NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit3120c94

authored

feat: add template RBAC/groups (#4235)

1 parent2687e3d commit3120c94Copy full SHA for 3120c94

File tree

122 files changed

+8088

-1062

lines changed

coderd
- audit.go
- authorize.go
- authorize_test.go
- coderd.go
- coderdtest
  - authorize.go
  - coderdtest.go
- database
  - custom_queries.go
  - databasefake
    - databasefake.go
  - db.go
  - dbtestutil
    - db.go
  - drivers.go
  - dump.sql
  - generate.sh
  - migrations
    - 000058_template_acl.down.sql
    - 000058_template_acl.up.sql
  - modelmethods.go
  - modelqueries.go
  - models.go
  - querier.go
  - queries
    - groups.sql
    - users.sql
  - queries.sql.go
  - sqlc.yaml
  - unique_constraint.go
- files.go
- httpmw
- organizations.go
- parameters.go
- rbac
- templates.go
- templateversions.go
- templateversions_test.go
- users.go
- workspaceapps_test.go
codersdk
enterprise
- audit
- cli
  - features_test.go
  - server.go
- coderd
  - authorize_test.go
  - coderd.go
  - coderd_test.go
  - coderdenttest
    - coderdenttest.go
    - coderdenttest_test.go
  - groups.go
  - groups_test.go
  - license
    - license.go
    - license_test.go
  - licenses_test.go
  - templates.go
  - templates_test.go
  - workspaces_test.go
go.mod
go.sum
site/src
- AppRouter.tsx
- api
- components
  - DropdownButton
    - DropdownButton.stories.tsx
  - Paywall
    - Paywall.tsx
  - TemplateLayout
    - TemplateLayout.tsx
  - UserAutocomplete
    - UserAutocomplete.tsx
  - UserAvatar
    - UserAvatar.tsx
  - UserOrGroupAutocomplete
    - UserOrGroupAutocomplete.tsx
  - UsersLayout
    - UsersLayout.tsx
- hooks
- pages
  - GroupsPage
  - TemplatePage
    - TemplatePage.tsx
    - TemplatePageView.tsx
    - TemplatePermissionsPage
    - TemplateSummaryPage
  - UsersPage
- testHelpers
  - entities.ts
  - handlers.ts
- xServices
t
testutil
- ctx.go
yarn.lock

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

122 files changed

+8088

-1062

lines changed

`‎coderd/audit.go`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -265,6 +265,7 @@ func auditSearchQuery(query string) (database.GetAuditLogsOffsetParams, []coders`
`265`	`265`	`Username:parser.String(searchParams,"","username"),`
`266`	`266`	`Email:parser.String(searchParams,"","email"),`
`267`	`267`	`}`
	`268`	`+`
`268`	`269`	`returnfilter,parser.Errors`
`269`	`270`	`}`
`270`	`271`
`@@ -296,6 +297,7 @@ func actionFromString(actionString string) string {`
`296`	`297`	`returnactionString`
`297`	`298`	`casecodersdk.AuditActionDelete:`
`298`	`299`	`returnactionString`
	`300`	`+default:`
`299`	`301`	`}`
`300`	`302`	`return""`
`301`	`303`	`}`

