NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit6eeb500

committed

more test fixes

1 parent769ac83 commit6eeb500Copy full SHA for 6eeb500

File tree

14 files changed

+92

-96

lines changed

coderd
- database
  - db2sdk
    - db2sdk.go
  - dbauthz
    - customroles_test.go
    - dbauthz.go
  - modelmethods.go
- rbac
- roles.go
enterprise
- coderd
  - coderd.go
  - coderd_test.go
- tailnet
  - pgcoord.go

14 files changed

+92

-96

lines changed

`‎coderd/database/db2sdk/db2sdk.go`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -525,13 +525,13 @@ func ProvisionerDaemon(dbDaemon database.ProvisionerDaemon) codersdk.Provisioner`
`525`	`525`
`526`	`526`	`funcSlimRole(role rbac.Role) codersdk.SlimRole {`
`527`	`527`	`orgID:=""`
`528`		`-ifrole.Name.OrganizationID!=uuid.Nil {`
`529`		`-orgID=role.Name.OrganizationID.String()`
	`528`	`+ifrole.Identifier.OrganizationID!=uuid.Nil {`
	`529`	`+orgID=role.Identifier.OrganizationID.String()`
`530`	`530`	`}`
`531`	`531`
`532`	`532`	`return codersdk.SlimRole{`
`533`	`533`	`DisplayName:role.DisplayName,`
`534`		`-Name:role.Name.Name,`
	`534`	`+Name:role.Identifier.Name,`
`535`	`535`	`OrganizationID:orgID,`
`536`	`536`	`}`
`537`	`537`	`}`

`‎coderd/database/dbauthz/customroles_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ func TestUpsertCustomRoles(t *testing.T) {`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`canAssignRole:= rbac.Role{`
`38`		`-Name:"can-assign",`
	`38`	`+Identifier:"can-assign",`
`39`	`39`	`DisplayName:"",`
`40`	`40`	`Site:rbac.Permissions(map[string][]policy.Action{`
`41`	`41`	`rbac.ResourceAssignRole.Type: {policy.ActionRead,policy.ActionCreate},`

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -162,7 +162,7 @@ var (`
`162`	`162`	`ID:uuid.Nil.String(),`
`163`	`163`	`Roles:rbac.Roles([]rbac.Role{`
`164`	`164`	`{`
`165`		`-Name: rbac.RoleIdentifier{Name:"provisionerd"},`
	`165`	`+Identifier: rbac.RoleIdentifier{Name:"provisionerd"},`
`166`	`166`	`DisplayName:"Provisioner Daemon",`
`167`	`167`	`Site:rbac.Permissions(map[string][]policy.Action{`
`168`	`168`	`// TODO: Add ProvisionerJob resource type.`
`@@ -191,7 +191,7 @@ var (`
`191`	`191`	`ID:uuid.Nil.String(),`
`192`	`192`	`Roles:rbac.Roles([]rbac.Role{`
`193`	`193`	`{`
`194`		`-Name: rbac.RoleIdentifier{Name:"autostart"},`
	`194`	`+Identifier: rbac.RoleIdentifier{Name:"autostart"},`
`195`	`195`	`DisplayName:"Autostart Daemon",`
`196`	`196`	`Site:rbac.Permissions(map[string][]policy.Action{`
`197`	`197`	`rbac.ResourceSystem.Type: {policy.WildcardSymbol},`
`@@ -213,7 +213,7 @@ var (`
`213`	`213`	`ID:uuid.Nil.String(),`
`214`	`214`	`Roles:rbac.Roles([]rbac.Role{`
`215`	`215`	`{`
`216`		`-Name: rbac.RoleIdentifier{Name:"hangdetector"},`
	`216`	`+Identifier: rbac.RoleIdentifier{Name:"hangdetector"},`
`217`	`217`	`DisplayName:"Hang Detector Daemon",`
`218`	`218`	`Site:rbac.Permissions(map[string][]policy.Action{`
`219`	`219`	`rbac.ResourceSystem.Type: {policy.WildcardSymbol},`
`@@ -232,7 +232,7 @@ var (`
`232`	`232`	`ID:uuid.Nil.String(),`
`233`	`233`	`Roles:rbac.Roles([]rbac.Role{`
`234`	`234`	`{`
`235`		`-Name: rbac.RoleIdentifier{Name:"system"},`
	`235`	`+Identifier: rbac.RoleIdentifier{Name:"system"},`
`236`	`236`	`DisplayName:"Coder",`
`237`	`237`	`Site:rbac.Permissions(map[string][]policy.Action{`
`238`	`238`	`rbac.ResourceWildcard.Type: {policy.ActionRead},`
`@@ -672,7 +672,7 @@ func (q querier) canAssignRoles(ctx context.Context, orgID uuid.UUID, added, r`
`672`	`672`	`// returns them all, but then someone could pass in a large list to make us do`
`673`	`673`	`// a lot of loop iterations.`
`674`	`674`	`if!slices.ContainsFunc(expandedCustomRoles,func(customRole rbac.Role)bool {`
`675`		`-returnstrings.EqualFold(customRole.Name.Name,role.Name)&&customRole.Name.OrganizationID==role.OrganizationID`
	`675`	`+returnstrings.EqualFold(customRole.Identifier.Name,role.Name)&&customRole.Identifier.OrganizationID==role.OrganizationID`
`676`	`676`	`}) {`
`677`	`677`	`returnxerrors.Errorf("%q is not a supported role",role)`
`678`	`678`	`}`

