NotificationsYou must be signed in to change notification settings
Fork1.1k
Star11.8k

Commita45a43c

committed

add dbauthz test

1 parente2a3d15 commita45a43cCopy full SHA for a45a43c

File tree

2 files changed

+67

-36

lines changed

coderd/database
- dbauthz
  - dbauthz_test.go
- querier_test.go

2 files changed

+67

-36

lines changed

`‎coderd/database/dbauthz/dbauthz_test.go‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1476,6 +1476,7 @@ func (s *MethodTestSuite) TestWorkspace() {`
`1476`	`1476`	`_=dbgen.ProvisionerJob(s.T(),db,nil, database.ProvisionerJob{ID:build.JobID,Type:database.ProvisionerJobTypeWorkspaceBuild})`
`1477`	`1477`	`res:=dbgen.WorkspaceResource(s.T(),db, database.WorkspaceResource{JobID:build.JobID})`
`1478`	`1478`	`_=dbgen.WorkspaceAgent(s.T(),db, database.WorkspaceAgent{ResourceID:res.ID})`
	`1479`	`+// No asserts here because SQLFilter.`
`1479`	`1480`	`check.Args(ws.OwnerID).Asserts()`
`1480`	`1481`	`}))`
`1481`	`1482`	`s.Run("GetAuthorizedWorkspacesAndAgentsByOwnerID",s.Subtest(func(db database.Store,check*expects) {`
`@@ -1484,6 +1485,7 @@ func (s *MethodTestSuite) TestWorkspace() {`
`1484`	`1485`	`_=dbgen.ProvisionerJob(s.T(),db,nil, database.ProvisionerJob{ID:build.JobID,Type:database.ProvisionerJobTypeWorkspaceBuild})`
`1485`	`1486`	`res:=dbgen.WorkspaceResource(s.T(),db, database.WorkspaceResource{JobID:build.JobID})`
`1486`	`1487`	`_=dbgen.WorkspaceAgent(s.T(),db, database.WorkspaceAgent{ResourceID:res.ID})`
	`1488`	`+// No asserts here because SQLFilter.`
`1487`	`1489`	`check.Args(ws.OwnerID,emptyPreparedAuthorized{}).Asserts()`
`1488`	`1490`	`}))`
`1489`	`1491`	`s.Run("GetLatestWorkspaceBuildByWorkspaceID",s.Subtest(func(db database.Store,check*expects) {`