`‎coderd/authorize.go`

Lines changed: 80 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,8 @@ import (`
`4`	`4`	`"fmt"`
`5`	`5`	`"net/http"`
`6`	`6`
	`7`	`+"github.com/google/uuid"`
	`8`	`+`
`7`	`9`	`"golang.org/x/xerrors"`
`8`	`10`
`9`	`11`	`"cdr.dev/slog"`
`@@ -18,7 +20,7 @@ import (`
`18`	`20`	`// This is faster than calling Authorize() on each object.`
`19`	`21`	`funcAuthorizeFilter[O rbac.Objecter](hHTTPAuthorizer,rhttp.Request,action rbac.Action,objects []O) ([]O,error) {`
`20`	`22`	`roles:=httpmw.UserAuthorization(r)`
`21`		`-objects,err:=rbac.Filter(r.Context(),h.Authorizer,roles.ID.String(),roles.Roles,roles.Scope.ToRBAC(),action,objects)`
	`23`	`+objects,err:=rbac.Filter(r.Context(),h.Authorizer,roles.ID.String(),roles.Roles,roles.Scope.ToRBAC(),roles.Groups,action,objects)`
`22`	`24`	`iferr!=nil {`
`23`	`25`	`// Log the error as Filter should not be erroring.`
`24`	`26`	`h.Logger.Error(r.Context(),"filter failed",`
`@@ -63,7 +65,7 @@ func (api API) Authorize(r http.Request, action rbac.Action, object rbac.Objec`
`63`	`65`	`//}`
`64`	`66`	`func (hHTTPAuthorizer)Authorize(rhttp.Request,action rbac.Action,object rbac.Objecter)bool {`
`65`	`67`	`roles:=httpmw.UserAuthorization(r)`
`66`		`-err:=h.Authorizer.ByRoleName(r.Context(),roles.ID.String(),roles.Roles,roles.Scope.ToRBAC(),action,object.RBACObject())`
	`68`	`+err:=h.Authorizer.ByRoleName(r.Context(),roles.ID.String(),roles.Roles,roles.Scope.ToRBAC(),roles.Groups,action,object.RBACObject())`
`67`	`69`	`iferr!=nil {`
`68`	`70`	`// Log the errors for debugging`
`69`	`71`	`internalError:=new(rbac.UnauthorizedError)`
`@@ -95,7 +97,7 @@ func (h HTTPAuthorizer) Authorize(r http.Request, action rbac.Action, object r`
`95`	`97`	`// Note the authorization is only for the given action and object type.`
`96`	`98`	`func (hHTTPAuthorizer)AuthorizeSQLFilter(rhttp.Request,action rbac.Action,objectTypestring) (rbac.AuthorizeFilter,error) {`
`97`	`99`	`roles:=httpmw.UserAuthorization(r)`
`98`		`-prepared,err:=h.Authorizer.PrepareByRoleName(r.Context(),roles.ID.String(),roles.Roles,roles.Scope.ToRBAC(),action,objectType)`
	`100`	`+prepared,err:=h.Authorizer.PrepareByRoleName(r.Context(),roles.ID.String(),roles.Roles,roles.Scope.ToRBAC(),roles.Groups,action,objectType)`
`99`	`101`	`iferr!=nil {`
`100`	`102`	`returnnil,xerrors.Errorf("prepare filter: %w",err)`
`101`	`103`	`}`
`@@ -127,6 +129,28 @@ func (api API) checkAuthorization(rw http.ResponseWriter, r http.Request) {`
`127`	`129`	`)`
`128`	`130`
`129`	`131`	`response:=make(codersdk.AuthorizationResponse)`
	`132`	`+// Prevent using too many resources by ID. This prevents database abuse`
	`133`	`+// from this endpoint. This also prevents misuse of this endpoint, as`
	`134`	`+// resource_id should be used for single objects, not for a list of them.`
	`135`	`+var (`
	`136`	`+idFetchint`
	`137`	`+maxFetch=10`
	`138`	`+)`
	`139`	`+for_,v:=rangeparams.Checks {`
	`140`	`+ifv.Object.ResourceID!="" {`
	`141`	`+idFetch++`
	`142`	`+}`
	`143`	`+}`
	`144`	`+ifidFetch>maxFetch {`
	`145`	`+httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
	`146`	`+Message:fmt.Sprintf(`