`‎coderd/database/modelmethods.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -375,7 +375,7 @@ func (p ProvisionerJob) FinishedAt() time.Time {`
`375`	`375`	`return time.Time{}`
`376`	`376`	`}`
`377`	`377`
`378`		`-func (rCustomRole)RoleName() rbac.RoleIdentifier {`
	`378`	`+func (rCustomRole)RoleIdentifier() rbac.RoleIdentifier {`
`379`	`379`	`return rbac.RoleIdentifier{`
`380`	`380`	`Name:r.Name,`
`381`	`381`	`OrganizationID:r.OrganizationID.UUID,`

`‎coderd/rbac/authz_internal_test.go`

Lines changed: 9 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -394,7 +394,7 @@ func TestAuthorizeDomain(t *testing.T) {`
`394`	`394`	`ID:"me",`
`395`	`395`	`Scope:must(ExpandScope(ScopeAll)),`
`396`	`396`	`Roles:Roles{{`
`397`		`-Name:RoleIdentifier{Name:"deny-all"},`
	`397`	`+Identifier:RoleIdentifier{Name:"deny-all"},`
`398`	`398`	`// List out deny permissions explicitly`
`399`	`399`	`Site: []Permission{`
`400`	`400`	`{`
`@@ -607,8 +607,8 @@ func TestAuthorizeDomain(t *testing.T) {`
`607`	`607`	`Scope:must(ExpandScope(ScopeAll)),`
`608`	`608`	`Roles:Roles{`
`609`	`609`	`{`
`610`		`-Name:RoleIdentifier{Name:"ReadOnlyOrgAndUser"},`
`611`		`-Site: []Permission{},`
	`610`	`+Identifier:RoleIdentifier{Name:"ReadOnlyOrgAndUser"},`
	`611`	`+Site:[]Permission{},`
`612`	`612`	`Org:map[string][]Permission{`
`613`	`613`	`defOrg.String(): {{`
`614`	`614`	`Negate:false,`
`@@ -701,7 +701,7 @@ func TestAuthorizeLevels(t *testing.T) {`
`701`	`701`	`Roles:Roles{`
`702`	`702`	`must(RoleByName(RoleOwner())),`
`703`	`703`	`{`
`704`		`-Name:RoleIdentifier{Name:"org-deny:",OrganizationID:defOrg},`
	`704`	`+Identifier:RoleIdentifier{Name:"org-deny:",OrganizationID:defOrg},`
`705`	`705`	`Org:map[string][]Permission{`
`706`	`706`	`defOrg.String(): {`
`707`	`707`	`{`
`@@ -713,7 +713,7 @@ func TestAuthorizeLevels(t *testing.T) {`
`713`	`713`	`},`
`714`	`714`	`},`
`715`	`715`	`{`
`716`		`-Name:RoleIdentifier{Name:"user-deny-all"},`
	`716`	`+Identifier:RoleIdentifier{Name:"user-deny-all"},`
`717`	`717`	`// List out deny permissions explicitly`
`718`	`718`	`User: []Permission{`
`719`	`719`	`{`
`@@ -761,7 +761,7 @@ func TestAuthorizeLevels(t *testing.T) {`
`761`	`761`	`Scope:must(ExpandScope(ScopeAll)),`
`762`	`762`	`Roles:Roles{`
`763`	`763`	`{`
`764`		`-Name:RoleIdentifier{Name:"site-noise"},`
	`764`	`+Identifier:RoleIdentifier{Name:"site-noise"},`
`765`	`765`	`Site: []Permission{`
`766`	`766`	`{`
`767`	`767`	`Negate:true,`
`@@ -772,7 +772,7 @@ func TestAuthorizeLevels(t *testing.T) {`
`772`	`772`	`},`
`773`	`773`	`must(RoleByName(ScopedRoleOrgAdmin(defOrg))),`
`774`	`774`	`{`
`775`		`-Name:RoleIdentifier{Name:"user-deny-all"},`
	`775`	`+Identifier:RoleIdentifier{Name:"user-deny-all"},`
`776`	`776`	`// List out deny permissions explicitly`
`777`	`777`	`User: []Permission{`
`778`	`778`	`{`
`@@ -896,7 +896,7 @@ func TestAuthorizeScope(t *testing.T) {`
`896`	`896`	`},`
`897`	`897`	`Scope:Scope{`
`898`	`898`	`Role:Role{`
`899`		`-Name:RoleIdentifier{Name:"workspace_agent"},`
	`899`	`+Identifier:RoleIdentifier{Name:"workspace_agent"},`
`900`	`900`	`DisplayName:"Workspace Agent",`
`901`	`901`	`Site:Permissions(map[string][]policy.Action{`
`902`	`902`	`// Only read access for workspaces.`
`@@ -985,7 +985,7 @@ func TestAuthorizeScope(t *testing.T) {`
`985`	`985`	`},`
`986`	`986`	`Scope:Scope{`
`987`	`987`	`Role:Role{`
`988`		`-Name:RoleIdentifier{Name:"create_workspace"},`
	`988`	`+Identifier:RoleIdentifier{Name:"create_workspace"},`
`989`	`989`	`DisplayName:"Create Workspace",`
`990`	`990`	`Site:Permissions(map[string][]policy.Action{`
`991`	`991`	`// Only read access for workspaces.`

