coder
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 0 additions & 2 deletions b/‎coderd/apidoc/docs.go
Lines changed: 0 additions & 2 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 0 additions & 2 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 0 additions & 2 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 1 addition & 2 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 1 addition & 2 deletions
diff --git a/‎coderd/database/modelmethods.go
Lines changed: 3 additions & 1 deletion b/‎coderd/database/modelmethods.go
Lines changed: 3 additions & 1 deletion
diff --git a/‎coderd/rbac/object_gen.go
Lines changed: 2 additions & 12 deletions b/‎coderd/rbac/object_gen.go
Lines changed: 2 additions & 12 deletions
diff --git a/‎coderd/rbac/policy/policy.go
Lines changed: 2 additions & 9 deletions b/‎coderd/rbac/policy/policy.go
Lines changed: 2 additions & 9 deletions
diff --git a/‎coderd/rbac/roles_test.go
Lines changed: 0 additions & 9 deletions b/‎coderd/rbac/roles_test.go
Lines changed: 0 additions & 9 deletions
diff --git a/‎codersdk/rbacresources_gen.go
Lines changed: 0 additions & 2 deletions b/‎codersdk/rbacresources_gen.go
Lines changed: 0 additions & 2 deletions
diff --git a/‎docs/reference/api/members.md
Lines changed: 0 additions & 5 deletions b/‎docs/reference/api/members.md
Lines changed: 0 additions & 5 deletions
diff --git a/‎docs/reference/api/schemas.md
Lines changed: 0 additions & 1 deletion b/‎docs/reference/api/schemas.md
Lines changed: 0 additions & 1 deletion
@@ -324,7 +324,6 @@ var (
 					rbac.ResourceOrganization.Type:           {policy.ActionCreate, policy.ActionRead},
 					rbac.ResourceOrganizationMember.Type:     {policy.ActionCreate, policy.ActionDelete, policy.ActionRead},
 					rbac.ResourceProvisionerDaemon.Type:      {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate},
-					rbac.ResourceProvisionerKeys.Type:        {policy.ActionCreate, policy.ActionRead, policy.ActionDelete},
 					rbac.ResourceUser.Type:                   rbac.ResourceUser.AvailableActions(),
 					rbac.ResourceWorkspaceDormant.Type:       {policy.ActionUpdate, policy.ActionDelete, policy.ActionWorkspaceStop},
 					rbac.ResourceWorkspace.Type:              {policy.ActionUpdate, policy.ActionDelete, policy.ActionWorkspaceStart, policy.ActionWorkspaceStop, policy.ActionSSH},
@@ -3203,7 +3202,7 @@ func (q *querier) InsertProvisionerJobTimings(ctx context.Context, arg database.
 }
 
 func (q *querier) InsertProvisionerKey(ctx context.Context, arg database.InsertProvisionerKeyParams) (database.ProvisionerKey, error) {
-	return insert(q.log, q.auth, rbac.ResourceProvisionerKeys.InOrg(arg.OrganizationID).WithID(arg.ID), q.db.InsertProvisionerKey)(ctx, arg)
+	return insert(q.log, q.auth, rbac.ResourceProvisionerDaemon.InOrg(arg.OrganizationID).WithID(arg.ID), q.db.InsertProvisionerKey)(ctx, arg)
 }
 
 func (q *querier) InsertReplica(ctx context.Context, arg database.InsertReplicaParams) (database.Replica, error) {
 
@@ -277,8 +277,10 @@ func (p GetEligibleProvisionerDaemonsByProvisionerJobIDsRow) RBACObject() rbac.O
 	return p.ProvisionerDaemon.RBACObject()
 }
 
+// RBACObject for a provisioner key is the same as a provisioner daemon.
+// Keys == provisioners from a RBAC perspective.
 func (p ProvisionerKey) RBACObject() rbac.Object {
-	return rbac.ResourceProvisionerKeys.
+	return rbac.ResourceProvisionerDaemon.
 		WithID(p.ID).
 		InOrg(p.OrganizationID)
 }
 