	`147`	`+"Endpoint only supports using\"resource_id\" field %d times, found %d usages. Remove %d objects with this field set.",`
	`148`	`+maxFetch,idFetch,idFetch-maxFetch,`
	`149`	`+),`
	`150`	`+})`
	`151`	`+return`
	`152`	`+}`
	`153`	`+`
`130`	`154`	`fork,v:=rangeparams.Checks {`
`131`	`155`	`ifv.Object.ResourceType=="" {`
`132`	`156`	`httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
`@@ -135,15 +159,60 @@ func (api API) checkAuthorization(rw http.ResponseWriter, r http.Request) {`
`135`	`159`	`return`
`136`	`160`	`}`
`137`	`161`
`138`		`-ifv.Object.OwnerID=="me" {`
`139`		`-v.Object.OwnerID=auth.ID.String()`
	`162`	`+obj:= rbac.Object{`
	`163`	`+Owner:v.Object.OwnerID,`
	`164`	`+OrgID:v.Object.OrganizationID,`
	`165`	`+Type:v.Object.ResourceType,`
`140`	`166`	`}`
`141`		`-err:=api.Authorizer.ByRoleName(r.Context(),auth.ID.String(),auth.Roles,auth.Scope.ToRBAC(),rbac.Action(v.Action),`
`142`		`-rbac.Object{`
`143`		`-Owner:v.Object.OwnerID,`
`144`		`-OrgID:v.Object.OrganizationID,`
`145`		`-Type:v.Object.ResourceType,`
`146`		`-})`
	`167`	`+ifobj.Owner=="me" {`
	`168`	`+obj.Owner=auth.ID.String()`
	`169`	`+}`
	`170`	`+`
	`171`	`+// If a resource ID is specified, fetch that specific resource.`
	`172`	`+ifv.Object.ResourceID!="" {`
	`173`	`+id,err:=uuid.Parse(v.Object.ResourceID)`
	`174`	`+iferr!=nil {`
	`175`	`+httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
	`176`	`+Message:fmt.Sprintf("Object %q id is not a valid uuid.",v.Object.ResourceID),`
	`177`	`+Validations: []codersdk.ValidationError{{Field:"resource_id",Detail:err.Error()}},`
	`178`	`+})`
	`179`	`+return`
	`180`	`+}`
	`181`	`+`
	`182`	`+vardbObj rbac.Objecter`
	`183`	`+vardbErrerror`
	`184`	`+// Only support referencing some resources by ID.`
	`185`	`+switchv.Object.ResourceType {`
	`186`	`+caserbac.ResourceWorkspaceExecution.Type:`
	`187`	`+wrkSpace,err:=api.Database.GetWorkspaceByID(ctx,id)`
	`188`	`+iferr==nil {`
	`189`	`+dbObj=wrkSpace.ExecutionRBAC()`
	`190`	`+}`
	`191`	`+dbErr=err`
	`192`	`+caserbac.ResourceWorkspace.Type:`
	`193`	`+dbObj,dbErr=api.Database.GetWorkspaceByID(ctx,id)`
	`194`	`+caserbac.ResourceTemplate.Type:`
	`195`	`+dbObj,dbErr=api.Database.GetTemplateByID(ctx,id)`
	`196`	`+caserbac.ResourceUser.Type:`
	`197`	`+dbObj,dbErr=api.Database.GetUserByID(ctx,id)`
	`198`	`+caserbac.ResourceGroup.Type:`
	`199`	`+dbObj,dbErr=api.Database.GetGroupByID(ctx,id)`
	`200`	`+default:`
	`201`	`+httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
	`202`	`+Message:fmt.Sprintf("Object type %q does not support\"resource_id\" field.",v.Object.ResourceType),`
	`203`	`+Validations: []codersdk.ValidationError{{Field:"resource_type",Detail:err.Error()}},`
	`204`	`+})`
	`205`	`+return`
	`206`	`+}`
	`207`	`+ifdbErr!=nil {`
	`208`	`+// 404 or unauthorized is false`
	`209`	`+response[k]=false`
	`210`	`+continue`
	`211`	`+}`
	`212`	`+obj=dbObj.RBACObject()`
	`213`	`+}`
	`214`	`+`
	`215`	`+err:=api.Authorizer.ByRoleName(r.Context(),auth.ID.String(),auth.Roles,auth.Scope.ToRBAC(),auth.Groups,rbac.Action(v.Action),obj)`
`147`	`216`	`response[k]=err==nil`
`148`	`217`	`}`
`149`	`218`