`‎coderd/rbac/roles.go`

Lines changed: 11 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -216,7 +216,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`216`	`216`	`// on every authorize call. 'withCachedRegoValue' can be used as well to`
`217`	`217`	`// preallocate the rego value that is used by the rego eval engine.`
`218`	`218`	`ownerRole:=Role{`
`219`		`-Name:RoleOwner(),`
	`219`	`+Identifier:RoleOwner(),`
`220`	`220`	`DisplayName:"Owner",`
`221`	`221`	`Site:append(`
`222`	`222`	`// Workspace dormancy and workspace are omitted.`
`@@ -232,7 +232,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`232`	`232`	`}.withCachedRegoValue()`
`233`	`233`
`234`	`234`	`memberRole:=Role{`
`235`		`-Name:RoleMember(),`
	`235`	`+Identifier:RoleMember(),`
`236`	`236`	`DisplayName:"Member",`
`237`	`237`	`Site:Permissions(map[string][]policy.Action{`
`238`	`238`	`ResourceAssignRole.Type: {policy.ActionRead},`
`@@ -258,7 +258,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`258`	`258`	`}.withCachedRegoValue()`
`259`	`259`
`260`	`260`	`auditorRole:=Role{`
`261`		`-Name:RoleAuditor(),`
	`261`	`+Identifier:RoleAuditor(),`
`262`	`262`	`DisplayName:"Auditor",`
`263`	`263`	`Site:Permissions(map[string][]policy.Action{`
`264`	`264`	`// Should be able to read all template details, even in orgs they`
`@@ -278,7 +278,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`278`	`278`	`}.withCachedRegoValue()`
`279`	`279`
`280`	`280`	`templateAdminRole:=Role{`
`281`		`-Name:RoleTemplateAdmin(),`
	`281`	`+Identifier:RoleTemplateAdmin(),`
`282`	`282`	`DisplayName:"Template Admin",`
`283`	`283`	`Site:Permissions(map[string][]policy.Action{`
`284`	`284`	`ResourceTemplate.Type: {policy.ActionCreate,policy.ActionRead,policy.ActionUpdate,policy.ActionDelete,policy.ActionViewInsights},`
`@@ -299,7 +299,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`299`	`299`	`}.withCachedRegoValue()`
`300`	`300`
`301`	`301`	`userAdminRole:=Role{`
`302`		`-Name:RoleUserAdmin(),`
	`302`	`+Identifier:RoleUserAdmin(),`
`303`	`303`	`DisplayName:"User Admin",`
`304`	`304`	`Site:Permissions(map[string][]policy.Action{`
`305`	`305`	`ResourceAssignRole.Type: {policy.ActionAssign,policy.ActionDelete,policy.ActionRead},`
`@@ -345,7 +345,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`345`	`345`	`// organization scope.`
`346`	`346`	`orgAdmin:func(organizationID uuid.UUID)Role {`
`347`	`347`	`returnRole{`
