Role name consolidation

pkg/provision/migrations_202109_roles.go

@@ -14,7 +14,7 @@ func migratePre202109Roles(ctx context.Context, log *zap.Logger, s store.Storer)
 		obsoleteAdminsID   uint64 = 2
 	)
 
-	log.Info("migrating pre-2021.6 roles")
+	log.Info("migrating pre-2021.9 roles")
 	m, err := loadRoles(ctx, s)
 	if err != nil {
 		return
@@ -38,12 +38,14 @@ func migratePre202109Roles(ctx context.Context, log *zap.Logger, s store.Storer)
 
 	// let's see if admin role is still here:
 	if m["admins"] != nil && m["admins"].ID == obsoleteAdminsID {
-		log.Info("migrating 'admins' role to new ID")
+		log.Info("migrating 'admins' role to new ID and renaming it to 'admin'")
 
 		// everyone role still present and it is using "hardcoded" ID
 		// we can remove it
 		m["admins"].ID = id.Next()
 		m["admins"].UpdatedAt = now()
+		m["admins"].Handle = "admin"
+		m["admins"].Name = "Administrator"
 
 		if err = store.DeleteRoleByID(ctx, s, obsoleteAdminsID); err != nil {
 			return

provision/000_base/compose_access_control.yaml

@@ -22,7 +22,7 @@ allow:
     corteza::compose:record/*/*/*:
       - read
 
-  admins:
+  admin:
     corteza::compose/:
       - grant
       - settings.read
@@ -68,7 +68,7 @@ allow:
       - update
       - delete
 
-  low_code_admins:
+  low-code-admin:
     corteza::compose/:
       - grant
       - settings.read

provision/000_base/roles.yaml

@@ -1,17 +1,17 @@
 roles:
   # bypass and other system roles are
   # programmatically (re)created on server start
-  admins:
-    name: Administrators
+  admin:
+    name: Administrator
 
-  security_admins:
-    name: Security administrators
+  security-admin:
+    name: Security administrator
 
-  low_code_admins:
-    name: Low code administrators
+  low-code-admin:
+    name: Low code administrator
 
-  owners:
-    name: Owners
+  owner:
+    name: Owner
     meta:
       description: |-
         Automatically assigned to resource owner
@@ -24,8 +24,8 @@ roles:
           - corteza::system:authClient
           - corteza::automation:workflow
 
-  creators:
-    name: Creators
+  creator:
+    name: Creator
     meta:
       description: |-
         Automatically assigned to user created the resource.
@@ -37,8 +37,8 @@ roles:
           - corteza::system:authClient
           - corteza::automation:workflow
 
-  updaters:
-    name: Updaters
+  updater:
+    name: Updater
     meta:
       description: |-
         Automatically assigned to user that was the last to update the resource.
@@ -51,8 +51,8 @@ roles:
           - corteza::system:authClient
           - corteza::automation:workflow
 
-  deleters:
-    name: Deleters
+  deleter:
+    name: Deleter
     meta:
       description: |-
         Automatically assigned to user that was the last to update the resource.

provision/000_base/system_access_control.yaml

@@ -15,7 +15,7 @@ allow:
     corteza::system:auth-client/*:
       - authorize
 
-  admins:
+  admin:
     corteza::system/:
       - grant
       - action-log.read
@@ -97,7 +97,7 @@ allow:
       - delete
       - run
 
-  security_admins:
+  security-admin:
     corteza::compose/:
       - grant
       - action-log.read
@@ -162,4 +162,4 @@ allow:
       - read
       - update
       - delete
-      - run
+      - run

provision/200_federation/2000_access_control.yaml

@@ -1,5 +1,5 @@
 allow:
-  admins:
+  admin:
     corteza::federation/:
       - grant
       - pair

provision/300_automation/1000_roles.yaml

@@ -1,3 +1,3 @@
 roles:
-  developers:
-    name: Developers
+  developer:
+    name: Developer