`‎coderd/authorize_test.go`

Lines changed: 34 additions & 17 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,9 @@ func TestCheckPermissions(t *testing.T) {`
`19`	`19`	`ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)`
`20`	`20`	`t.Cleanup(cancel)`
`21`	`21`
`22`		`-adminClient:=coderdtest.New(t,nil)`
	`22`	`+adminClient:=coderdtest.New(t,&coderdtest.Options{`
	`23`	`+IncludeProvisionerDaemon:true,`
	`24`	`+})`
`23`	`25`	`// Create adminClient, member, and org adminClient`
`24`	`26`	`adminUser:=coderdtest.CreateFirstUser(t,adminClient)`
`25`	`27`	`memberClient:=coderdtest.CreateAnotherUser(t,adminClient,adminUser.OrganizationID)`
`@@ -29,12 +31,17 @@ func TestCheckPermissions(t *testing.T) {`
`29`	`31`	`orgAdminUser,err:=orgAdminClient.User(ctx,codersdk.Me)`
`30`	`32`	`require.NoError(t,err)`
`31`	`33`
	`34`	`+version:=coderdtest.CreateTemplateVersion(t,adminClient,adminUser.OrganizationID,nil)`
	`35`	`+coderdtest.AwaitTemplateVersionJob(t,adminClient,version.ID)`
	`36`	`+template:=coderdtest.CreateTemplate(t,adminClient,adminUser.OrganizationID,version.ID)`
	`37`	`+`
`32`	`38`	`// With admin, member, and org admin`
`33`	`39`	`const (`
`34`		`-readAllUsers="read-all-users"`
`35`		`-readOrgWorkspaces="read-org-workspaces"`
`36`		`-readMyself="read-myself"`
`37`		`-readOwnWorkspaces="read-own-workspaces"`
	`40`	`+readAllUsers="read-all-users"`
	`41`	`+readOrgWorkspaces="read-org-workspaces"`
	`42`	`+readMyself="read-myself"`
	`43`	`+readOwnWorkspaces="read-own-workspaces"`
	`44`	`+updateSpecificTemplate="update-specific-template"`
`38`	`45`	`)`
`39`	`46`	`params:=map[string]codersdk.AuthorizationCheck{`
`40`	`47`	`readAllUsers: {`
`@@ -64,6 +71,13 @@ func TestCheckPermissions(t *testing.T) {`
`64`	`71`	`},`
`65`	`72`	`Action:"read",`
`66`	`73`	`},`
	`74`	`+updateSpecificTemplate: {`
	`75`	`+Object: codersdk.AuthorizationObject{`
	`76`	`+ResourceType:rbac.ResourceTemplate.Type,`
	`77`	`+ResourceID:template.ID.String(),`
	`78`	`+},`
	`79`	`+Action:"update",`
	`80`	`+},`
`67`	`81`	`}`
`68`	`82`
`69`	`83`	`testCases:= []struct {`
`@@ -77,32 +91,35 @@ func TestCheckPermissions(t *testing.T) {`
`77`	`91`	`Client:adminClient,`
`78`	`92`	`UserID:adminUser.UserID,`
`79`	`93`	`Check:map[string]bool{`
`80`		`-readAllUsers:true,`
`81`		`-readMyself:true,`
`82`		`-readOwnWorkspaces:true,`
`83`		`-readOrgWorkspaces:true,`
	`94`	`+readAllUsers:true,`
	`95`	`+readMyself:true,`
	`96`	`+readOwnWorkspaces:true,`
	`97`	`+readOrgWorkspaces:true,`
	`98`	`+updateSpecificTemplate:true,`
`84`	`99`	`},`
`85`	`100`	`},`
`86`	`101`	`{`
`87`	`102`	`Name:"OrgAdmin",`
`88`	`103`	`Client:orgAdminClient,`
`89`	`104`	`UserID:orgAdminUser.ID,`
`90`	`105`	`Check:map[string]bool{`
`91`		`-readAllUsers:false,`
`92`		`-readMyself:true,`
`93`		`-readOwnWorkspaces:true,`
`94`		`-readOrgWorkspaces:true,`
	`106`	`+readAllUsers:false,`
	`107`	`+readMyself:true,`
	`108`	`+readOwnWorkspaces:true,`
	`109`	`+readOrgWorkspaces:true,`
	`110`	`+updateSpecificTemplate:true,`
`95`	`111`	`},`
`96`	`112`	`},`
`97`	`113`	`{`
`98`	`114`	`Name:"Member",`
`99`	`115`	`Client:memberClient,`
`100`	`116`	`UserID:memberUser.ID,`
`101`	`117`	`Check:map[string]bool{`
`102`		`-readAllUsers:false,`
`103`		`-readMyself:true,`
`104`		`-readOwnWorkspaces:true,`
`105`		`-readOrgWorkspaces:false,`
	`118`	`+readAllUsers:false,`
	`119`	`+readMyself:true,`
	`120`	`+readOwnWorkspaces:true,`
	`121`	`+readOrgWorkspaces:false,`
	`122`	`+updateSpecificTemplate:false,`
`106`	`123`	`},`
`107`	`124`	`},`
`108`	`125`	`}`

`‎coderd/coderd.go`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -283,6 +283,7 @@ func New(options Options) API {`
`283`	`283`	`r.Get("/{hash}",api.fileByHash)`
`284`	`284`	`r.Post("/",api.postFile)`
`285`	`285`	`})`
	`286`	`+`
`286`	`287`	`r.Route("/provisionerdaemons",func(r chi.Router) {`
`287`	`288`	`r.Use(`
`288`	`289`	`apiKeyMiddleware,`