`‎coderd/database/querier_test.go‎`

Lines changed: 65 additions & 36 deletions

Original file line number	Diff line number	Diff line change
`@@ -625,6 +625,7 @@ func TestGetAuthorizedWorkspacesAndAgentsByOwnerID(t *testing.T) {`
`625`	`625`	`err:=migrations.Up(sqlDB)`
`626`	`626`	`require.NoError(t,err)`
`627`	`627`	`db:=database.New(sqlDB)`
	`628`	`+authorizer:=rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())`
`628`	`629`
`629`	`630`	`org:=dbgen.Organization(t,db, database.Organization{})`
`630`	`631`	`owner:=dbgen.User(t,db, database.User{`
`@@ -669,44 +670,72 @@ func TestGetAuthorizedWorkspacesAndAgentsByOwnerID(t *testing.T) {`
`669`	`670`	`CreateAgent:false,`
`670`	`671`	`})`
`671`	`672`
`672`		`-authorizer:=rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())`
`673`		`-userSubject,_,err:=httpmw.UserRBACSubject(ctx,db,user.ID,rbac.ExpandableScope(rbac.ScopeAll))`
`674`		`-require.NoError(t,err)`
`675`		`-preparedUser,err:=authorizer.Prepare(ctx,userSubject,policy.ActionRead,rbac.ResourceWorkspace.Type)`
`676`		`-require.NoError(t,err)`
`677`		`-userCtx:=dbauthz.As(ctx,userSubject)`
`678`		`-userRows,err:=db.GetAuthorizedWorkspacesAndAgentsByOwnerID(userCtx,owner.ID,preparedUser)`
`679`		`-require.NoError(t,err)`
`680`		`-require.Len(t,userRows,0)`
`681`		`-`
`682`		`-ownerSubject,_,err:=httpmw.UserRBACSubject(ctx,db,owner.ID,rbac.ExpandableScope(rbac.ScopeAll))`
`683`		`-require.NoError(t,err)`
`684`		`-preparedOwner,err:=authorizer.Prepare(ctx,ownerSubject,policy.ActionRead,rbac.ResourceWorkspace.Type)`
`685`		`-require.NoError(t,err)`
`686`		`-ownerCtx:=dbauthz.As(ctx,ownerSubject)`
`687`		`-ownerRows,err:=db.GetAuthorizedWorkspacesAndAgentsByOwnerID(ownerCtx,owner.ID,preparedOwner)`
`688`		`-require.NoError(t,err)`
`689`		`-require.Len(t,ownerRows,4)`
`690`		`-for_,row:=rangeownerRows {`
`691`		`-switchrow.ID {`
`692`		`-casependingID:`
`693`		`-require.Len(t,row.Agents,1)`
`694`		`-require.Equal(t,database.ProvisionerJobStatusPending,row.JobStatus)`
`695`		`-casefailedID:`
`696`		`-require.Len(t,row.Agents,1)`
`697`		`-require.Equal(t,database.ProvisionerJobStatusFailed,row.JobStatus)`
`698`		`-casesucceededID:`
`699`		`-require.Len(t,row.Agents,2)`
`700`		`-require.Equal(t,database.ProvisionerJobStatusSucceeded,row.JobStatus)`
`701`		`-require.Equal(t,database.WorkspaceTransitionStart,row.Transition)`
`702`		`-casedeletedID:`
`703`		`-require.Len(t,row.Agents,0)`
`704`		`-require.Equal(t,database.ProvisionerJobStatusSucceeded,row.JobStatus)`
`705`		`-require.Equal(t,database.WorkspaceTransitionDelete,row.Transition)`
`706`		`-default:`
`707`		`-t.Fatalf("unexpected workspace ID: %s",row.ID)`
	`673`	`+ownerCheckFn:=func(ownerRows []database.GetWorkspacesAndAgentsByOwnerIDRow) {`
	`674`	`+require.Len(t,ownerRows,4)`
	`675`	`+for_,row:=rangeownerRows {`
	`676`	`+switchrow.ID {`
	`677`	`+casependingID:`
	`678`	`+require.Len(t,row.Agents,1)`
	`679`	`+require.Equal(t,database.ProvisionerJobStatusPending,row.JobStatus)`
	`680`	`+casefailedID:`
	`681`	`+require.Len(t,row.Agents,1)`
	`682`	`+require.Equal(t,database.ProvisionerJobStatusFailed,row.JobStatus)`
	`683`	`+casesucceededID:`
	`684`	`+require.Len(t,row.Agents,2)`
	`685`	`+require.Equal(t,database.ProvisionerJobStatusSucceeded,row.JobStatus)`
	`686`	`+require.Equal(t,database.WorkspaceTransitionStart,row.Transition)`
	`687`	`+casedeletedID:`
	`688`	`+require.Len(t,row.Agents,0)`
	`689`	`+require.Equal(t,database.ProvisionerJobStatusSucceeded,row.JobStatus)`
	`690`	`+require.Equal(t,database.WorkspaceTransitionDelete,row.Transition)`
	`691`	`+default:`
	`692`	`+t.Fatalf("unexpected workspace ID: %s",row.ID)`
	`693`	`+}`
`708`	`694`	`}`
`709`	`695`	`}`
	`696`	`+t.Run("sqlQuerier",func(t*testing.T) {`
	`697`	`+t.Parallel()`
	`698`	`+`
	`699`	`+userSubject,_,err:=httpmw.UserRBACSubject(ctx,db,user.ID,rbac.ExpandableScope(rbac.ScopeAll))`
	`700`	`+require.NoError(t,err)`
	`701`	`+preparedUser,err:=authorizer.Prepare(ctx,userSubject,policy.ActionRead,rbac.ResourceWorkspace.Type)`
	`702`	`+require.NoError(t,err)`
	`703`	`+userCtx:=dbauthz.As(ctx,userSubject)`
	`704`	`+userRows,err:=db.GetAuthorizedWorkspacesAndAgentsByOwnerID(userCtx,owner.ID,preparedUser)`
	`705`	`+require.NoError(t,err)`
	`706`	`+require.Len(t,userRows,0)`
	`707`	`+`
	`708`	`+ownerSubject,_,err:=httpmw.UserRBACSubject(ctx,db,owner.ID,rbac.ExpandableScope(rbac.ScopeAll))`
	`709`	`+require.NoError(t,err)`
	`710`	`+preparedOwner,err:=authorizer.Prepare(ctx,ownerSubject,policy.ActionRead,rbac.ResourceWorkspace.Type)`
	`711`	`+require.NoError(t,err)`
	`712`	`+ownerCtx:=dbauthz.As(ctx,ownerSubject)`
	`713`	`+ownerRows,err:=db.GetAuthorizedWorkspacesAndAgentsByOwnerID(ownerCtx,owner.ID,preparedOwner)`
	`714`	`+require.NoError(t,err)`
	`715`	`+ownerCheckFn(ownerRows)`
	`716`	`+})`
	`717`	`+`
	`718`	`+t.Run("dbauthz",func(t*testing.T) {`
	`719`	`+t.Parallel()`
	`720`	`+`
	`721`	`+authzdb:=dbauthz.New(db,authorizer,slogtest.Make(t,&slogtest.Options{}),coderdtest.AccessControlStorePointer())`
	`722`	`+`
	`723`	`+userSubject,_,err:=httpmw.UserRBACSubject(ctx,authzdb,user.ID,rbac.ExpandableScope(rbac.ScopeAll))`
	`724`	`+require.NoError(t,err)`
	`725`	`+userCtx:=dbauthz.As(ctx,userSubject)`
	`726`	`+`
	`727`	`+ownerSubject,_,err:=httpmw.UserRBACSubject(ctx,authzdb,owner.ID,rbac.ExpandableScope(rbac.ScopeAll))`
	`728`	`+require.NoError(t,err)`
	`729`	`+ownerCtx:=dbauthz.As(ctx,ownerSubject)`
	`730`	`+`
	`731`	`+userRows,err:=authzdb.GetWorkspacesAndAgentsByOwnerID(userCtx,owner.ID)`
	`732`	`+require.NoError(t,err)`
	`733`	`+require.Len(t,userRows,0)`
	`734`	`+`
	`735`	`+ownerRows,err:=authzdb.GetWorkspacesAndAgentsByOwnerID(ownerCtx,owner.ID)`
	`736`	`+require.NoError(t,err)`
	`737`	`+ownerCheckFn(ownerRows)`
	`738`	`+})`
`710`	`739`	`}`
`711`	`740`
`712`	`741`	`funcTestInsertWorkspaceAgentLogs(t*testing.T) {`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita45a43c

File tree

2 files changed

2 files changed

`‎coderd/database/dbauthz/dbauthz_test.go‎`

`‎coderd/database/querier_test.go‎`

0 commit comments