coder
diff --git a/‎coderd/apidoc/swagger.json‎
Lines changed: 14 additions & 0 deletions b/‎coderd/apidoc/swagger.json‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎coderd/database/dump.sql‎
Lines changed: 8 additions & 1 deletion b/‎coderd/database/dump.sql‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎coderd/database/migrations/000373_add_composite_api_key_scopes.down.sql‎
Lines changed: 3 additions & 0 deletions b/‎coderd/database/migrations/000373_add_composite_api_key_scopes.down.sql‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/database/migrations/000373_add_composite_api_key_scopes.up.sql‎
Lines changed: 9 additions & 0 deletions b/‎coderd/database/migrations/000373_add_composite_api_key_scopes.up.sql‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎docs/reference/api/schemas.md‎
Lines changed: 7 additions & 0 deletions b/‎docs/reference/api/schemas.md‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎scripts/generate_api_key_scope_enum/main.go‎
Lines changed: 3 additions & 0 deletions b/‎scripts/generate_api_key_scope_enum/main.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎site/src/api/typesGenerated.ts‎
Lines changed: 14 additions & 0 deletions b/‎site/src/api/typesGenerated.ts‎
Lines changed: 14 additions & 0 deletions
@@ -0,0 +1,3 @@
+-- No-op: keep enum values to avoid dependency churn.
+-- If strict removal is required, create a new enum type without these values,
+-- cast columns, drop the old type, and rename.
@@ -0,0 +1,9 @@
+-- Add high-level composite coder:* API key scopes
+-- These values are persisted so that tokens can store coder:* names directly.
+ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'coder:workspaces.create';
+ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'coder:workspaces.operate';
+ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'coder:workspaces.delete';
+ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'coder:workspaces.access';
+ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'coder:templates.build';
+ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'coder:templates.author';
+ALTER TYPE api_key_scope ADD VALUE IF NOT EXISTS 'coder:apikeys.manage_self';
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"sort"
 
+	"github.com/coder/coder/v2/coderd/rbac"
 	"github.com/coder/coder/v2/coderd/rbac/policy"
 )
 
@@ -18,6 +19,8 @@ func main() {
 			vals = append(vals, fmt.Sprintf("%s:%s", resource, action))
 		}
 	}
+	// Include composite coder:* scopes as first-class enum values
+	vals = append(vals, rbac.CompositeScopeNames()...)
 	sort.Strings(vals)
 	for _, v := range vals {
 		if _, ok := seen[v]; ok {
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+-- No-op: keep enum values to avoid dependency churn.`
	`2`	`+-- If strict removal is required, create a new enum type without these values,`
	`3`	`+-- cast columns, drop the old type, and rename.`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ import (`
`4`	`4`	`"fmt"`
`5`	`5`	`"sort"`
`6`	`6`
	`7`	`+ "github.com/coder/coder/v2/coderd/rbac"`
`7`	`8`	`"github.com/coder/coder/v2/coderd/rbac/policy"`
`8`	`9`	`)`
`9`	`10`
`@@ -18,6 +19,8 @@ func main() {`
`18`	`19`	`vals = append(vals, fmt.Sprintf("%s:%s", resource, action))`
`19`	`20`	`}`
`20`	`21`	`}`
	`22`	`+ // Include composite coder:* scopes as first-class enum values`
	`23`	`+ vals = append(vals, rbac.CompositeScopeNames()...)`
`21`	`24`	`sort.Strings(vals)`
`22`	`25`	`for _, v := range vals {`
`23`	`26`	`if _, ok := seen[v]; ok {`