`‎coderd/coderdtest/authorize.go`

Lines changed: 9 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -499,6 +499,7 @@ func (a *AuthTester) Test(ctx context.Context, assertRoute map[string]RouteCheck`
`499`	`499`	`typeauthCallstruct {`
`500`	`500`	`SubjectIDstring`
`501`	`501`	`Roles []string`
	`502`	`+Groups []string`
`502`	`503`	`Scope rbac.Scope`
`503`	`504`	`Action rbac.Action`
`504`	`505`	`Object rbac.Object`
`@@ -513,29 +514,31 @@ var _ rbac.Authorizer = (*RecordingAuthorizer)(nil)`
`513`	`514`
`514`	`515`	`// ByRoleNameSQL does not record the call. This matches the postgres behavior`
`515`	`516`	`// of not calling Authorize()`
`516`		`-func (r*RecordingAuthorizer)ByRoleNameSQL(_ context.Context,_string,_ []string,_ rbac.Scope,_ rbac.Action,_ rbac.Object)error {`
	`517`	`+func (r*RecordingAuthorizer)ByRoleNameSQL(_ context.Context,_string,_ []string,_ rbac.Scope,_[]string,_rbac.Action,_ rbac.Object)error {`
`517`	`518`	`returnr.AlwaysReturn`
`518`	`519`	`}`
`519`	`520`
`520`		`-func (r*RecordingAuthorizer)ByRoleName(_ context.Context,subjectIDstring,roleNames []string,scope rbac.Scope,action rbac.Action,object rbac.Object)error {`
	`521`	`+func (r*RecordingAuthorizer)ByRoleName(_ context.Context,subjectIDstring,roleNames []string,scope rbac.Scope,groups []string,action rbac.Action,object rbac.Object)error {`
`521`	`522`	`r.Called=&authCall{`
`522`	`523`	`SubjectID:subjectID,`
`523`	`524`	`Roles:roleNames,`
	`525`	`+Groups:groups,`
`524`	`526`	`Scope:scope,`
`525`	`527`	`Action:action,`
`526`	`528`	`Object:object,`
`527`	`529`	`}`
`528`	`530`	`returnr.AlwaysReturn`
`529`	`531`	`}`
`530`	`532`
`531`		`-func (r*RecordingAuthorizer)PrepareByRoleName(_ context.Context,subjectIDstring,roles []string,scope rbac.Scope,action rbac.Action,_string) (rbac.PreparedAuthorized,error) {`
	`533`	`+func (r*RecordingAuthorizer)PrepareByRoleName(_ context.Context,subjectIDstring,roles []string,scope rbac.Scope,groups []string,action rbac.Action,_string) (rbac.PreparedAuthorized,error) {`
`532`	`534`	`return&fakePreparedAuthorizer{`
`533`	`535`	`Original:r,`
`534`	`536`	`SubjectID:subjectID,`
`535`	`537`	`Roles:roles,`
`536`	`538`	`Scope:scope,`
`537`	`539`	`Action:action,`
`538`	`540`	`HardCodedSQLString:"true",`
	`541`	`+Groups:groups,`
`539`	`542`	`},nil`
`540`	`543`	`}`
`541`	`544`
`@@ -549,12 +552,13 @@ type fakePreparedAuthorizer struct {`
`549`	`552`	`Roles []string`
`550`	`553`	`Scope rbac.Scope`
`551`	`554`	`Action rbac.Action`
	`555`	`+Groups []string`
`552`	`556`	`HardCodedSQLStringstring`
`553`	`557`	`HardCodedRegoStringstring`
`554`	`558`	`}`
`555`	`559`
`556`	`560`	`func (f*fakePreparedAuthorizer)Authorize(ctx context.Context,object rbac.Object)error {`
`557`		`-returnf.Original.ByRoleName(ctx,f.SubjectID,f.Roles,f.Scope,f.Action,object)`
	`561`	`+returnf.Original.ByRoleName(ctx,f.SubjectID,f.Roles,f.Scope,f.Groups,f.Action,object)`
`558`	`562`	`}`
`559`	`563`
`560`	`564`	`// Compile returns a compiled version of the authorizer that will work for`
`@@ -564,7 +568,7 @@ func (f *fakePreparedAuthorizer) Compile() (rbac.AuthorizeFilter, error) {`
`564`	`568`	`}`
`565`	`569`
`566`	`570`	`func (f*fakePreparedAuthorizer)Eval(object rbac.Object)bool {`
`567`		`-returnf.Original.ByRoleNameSQL(context.Background(),f.SubjectID,f.Roles,f.Scope,f.Action,object)==nil`
	`571`	`+returnf.Original.ByRoleNameSQL(context.Background(),f.SubjectID,f.Roles,f.Scope,f.Groups,f.Action,object)==nil`
`568`	`572`	`}`
`569`	`573`
`570`	`574`	`func (ffakePreparedAuthorizer)RegoString()string {`

