README
¶
check-scopes
Validates that the DB enum api_key_scope contains every <resource>:<action> derived from coderd/rbac/policy/RBACPermissions.
- Exits 0 when all scopes are present in
coderd/database/dump.sql. - Exits 1 and prints missing values with suggested
ALTER TYPEstatements otherwise.
Usage
Ensure the schema dump is up-to-date, then run the check:
make -B gen/db # forces DB dump regeneration
make lint/check-scopes
Or directly:
go run ./tools/check-scopes
Optional flags:
-dump path— override path todump.sql(defaultcoderd/database/dump.sql).
Remediation
When the tool reports missing values:
-
Create a DB migration extending the enum, e.g.:
ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'template:view_insights'; -
Regenerate and re-run:
make -B gen/db && make lint/check-scopes -
Decide whether each new scope is public (exposed in the catalog) or internal-only.
- If public, add it to the curated map in
coderd/rbac/scopes_catalog.go(externalLowLevel) so it appears in the public catalog and can be requested by users.
- If public, add it to the curated map in
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.