignableSiteRoles(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	roles := rbac.SiteRoles()
-
-
 	httpapi.Write(ctx, rw, http.StatusOK, assignableRoles(actorRoles.Roles, roles))
 }
 
@@ -68,7 +66,7 @@ func assignableRoles(actorRoles rbac.ExpandableRoles, roles []rbac.Role) []coder
 			continue
 		}
 		assignable = append(assignable, codersdk.AssignableRoles{
-			Role: codersdk.Role{
+			SlimRole: codersdk.SlimRole{
 				Name:        role.Name,
 				DisplayName: role.DisplayName,
 			},
diff --git a/coderd/roles_test.go b/coderd/roles_test.go
@@ -143,9 +143,9 @@ func TestListRoles(t *testing.T) {
 	}
 }
 
-func convertRole(roleName string) codersdk.Role {
+func convertRole(roleName string) codersdk.SlimRole {
 	role, _ := rbac.RoleByName(roleName)
-	return codersdk.Role{
+	return codersdk.SlimRole{
 		DisplayName: role.DisplayName,
 		Name:        role.Name,
 	}
@@ -156,7 +156,7 @@ func convertRoles(assignableRoles map[string]bool) []codersdk.AssignableRoles {
 	for roleName, assignable := range assignableRoles {
 		role := convertRole(roleName)
 		converted = append(converted, codersdk.AssignableRoles{
-			Role:       role,
+			SlimRole:   role,
 			Assignable: assignable,
 		})
 	}
diff --git a/coderd/users_test.go b/coderd/users_test.go
@@ -1049,7 +1049,7 @@ func TestGrantSiteRoles(t *testing.T) {
 				c.AssignToUser = newUser.ID.String()
 			}
 
-			var newRoles []codersdk.Role
+			var newRoles []codersdk.SlimRole
 			if c.OrgID != uuid.Nil {
 				// Org assign
 				var mem codersdk.OrganizationMember
diff --git a/codersdk/organizations.go b/codersdk/organizations.go
@@ -48,11 +48,11 @@ type Organization struct {
 }
 
 type OrganizationMember struct {
-	UserID         uuid.UUID `db:"user_id" json:"user_id" format:"uuid"`
-	OrganizationID uuid.UUID `db:"organization_id" json:"organization_id" format:"uuid"`
-	CreatedAt      time.Time `db:"created_at" json:"created_at" format:"date-time"`
-	UpdatedAt      time.Time `db:"updated_at" json:"updated_at" format:"date-time"`
-	Roles          []Role    `db:"roles" json:"roles"`
+	UserID         uuid.UUID  `db:"user_id" json:"user_id" format:"uuid"`
+	OrganizationID uuid.UUID  `db:"organization_id" json:"organization_id" format:"uuid"`
+	CreatedAt      time.Time  `db:"created_at" json:"created_at" format:"date-time"`
+	UpdatedAt      time.Time  `db:"updated_at" json:"updated_at" format:"date-time"`
+	Roles          []SlimRole `db:"roles" json:"roles"`
 }
 
 // CreateTemplateVersionRequest enables callers to create a new Template Version.
diff --git a/codersdk/roles.go b/codersdk/roles.go
@@ -9,13 +9,13 @@ import (
 	"github.com/google/uuid"
 )
 
-type Role struct {
+type SlimRole struct {
 	Name        string `json:"name"`
 	DisplayName string `json:"display_name"`
 }
 
 type AssignableRoles struct {
-	Role
+	SlimRole
 	Assignable bool `json:"assignable"`
 }
 
@@ -27,8 +27,8 @@ type Permission struct {
 	Action       RBACAction   `json:"action"`
 }
 
-// RolePermissions is a longer form of Role used to edit custom roles.
-type RolePermissions struct {
+// Role is a longer form of SlimRole used to edit custom roles.
+type Role struct {
 	Name            string       `json:"name"`
 	DisplayName     string       `json:"display_name"`
 	SitePermissions []Permission `json:"site_permissions"`
@@ -38,16 +38,16 @@ type RolePermissions struct {
 }
 
