Yehowshua/ZIm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Store the impersonator id on access tokens created via ZED_IMPERSONATE

Browse source 
* Use the impersonator id to prevent these tokens from counting
  against the impersonated user when limiting the users' total
  of access tokens.
* When connecting using an access token with an impersonator
  add the impersonator as a field to the tracing span that wraps
  the task for that connection.
* Disallow impersonating users via the admin API token in production,
  because when using the admin API token, we aren't able to identify
  the impersonator.

Co-authored-by: Marshall <marshall@zed.dev>
This commit is contained in:
Max Brunsfeld 2024-01-17 15:46:36 -08:00
parent 9521f49160
commit ab1bea515c
9 changed files with 198 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

3
crates/collab/migrations/20240117150300_add_impersonator_to_access_tokens.sql Normal file
View file

@ -0,0 +1,3 @@
ALTER TABLE access_tokens ADD COLUMN impersonator_id integer;
CREATE INDEX "index_access_tokens_impersonator_id" ON "access_tokens" ("impersonator_id");