`‎coderd/coderdtest/coderdtest.go`

Lines changed: 3 additions & 24 deletions

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,6 @@ import (`
`9`	`9`	`"crypto/sha256"`
`10`	`10`	`"crypto/x509"`
`11`	`11`	`"crypto/x509/pkix"`
`12`		`-"database/sql"`
`13`	`12`	`"encoding/base64"`
`14`	`13`	`"encoding/json"`
`15`	`14`	`"encoding/pem"`
`@@ -21,7 +20,6 @@ import (`
`21`	`20`	`"net/http"`
`22`	`21`	`"net/http/httptest"`
`23`	`22`	`"net/url"`
`24`		`-"os"`
`25`	`23`	`"strconv"`
`26`	`24`	`"strings"`
`27`	`25`	`"testing"`
`@@ -49,8 +47,7 @@ import (`
`49`	`47`	`"github.com/coder/coder/coderd/autobuild/executor"`
`50`	`48`	`"github.com/coder/coder/coderd/awsidentity"`
`51`	`49`	`"github.com/coder/coder/coderd/database"`
`52`		`-"github.com/coder/coder/coderd/database/databasefake"`
`53`		`-"github.com/coder/coder/coderd/database/postgres"`
	`50`	`+"github.com/coder/coder/coderd/database/dbtestutil"`
`54`	`51`	`"github.com/coder/coder/coderd/gitsshkey"`
`55`	`52`	`"github.com/coder/coder/coderd/rbac"`
`56`	`53`	`"github.com/coder/coder/coderd/telemetry"`
`@@ -139,26 +136,7 @@ func NewOptions(t testing.T, options Options) (*httptest.Server, context.Cance`
`139`	`136`	`})`
`140`	`137`	`}`
`141`	`138`
`142`		`-// This can be hotswapped for a live database instance.`
`143`		`-db:=databasefake.New()`
`144`		`-pubsub:=database.NewPubsubInMemory()`
`145`		`-ifos.Getenv("DB")!="" {`
`146`		`-connectionURL,closePg,err:=postgres.Open()`
`147`		`-require.NoError(t,err)`
`148`		`-t.Cleanup(closePg)`
`149`		`-sqlDB,err:=sql.Open("postgres",connectionURL)`
`150`		`-require.NoError(t,err)`
`151`		`-t.Cleanup(func() {`
`152`		`-_=sqlDB.Close()`
`153`		`-})`
`154`		`-db=database.New(sqlDB)`
`155`		`-`
`156`		`-pubsub,err=database.NewPubsub(context.Background(),sqlDB,connectionURL)`
`157`		`-require.NoError(t,err)`
`158`		`-t.Cleanup(func() {`
`159`		`-_=pubsub.Close()`
`160`		`-})`
`161`		`-}`
	`139`	`+db,pubsub:=dbtestutil.NewDB(t)`
`162`	`140`
`163`	`141`	`ctx,cancelFunc:=context.WithCancel(context.Background())`
`164`	`142`	`lifecycleExecutor:=executor.New(`
`@@ -399,6 +377,7 @@ func createAnotherUserRetry(t testing.T, client codersdk.Client, organizationI`
`399`	`377`	`// with the responses provided. It uses the "echo" provisioner for compatibility`
`400`	`378`	`// with testing.`
`401`	`379`	`funcCreateTemplateVersion(ttesting.T,clientcodersdk.Client,organizationID uuid.UUID,res*echo.Responses) codersdk.TemplateVersion {`
	`380`	`+t.Helper()`
`402`	`381`	`data,err:=echo.Tar(res)`
`403`	`382`	`require.NoError(t,err)`
`404`	`383`	`file,err:=client.Upload(context.Background(),codersdk.ContentTypeTar,data)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit3120c94

File tree

122 files changed

Some content is hidden

122 files changed

`‎coderd/audit.go`

`‎coderd/authorize.go`

`‎coderd/authorize_test.go`

`‎coderd/coderd.go`

`‎coderd/coderdtest/authorize.go`

`‎coderd/coderdtest/coderdtest.go`

0 commit comments