 // UpsertCustomSiteRole will upsert a custom site wide role
-func (c *Client) UpsertCustomSiteRole(ctx context.Context, req RolePermissions) (RolePermissions, error) {
+func (c *Client) UpsertCustomSiteRole(ctx context.Context, req Role) (Role, error) {
 	res, err := c.Request(ctx, http.MethodPatch, "/api/v2/users/roles", req)
 	if err != nil {
-		return RolePermissions{}, err
+		return Role{}, err
 	}
 	defer res.Body.Close()
 	if res.StatusCode != http.StatusOK {
-		return RolePermissions{}, ReadBodyAsError(res)
+		return Role{}, ReadBodyAsError(res)
 	}
-	var role RolePermissions
+	var role Role
 	return role, json.NewDecoder(res.Body).Decode(&role)
 }
 
diff --git a/codersdk/users.go b/codersdk/users.go
@@ -63,7 +63,7 @@ type User struct {
 	ReducedUser `table:"r,recursive_inline"`
 
 	OrganizationIDs []uuid.UUID `json:"organization_ids" format:"uuid"`
-	Roles           []Role      `json:"roles"`
+	Roles           []SlimRole  `json:"roles"`
 }
 
 type GetUsersResponse struct {
diff --git a/enterprise/coderd/roles.go b/enterprise/coderd/roles.go
@@ -22,7 +22,7 @@ import (
 func (api *API) patchRole(rw http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 
-	var req codersdk.RolePermissions
+	var req codersdk.Role
 	if !httpapi.Read(ctx, rw, r, &req) {
 		return
 	}
@@ -38,7 +38,7 @@ func (api *API) patchRole(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	// Make sure all permissions inputted are valid according to our policy.
-	rbacRole := db2sdk.RolePermissionsDB(req)
+	rbacRole := db2sdk.RoleToRBAC(req)
 	args, err := rolestore.ConvertRoleToDB(rbacRole)
 	if err != nil {
 		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
diff --git a/enterprise/coderd/roles_test.go b/enterprise/coderd/roles_test.go
@@ -34,7 +34,7 @@ func TestCustomRole(t *testing.T) {
 
 		ctx := testutil.Context(t, testutil.WaitMedium)
 
-		role, err := owner.UpsertCustomSiteRole(ctx, codersdk.RolePermissions{
+		role, err := owner.UpsertCustomSiteRole(ctx, codersdk.Role{
 			Name:        "test-role",
 			DisplayName: "Testing Purposes",
 			// Basically creating a template admin manually
@@ -52,7 +52,7 @@ func TestCustomRole(t *testing.T) {
 		tmplAdmin, user := coderdtest.CreateAnotherUser(t, owner, first.OrganizationID, role.Name)
 
 		// Assert the role exists
-		roleNamesF := func(role codersdk.Role) string { return role.Name }
+		roleNamesF := func(role codersdk.SlimRole) string { return role.Name }
 		require.Contains(t, db2sdk.List(user.Roles, roleNamesF), role.Name)
 
 		// Try to create a template version
diff --git a/scripts/rbacgen/codersdk.gotmpl b/scripts/rbacgen/codersdk.gotmpl
@@ -16,15 +16,3 @@ const (
 	{{ $element.Enum }} RBACAction = "{{ $element.Value }}"
 	{{- end }}
 )
-
-// RBACResourceActions is the mapping of resources to which actions are valid for
-// said resource type.
-var RBACResourceActions = map[RBACResource][]RBACAction{
-	{{- range $element := . }}
-    Resource{{ pascalCaseName $element.FunctionName }}: []RBACAction{
-        {{- range $actionValue, $_ := $element.Actions }}
-            {{- actionEnum $actionValue -}},
-        {{- end -}}
-    },
-    {{- end }}
-}

