digger
digger copied to clipboard
diggerhq
stateman permission empty org_id
hello. i configured statesman with oauth. i am logged in
[root@develalma9 digger]# taco whoami
{
"email": "[email protected]",
"groups": null,
"roles": null,
"scopes": [
"api",
"s3"
],
"subject": "271844133709022871"
}
I create a permission
[root@develalma9 digger]# taco rbac permission create dev-access "Developer Access dev3" "Access to dev environments" --rule "allow:unit.read,unit.write,unit
.lock:dev/*" -v
[CREDS DEBUG] Primary: terraform token
Permission 'dev-access' created successfully
But then in list i don't found it
[root@develalma9 digger]# taco rbac permission list
[CREDS DEBUG] Primary: terraform token
NAME DESCRIPTION RULES CREATED
837ed781-d92d-4bcf-8bac-0d7d1e950133 Admin permission allowing all actions on all resources allow:unit.read,unit.write,unit.lock,unit.delete,rbac.manage:* 2025-11-10T16:43:50.566417Z
admin Admin permission allowing all actions on all resources allow:unit.read,unit.write,unit.lock,unit.delete,rbac.manage:* 2025-11-10T16:43:50.566417Z
bd71a190-e2f4-41c5-8748-27f312343812 Default permission allowing read access to all states allow:unit.read:* 2025-11-10T16:43:50.566412Z
default Default permission allowing read access to all states allow:unit.read:* 2025-11-10T16:43:50.566412Z
Total: 4 permissions
Inspected the database and it seems that it is filtered
stateman=# select * from rules;
id | permission_id | effect | wildcard_action | wildcard_resource | resource_patterns
--------------------------------------+--------------------------------------+--------+-----------------+-------------------+-------------------
2c798cf1-7e04-40bf-bb98-30217cc523f0 | bd71a190-e2f4-41c5-8748-27f312343812 | allow | f | t | ["*"]
d7f45665-5170-4fd7-9aab-c200dcb448b6 | 837ed781-d92d-4bcf-8bac-0d7d1e950133 | allow | f | t | ["*"]
7ba2ad80-1cd7-45c1-afb7-213db3c52578 | 9bbcb4ea-fdac-4534-bcec-232a68d771a3 | allow | f | t | ["*"]
dcf19940-9993-4e4f-86b5-709097d5d81d | 08726fd8-845d-4d8d-9826-2cdf449b2100 | allow | f | t | ["*"]
f912fcc2-5fd3-4a93-9671-260a24b463ac | c0a7a38a-ea26-4bf8-a6bb-c20dd043f684 | allow | f | f | ["dev/*"]
ce925679-5983-4c6c-9576-9ebb6cf4bf43 | bb50e6fd-a0bc-4fa2-8326-f3caeaf2a8ce | allow | f | f | ["myapp/prod"]
bbdf9e13-f2a8-45e1-bdcb-c259c0a8c207 | d3b382e1-0270-4b95-bf29-541b63f5faf9 | allow | f | f | ["dev/*"]
e0725426-0829-4ccb-9b83-1562ac5d74a8 | 844ee20c-e2d5-406a-b127-bfae74a8953e | allow | f | f | ["dev/*"]
f66bf0f5-6d00-47e7-aafd-bc0c1739f84d | d9dbf008-d9d5-4522-bd0d-176b43bf0ed4 | allow | f | f | ["dev/*"]
(9 rows)
stateman=# select * from permissions;
id | org_id | name | description | created_by | created_at
--------------------------------------+--------------------------------------+--------------------------------------+--------------------------------------------------------+--------------------+-------------------------------
bd71a190-e2f4-41c5-8748-27f312343812 | 0ca04d60-113b-4fce-bffb-4e6f8da9b827 | default | Default permission allowing read access to all states | 271844133709022871 | 2025-11-10 16:43:50.566412+00
837ed781-d92d-4bcf-8bac-0d7d1e950133 | 0ca04d60-113b-4fce-bffb-4e6f8da9b827 | admin | Admin permission allowing all actions on all resources | 271844133709022871 | 2025-11-10 16:43:50.566417+00
9bbcb4ea-fdac-4534-bcec-232a68d771a3 | 0ca04d60-113b-4fce-bffb-4e6f8da9b827 | 837ed781-d92d-4bcf-8bac-0d7d1e950133 | Admin permission allowing all actions on all resources | 271844133709022871 | 2025-11-10 16:43:50.566417+00
08726fd8-845d-4d8d-9826-2cdf449b2100 | 0ca04d60-113b-4fce-bffb-4e6f8da9b827 | bd71a190-e2f4-41c5-8748-27f312343812 | Default permission allowing read access to all states | 271844133709022871 | 2025-11-10 16:43:50.566412+00
c0a7a38a-ea26-4bf8-a6bb-c20dd043f684 | | developer access | Access to dev environments | 271844133709022871 | 2025-11-10 16:49:02.98167+00
bb50e6fd-a0bc-4fa2-8326-f3caeaf2a8ce | | production read | Read-only access to production | 271844133709022871 | 2025-11-10 16:49:03.050498+00
d3b382e1-0270-4b95-bf29-541b63f5faf9 | | developer access dev | Access to dev environments | 271844133709022871 | 2025-11-10 16:57:08.208004+00
844ee20c-e2d5-406a-b127-bfae74a8953e | | developer access dev2 | Access to dev environments | 271844133709022871 | 2025-11-10 16:59:09.10025+00
d9dbf008-d9d5-4522-bd0d-176b43bf0ed4 | | developer access dev3 | Access to dev environments | 271844133709022871 | 2025-11-10 17:22:25.29502+00
I am using https://github.com/diggerhq/digger/archive/refs/tags/v0.6.133.tar.gz
I think that it is caused because permission don't have OrgID: https://github.com/diggerhq/digger/blob/develop/taco/internal/rbac/handler.go#L605