@@ -162,25 +162,18 @@ var RBACPermissions = map[string]PermissionDefinition{
 	},
 	"provisioner_daemon": {
 		Actions: map[Action]ActionDefinition{
-			ActionCreate: actDef("create a provisioner daemon"),
+			ActionCreate: actDef("create a provisioner daemon/key"),
 			// TODO: Move to use?
 			ActionRead:   actDef("read provisioner daemon"),
 			ActionUpdate: actDef("update a provisioner daemon"),
-			ActionDelete: actDef("delete a provisioner daemon"),
+			ActionDelete: actDef("delete a provisioner daemon/key"),
 		},
 	},
 	"provisioner_jobs": {
 		Actions: map[Action]ActionDefinition{
 			ActionRead: actDef("read provisioner jobs"),
 		},
 	},
-	"provisioner_keys": {
-		Actions: map[Action]ActionDefinition{
-			ActionCreate: actDef("create a provisioner key"),
-			ActionRead:   actDef("read provisioner keys"),
-			ActionDelete: actDef("delete a provisioner key"),
-		},
-	},
 	"organization": {
 		Actions: map[Action]ActionDefinition{
 			ActionCreate: actDef("create an organization"),
 
@@ -556,15 +556,6 @@ func TestRolePermissions(t *testing.T) {
 				false: {setOtherOrg, memberMe, userAdmin, orgUserAdmin, orgAuditor},
 			},
 		},
-		{
-			Name:     "ProvisionerKeys",
-			Actions:  []policy.Action{policy.ActionCreate, policy.ActionRead, policy.ActionDelete},
-			Resource: rbac.ResourceProvisionerKeys.InOrg(orgID),
-			AuthorizeMap: map[bool][]hasAuthSubjects{
-				true:  {owner, orgAdmin},
-				false: {setOtherOrg, memberMe, orgMemberMe, userAdmin, templateAdmin, orgTemplateAdmin, orgUserAdmin, orgAuditor},
-			},
-		},
 		{
 			Name:     "ProvisionerJobs",
 			Actions:  []policy.Action{policy.ActionRead},
Original file line number	Diff line number	Diff line change
`@@ -324,7 +324,6 @@ var (`
`324`	`324`	`rbac.ResourceOrganization.Type: {policy.ActionCreate, policy.ActionRead},`
`325`	`325`	`rbac.ResourceOrganizationMember.Type: {policy.ActionCreate, policy.ActionDelete, policy.ActionRead},`
`326`	`326`	`rbac.ResourceProvisionerDaemon.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate},`
`327`		`- rbac.ResourceProvisionerKeys.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionDelete},`
`328`	`327`	`rbac.ResourceUser.Type: rbac.ResourceUser.AvailableActions(),`
`329`	`328`	`rbac.ResourceWorkspaceDormant.Type: {policy.ActionUpdate, policy.ActionDelete, policy.ActionWorkspaceStop},`
`330`	`329`	`rbac.ResourceWorkspace.Type: {policy.ActionUpdate, policy.ActionDelete, policy.ActionWorkspaceStart, policy.ActionWorkspaceStop, policy.ActionSSH},`
`@@ -3203,7 +3202,7 @@ func (q *querier) InsertProvisionerJobTimings(ctx context.Context, arg database.`
`3203`	`3202`	`}`
`3204`	`3203`
`3205`	`3204`	`func (q *querier) InsertProvisionerKey(ctx context.Context, arg database.InsertProvisionerKeyParams) (database.ProvisionerKey, error) {`
`3206`		`- return insert(q.log, q.auth, rbac.ResourceProvisionerKeys.InOrg(arg.OrganizationID).WithID(arg.ID), q.db.InsertProvisionerKey)(ctx, arg)`
	`3205`	`+ return insert(q.log, q.auth, rbac.ResourceProvisionerDaemon.InOrg(arg.OrganizationID).WithID(arg.ID), q.db.InsertProvisionerKey)(ctx, arg)`
`3207`	`3206`	`}`
`3208`	`3207`
`3209`	`3208`	`func (q *querier) InsertReplica(ctx context.Context, arg database.InsertReplicaParams) (database.Replica, error) {`
Original file line number	Diff line number	Diff line change
`@@ -277,8 +277,10 @@ func (p GetEligibleProvisionerDaemonsByProvisionerJobIDsRow) RBACObject() rbac.O`
`277`	`277`	`return p.ProvisionerDaemon.RBACObject()`
`278`	`278`	`}`
`279`	`279`
	`280`	`+// RBACObject for a provisioner key is the same as a provisioner daemon.`
	`281`	`+// Keys == provisioners from a RBAC perspective.`
`280`	`282`	`func (p ProvisionerKey) RBACObject() rbac.Object {`
`281`		`- return rbac.ResourceProvisionerKeys.`
	`283`	`+ return rbac.ResourceProvisionerDaemon.`
`282`	`284`	`WithID(p.ID).`
`283`	`285`	`InOrg(p.OrganizationID)`
`284`	`286`	`}`