Original file line number	Diff line number	Diff line change
`@@ -196,12 +196,12 @@ func (api *API) convertAuditLog(ctx context.Context, dblog database.GetAuditLogs`
`196`	`196`	`CreatedAt: dblog.UserCreatedAt.Time,`
`197`	`197`	`Status: codersdk.UserStatus(dblog.UserStatus.UserStatus),`
`198`	`198`	`},`
`199`		`- Roles: []codersdk.Role{},`
	`199`	`+ Roles: []codersdk.SlimRole{},`
`200`	`200`	`}`
`201`	`201`
`202`	`202`	`for _, roleName := range dblog.UserRoles {`
`203`	`203`	`rbacRole, _ := rbac.RoleByName(roleName)`
`204`		`- user.Roles = append(user.Roles, db2sdk.Role(rbacRole))`
	`204`	`+ user.Roles = append(user.Roles, db2sdk.SlimRole(rbacRole))`
`205`	`205`	`}`
`206`	`206`	`}`
`207`	`207`
Original file line number	Diff line number	Diff line change
`@@ -896,10 +896,6 @@ func (q *FakeQuerier) getLatestWorkspaceAppByTemplateIDUserIDSlugNoLock(ctx cont`
`896`	`896`	`return database.WorkspaceApp{}, sql.ErrNoRows`
`897`	`897`	`}`
`898`	`898`
`899`		`-func (q *FakeQuerier) CustomRoles(ctx context.Context, lookupRoles []string) ([]database.CustomRole, error) {`
`900`		`- panic("not implemented")`
`901`		`-}`
`902`		`-`
`903`	`899`	`func (*FakeQuerier) AcquireLock(_ context.Context, _ int64) error {`
`904`	`900`	`return xerrors.New("AcquireLock must only be called within a transaction")`
`905`	`901`	`}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+DROP INDEX IF EXISTS idx_custom_roles_name_lower;`
	`2`	`+DROP TABLE IF EXISTS custom_roles;`
Original file line number	Diff line number	Diff line change
`@@ -99,12 +99,12 @@ func convertOrganizationMember(mem database.OrganizationMember) codersdk.Organiz`
`99`	`99`	`OrganizationID: mem.OrganizationID,`
`100`	`100`	`CreatedAt: mem.CreatedAt,`
`101`	`101`	`UpdatedAt: mem.UpdatedAt,`
`102`		`- Roles: make([]codersdk.Role, 0, len(mem.Roles)),`
	`102`	`+ Roles: make([]codersdk.SlimRole, 0, len(mem.Roles)),`
`103`	`103`	`}`
`104`	`104`
`105`	`105`	`for _, roleName := range mem.Roles {`
`106`	`106`	`rbacRole, _ := rbac.RoleByName(roleName)`
`107`		`- convertedMember.Roles = append(convertedMember.Roles, db2sdk.Role(rbacRole))`
	`107`	`+ convertedMember.Roles = append(convertedMember.Roles, db2sdk.SlimRole(rbacRole))`
`108`	`108`	`}`
`109`	`109`	`return convertedMember`
`110`	`110`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,8 +29,6 @@ func (api API) assignableSiteRoles(rw http.ResponseWriter, r http.Request) {`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`roles := rbac.SiteRoles()`
`32`		`-`
`33`		`-`
`34`	`32`	`httpapi.Write(ctx, rw, http.StatusOK, assignableRoles(actorRoles.Roles, roles))`
`35`	`33`	`}`
`36`	`34`
`@@ -68,7 +66,7 @@ func assignableRoles(actorRoles rbac.ExpandableRoles, roles []rbac.Role) []coder`
`68`	`66`	`continue`
`69`	`67`	`}`
`70`	`68`	`assignable = append(assignable, codersdk.AssignableRoles{`
`71`		`- Role: codersdk.Role{`
	`69`	`+ SlimRole: codersdk.SlimRole{`
`72`	`70`	`Name: role.Name,`
`73`	`71`	`DisplayName: role.DisplayName,`
`74`	`72`	`},`
Original file line number	Diff line number	Diff line change
`@@ -143,9 +143,9 @@ func TestListRoles(t *testing.T) {`
`143`	`143`	`}`
`144`	`144`	`}`
`145`	`145`
`146`		`-func convertRole(roleName string) codersdk.Role {`
	`146`	`+func convertRole(roleName string) codersdk.SlimRole {`
`147`	`147`	`role, _ := rbac.RoleByName(roleName)`
`148`		`- return codersdk.Role{`
	`148`	`+ return codersdk.SlimRole{`
`149`	`149`	`DisplayName: role.DisplayName,`
`150`	`150`	`Name: role.Name,`
`151`	`151`	`}`
`@@ -156,7 +156,7 @@ func convertRoles(assignableRoles map[string]bool) []codersdk.AssignableRoles {`
`156`	`156`	`for roleName, assignable := range assignableRoles {`
`157`	`157`	`role := convertRole(roleName)`
`158`	`158`	`converted = append(converted, codersdk.AssignableRoles{`
`159`		`- Role: role,`
	`159`	`+ SlimRole: role,`
`160`	`160`	`Assignable: assignable,`
`161`	`161`	`})`
`162`	`162`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1049,7 +1049,7 @@ func TestGrantSiteRoles(t *testing.T) {`
`1049`	`1049`	`c.AssignToUser = newUser.ID.String()`
`1050`	`1050`	`}`
`1051`	`1051`
`1052`		`- var newRoles []codersdk.Role`
	`1052`	`+ var newRoles []codersdk.SlimRole`
`1053`	`1053`	`if c.OrgID != uuid.Nil {`
`1054`	`1054`	`// Org assign`
`1055`	`1055`	`var mem codersdk.OrganizationMember`