Skip to content

Commit 01dd35f

Browse files
Emyrkcoadler
Emyrk
and
coadler
authored
chore: Rename 'admin' to 'owner' (#3498)
Co-authored-by: Colin Adler <[email protected]>
1 parent 2306d2c commit 01dd35f

16 files changed

+98
-56
lines changed

coderd/database/migrations/000034_remove_admin_role.down.sql

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
UPDATE
2+
users
3+
SET
4+
-- Replace 'template-admin' and 'user-admin' role with 'admin'
5+
rbac_roles = array_append(
6+
array_remove(
7+
array_remove(rbac_roles, 'template-admin'),
8+
'user-admin'
9+
), 'admin')
10+
WHERE
11+
-- Only on existing admins. If they have either role, make them an admin
12+
ARRAY ['template-admin', 'user-admin'] && rbac_roles;
13+
14+
15+
UPDATE
16+
users
17+
SET
18+
-- Replace 'owner' with 'admin'
19+
rbac_roles = array_replace(rbac_roles, 'owner', 'admin')
20+
WHERE
21+
-- Only on the owner
22+
'owner' = ANY(rbac_roles);

coderd/database/migrations/000034_remove_admin_role.up.sql

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
UPDATE
2+
users
3+
SET
4+
-- Replace the role 'admin' with the role 'owner'
5+
rbac_roles = array_replace(rbac_roles, 'admin', 'owner')
6+
WHERE
7+
-- Update the first user with the role 'admin'. This should be the first
8+
-- user ever, but if that user was demoted from an admin, then choose
9+
-- the next best user.
10+
id = (SELECT id FROM users WHERE 'admin' = ANY(rbac_roles) ORDER BY created_at ASC LIMIT 1);
11+
12+
13+
UPDATE
14+
users
15+
SET
16+
-- Replace 'admin' role with 'template-admin' and 'user-admin'
17+
rbac_roles = array_cat(array_remove(rbac_roles, 'admin'), ARRAY ['template-admin', 'user-admin'])
18+
WHERE
19+
-- Only on existing admins
20+
'admin' = ANY(rbac_roles);

coderd/httpmw/authorize_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ func TestExtractUserRoles(t *testing.T) {
4040
{
4141
Name: "Admin",
4242
AddUser: func(db database.Store) (database.User, []string, string) {
43-
roles := []string{rbac.RoleAdmin()}
43+
roles := []string{rbac.RoleOwner()}
4444
user, token := addUser(t, db, roles...)
4545
return user, append(roles, rbac.RoleMember()), token
4646
},

coderd/provisionerjobs_internal_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,9 @@ import (
1717

1818
"cdr.dev/slog"
1919
"cdr.dev/slog/sloggers/slogtest"
20-
2120
"github.com/coder/coder/coderd/database"
2221
"github.com/coder/coder/coderd/database/databasefake"
22+
"github.com/coder/coder/coderd/rbac"
2323
"github.com/coder/coder/codersdk"
2424
"github.com/coder/coder/testutil"
2525
)
@@ -77,7 +77,7 @@ func TestProvisionerJobLogs_Unit(t *testing.T) {
7777
require.NoError(t, err)
7878
_, err = fDB.InsertUser(ctx, database.InsertUserParams{
7979
ID: userID,
80-
RBACRoles: []string{"admin"},
80+
RBACRoles: []string{rbac.RoleOwner()},
8181
})
8282
require.NoError(t, err)
8383
_, err = fDB.InsertWorkspaceBuild(ctx, database.InsertWorkspaceBuildParams{

coderd/rbac/authz_internal_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ func TestFilter(t *testing.T) {
8787
{
8888
Name: "Admin",
8989
SubjectID: userIDs[0].String(),
90-
Roles: []string{RoleOrgMember(orgIDs[0]), "auditor", RoleAdmin(), RoleMember()},
90+
Roles: []string{RoleOrgMember(orgIDs[0]), "auditor", RoleOwner(), RoleMember()},
9191
ObjectType: ResourceWorkspace.Type,
9292
Action: ActionRead,
9393
},
@@ -292,7 +292,7 @@ func TestAuthorizeDomain(t *testing.T) {
292292
user = subject{
293293
UserID: "me",
294294
Roles: []Role{
295-
must(RoleByName(RoleAdmin())),
295+
must(RoleByName(RoleOwner())),
296296
must(RoleByName(RoleMember())),
297297
},
298298
}
@@ -499,7 +499,7 @@ func TestAuthorizeLevels(t *testing.T) {
499499
user := subject{
500500
UserID: "me",
501501
Roles: []Role{
502-
must(RoleByName(RoleAdmin())),
502+
must(RoleByName(RoleOwner())),
503503
{
504504
Name: "org-deny:" + defOrg.String(),
505505
Org: map[string][]Permission{

coderd/rbac/builtin.go

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ import (
99
)
1010

1111
const (
12-
admin string = "admin"
12+
owner string = "owner"
1313
member string = "member"
1414
templateAdmin string = "template-admin"
1515
userAdmin string = "user-admin"
@@ -24,8 +24,8 @@ const (
2424
// Once we have a database implementation, the "default" roles can be defined on the
2525
// site and orgs, and these functions can be removed.
2626