`348`		`-Name:RoleIdentifier{Name:orgAdmin,OrganizationID:organizationID},`
	`348`	`+Identifier:RoleIdentifier{Name:orgAdmin,OrganizationID:organizationID},`
`349`	`349`	`DisplayName:"Organization Admin",`
`350`	`350`	`Site: []Permission{},`
`351`	`351`	`Org:map[string][]Permission{`
`@@ -363,7 +363,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`363`	`363`	`// in an organization.`
`364`	`364`	`orgMember:func(organizationID uuid.UUID)Role {`
`365`	`365`	`returnRole{`
`366`		`-Name:RoleIdentifier{Name:orgMember,OrganizationID:organizationID},`
	`366`	`+Identifier:RoleIdentifier{Name:orgMember,OrganizationID:organizationID},`
`367`	`367`	`DisplayName:"",`
`368`	`368`	`Site: []Permission{},`
`369`	`369`	`Org:map[string][]Permission{`
`@@ -482,7 +482,7 @@ func (perm Permission) Valid() error {`
`482`	`482`	`// Users of this package should instead only use the role names, and`
`483`	`483`	`// this package will expand the role names into their json payloads.`
`484`	`484`	`typeRolestruct {`
`485`		-NameRoleIdentifier`json:"name"`
	`485`	+IdentifierRoleIdentifier`json:"name"`
`486`	`486`	`// DisplayName is used for UI purposes. If the role has no display name,`
`487`	`487`	`// that means the UI should never display it.`
`488`	`488`	DisplayNamestring`json:"display_name"`
`@@ -535,7 +535,7 @@ func (roles Roles) Expand() ([]Role, error) {`
`535`	`535`	`func (rolesRoles)Names() []RoleIdentifier {`
`536`	`536`	`names:=make([]RoleIdentifier,0,len(roles))`
`537`	`537`	`for_,r:=rangeroles {`
`538`		`-names=append(names,r.Name)`
	`538`	`+names=append(names,r.Identifier)`
`539`	`539`	`}`
`540`	`540`	`returnnames`
`541`	`541`	`}`
`@@ -610,7 +610,7 @@ func OrganizationRoles(organizationID uuid.UUID) []Role {`
`610`	`610`	`varroles []Role`
`611`	`611`	`for_,roleF:=rangebuiltInRoles {`
`612`	`612`	`role:=roleF(organizationID)`
`613`		`-ifrole.Name.OrganizationID==organizationID {`
	`613`	`+ifrole.Identifier.OrganizationID==organizationID {`
`614`	`614`	`roles=append(roles,role)`
`615`	`615`	`}`
`616`	`616`	`}`
`@@ -627,7 +627,7 @@ func SiteRoles() []Role {`
`627`	`627`	`for_,roleF:=rangebuiltInRoles {`
`628`	`628`	`// Must provide some non-nil uuid to filter out org roles.`
`629`	`629`	`role:=roleF(uuid.New())`
`630`		`-if!role.Name.IsOrgRole() {`
	`630`	`+if!role.Identifier.IsOrgRole() {`
`631`	`631`	`roles=append(roles,role)`
`632`	`632`	`}`
`633`	`633`	`}`

`‎coderd/rbac/roles_internal_test.go`

Lines changed: 18 additions & 21 deletions

Original file line number	Diff line number	Diff line change
`@@ -213,25 +213,25 @@ func TestRoleByName(t *testing.T) {`
`213`	`213`	`testCases:= []struct {`
`214`	`214`	`RoleRole`
`215`	`215`	`}{`
`216`		`-{Role:builtInRoles[owner]("")},`
`217`		`-{Role:builtInRoles[member]("")},`
`218`		`-{Role:builtInRoles[templateAdmin]("")},`
`219`		`-{Role:builtInRoles[userAdmin]("")},`
`220`		`-{Role:builtInRoles[auditor]("")},`
`221`		`-`
`222`		`-{Role:builtInRoles[orgAdmin]("4592dac5-0945-42fd-828d-a903957d3dbb")},`
`223`		`-{Role:builtInRoles[orgAdmin]("24c100c5-1920-49c0-8c38-1b640ac4b38c")},`
`224`		`-{Role:builtInRoles[orgAdmin]("4a00f697-0040-4079-b3ce-d24470281a62")},`
`225`		`-`
`226`		`-{Role:builtInRoles[orgMember]("3293c50e-fa5d-414f-a461-01112a4dfb6f")},`
`227`		`-{Role:builtInRoles[orgMember]("f88dd23d-bdbd-469d-b82e-36ee06c3d1e1")},`
`228`		`-{Role:builtInRoles[orgMember]("02cfd2a5-016c-4d8d-8290-301f5f18023d")},`
	`216`	`+{Role:builtInRoles[owner](uuid.Nil)},`
	`217`	`+{Role:builtInRoles[member](uuid.Nil)},`
	`218`	`+{Role:builtInRoles[templateAdmin](uuid.Nil)},`
	`219`	`+{Role:builtInRoles[userAdmin](uuid.Nil)},`
	`220`	`+{Role:builtInRoles[auditor](uuid.Nil)},`
	`221`	`+`
	`222`	`+{Role:builtInRoles[orgAdmin](uuid.New())},`
	`223`	`+{Role:builtInRoles[orgAdmin](uuid.New())},`
	`224`	`+{Role:builtInRoles[orgAdmin](uuid.New())},`
	`225`	`+`
	`226`	`+{Role:builtInRoles[orgMember](uuid.New())},`
	`227`	`+{Role:builtInRoles[orgMember](uuid.New())},`
	`228`	`+{Role:builtInRoles[orgMember](uuid.New())},`
`229`	`229`	`}`
`230`	`230`
`231`	`231`	`for_,c:=rangetestCases {`
`232`	`232`	`c:=c`
`233`		`-t.Run(c.Role.Name,func(t*testing.T) {`
`234`		`-role,err:=RoleByName(c.Role.Name)`
	`233`	`+t.Run(c.Role.Identifier.String(),func(t*testing.T) {`
	`234`	`+role,err:=RoleByName(c.Role.Identifier)`
`235`	`235`	`require.NoError(t,err,"role exists")`
`236`	`236`	`equalRoles(t,c.Role,role)`
`237`	`237`	`})`
`@@ -242,20 +242,17 @@ func TestRoleByName(t *testing.T) {`
`242`	`242`	`t.Run("Errors",func(t*testing.T) {`
`243`	`243`	`varerrerror`
`244`	`244`
`245`		`-_,err=RoleByName("")`
	`245`	`+_,err=RoleByName(RoleIdentifier{})`
`246`	`246`	`require.Error(t,err,"empty role")`
`247`	`247`
`248`		`-_,err=RoleByName("too:many:colons")`
`249`		`-require.Error(t,err,"too many colons")`
`250`		`-`
`251`		`-_,err=RoleByName(orgMember)`
	`248`	`+_,err=RoleByName(RoleIdentifier{Name:orgMember})`
`252`	`249`	`require.Error(t,err,"expect orgID")`
`253`	`250`	`})`
`254`	`251`	`}`
`255`	`252`
`256`	`253`	`// SameAs compares 2 roles for equality.`
`257`	`254`	`funcequalRoles(t*testing.T,a,bRole) {`
`258`		`-require.Equal(t,a.Name,b.Name,"role names")`
	`255`	`+require.Equal(t,a.Identifier,b.Identifier,"role names")`
`259`	`256`	`require.Equal(t,a.DisplayName,b.DisplayName,"role display names")`
`260`	`257`	`require.ElementsMatch(t,a.Site,b.Site,"site permissions")`
`261`	`258`	`require.ElementsMatch(t,a.User,b.User,"user permissions")`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit6eeb500

File tree

14 files changed

14 files changed

`‎coderd/database/db2sdk/db2sdk.go`

`‎coderd/database/dbauthz/customroles_test.go`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/modelmethods.go`

`‎coderd/rbac/authz_internal_test.go`

`‎coderd/rbac/roles.go`

`‎coderd/rbac/roles_internal_test.go`

0 commit comments