27-
func RoleAdmin() string {
28-
return roleName(admin, "")
27+
func RoleOwner() string {
28+
return roleName(owner, "")
2929
}
3030

3131
func RoleTemplateAdmin() string {
@@ -59,10 +59,10 @@ var (
5959
// https://github.com/coder/coder/issues/1194
6060
builtInRoles = map[string]func(orgID string) Role{
6161
// admin grants all actions to all resources.
62-
admin: func(_ string) Role {
62+
owner: func(_ string) Role {
6363
return Role{
64-
Name: admin,
65-
DisplayName: "Admin",
64+
Name: owner,
65+
DisplayName: "Owner",
6666
Site: permissions(map[Object][]Action{
6767
ResourceWildcard: {WildcardSymbol},
6868
}),
@@ -187,8 +187,8 @@ var (
187187
// The first key is the actor role, the second is the roles they can assign.
188188
// map[actor_role][assign_role]<can_assign>
189189
assignRoles = map[string]map[string]bool{
190-
admin: {
191-
admin: true,
190+
owner: {
191+
owner: true,
192192
auditor: true,
193193
member: true,
194194
orgAdmin: true,

coderd/rbac/builtin_internal_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ func TestRoleByName(t *testing.T) {
1616
testCases := []struct {
1717
Role Role
1818
}{
19-
{Role: builtInRoles[admin]("")},
19+
{Role: builtInRoles[owner]("")},
2020
{Role: builtInRoles[member]("")},
2121
{Role: builtInRoles[templateAdmin]("")},
2222
{Role: builtInRoles[userAdmin]("")},

coderd/rbac/builtin_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ func BenchmarkRBACFilter(b *testing.B) {
4141
{
4242
Name: "Admin",
4343
// Give some extra roles that an admin might have
44-
Roles: []string{rbac.RoleOrgMember(orgs[0]), "auditor", rbac.RoleAdmin(), rbac.RoleMember()},
44+
Roles: []string{rbac.RoleOrgMember(orgs[0]), "auditor", rbac.RoleOwner(), rbac.RoleMember()},
4545
UserID: users[0],
4646
},
4747
{
@@ -119,7 +119,7 @@ func TestRolePermissions(t *testing.T) {
119119
memberMe := authSubject{Name: "member_me", UserID: currentUser.String(), Roles: []string{rbac.RoleMember()}}
120120
orgMemberMe := authSubject{Name: "org_member_me", UserID: currentUser.String(), Roles: []string{rbac.RoleMember(), rbac.RoleOrgMember(orgID)}}
121121

122-
admin := authSubject{Name: "admin", UserID: adminID.String(), Roles: []string{rbac.RoleMember(), rbac.RoleAdmin()}}
122+
admin := authSubject{Name: "admin", UserID: adminID.String(), Roles: []string{rbac.RoleMember(), rbac.RoleOwner()}}
123123
orgAdmin := authSubject{Name: "org_admin", UserID: adminID.String(), Roles: []string{rbac.RoleMember(), rbac.RoleOrgMember(orgID), rbac.RoleOrgAdmin(orgID)}}
124124

125125
otherOrgMember := authSubject{Name: "org_member_other", UserID: uuid.NewString(), Roles: []string{rbac.RoleMember(), rbac.RoleOrgMember(otherOrg)}}
@@ -358,7 +358,7 @@ func TestIsOrgRole(t *testing.T) {
358358
OrgID string
359359
}{
360360
// Not org roles
361-
{RoleName: rbac.RoleAdmin()},
361+
{RoleName: rbac.RoleOwner()},
362362
{RoleName: rbac.RoleMember()},
363363
{RoleName: "auditor"},
364364

@@ -413,7 +413,7 @@ func TestListRoles(t *testing.T) {
413413
// Always use constant strings, as if the names change, we need to write
414414
// a SQL migration to change the name on the backend.
415415
require.ElementsMatch(t, []string{
416-
"admin",
416+
"owner",
417417
"member",
418418
"auditor",
419419
"template-admin",

coderd/roles_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -120,7 +120,7 @@ func TestListRoles(t *testing.T) {
120120
require.NoError(t, err, "create org")
121121

122122
const forbidden = "Forbidden"
123-
siteRoles := convertRoles(rbac.RoleAdmin(), "auditor", "template-admin", "user-admin")
123+
siteRoles := convertRoles(rbac.RoleOwner(), "auditor", "template-admin", "user-admin")
124124
orgRoles := convertRoles(rbac.RoleOrgAdmin(admin.OrganizationID))
125125

126126
testCases := []struct {

coderd/templates_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,8 @@ func TestTemplate(t *testing.T) {
3838
t.Parallel()
3939
client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerD: true})
4040
user := coderdtest.CreateFirstUser(t, client)
41-
member := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleAdmin())
42-
memberWithDeleted := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleAdmin())
41+
member := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleOwner())
42+
memberWithDeleted := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleOwner())
4343
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
4444
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
4545
coderdtest.AwaitTemplateVersionJob(t, client, version.ID)

0 commit comments

Comments
 (0)