Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite05b286

Browse files
committed
add dbauthz test
1 parent45225e4 commite05b286

File tree

2 files changed

+67
-36
lines changed

2 files changed

+67
-36
lines changed

‎coderd/database/dbauthz/dbauthz_test.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1476,6 +1476,7 @@ func (s *MethodTestSuite) TestWorkspace() {
14761476
_=dbgen.ProvisionerJob(s.T(),db,nil, database.ProvisionerJob{ID:build.JobID,Type:database.ProvisionerJobTypeWorkspaceBuild})
14771477
res:=dbgen.WorkspaceResource(s.T(),db, database.WorkspaceResource{JobID:build.JobID})
14781478
_=dbgen.WorkspaceAgent(s.T(),db, database.WorkspaceAgent{ResourceID:res.ID})
1479+
// No asserts here because SQLFilter.
14791480
check.Args(ws.OwnerID).Asserts()
14801481
}))
14811482
s.Run("GetAuthorizedWorkspacesAndAgentsByOwnerID",s.Subtest(func(db database.Store,check*expects) {
@@ -1484,6 +1485,7 @@ func (s *MethodTestSuite) TestWorkspace() {
14841485
_=dbgen.ProvisionerJob(s.T(),db,nil, database.ProvisionerJob{ID:build.JobID,Type:database.ProvisionerJobTypeWorkspaceBuild})
14851486
res:=dbgen.WorkspaceResource(s.T(),db, database.WorkspaceResource{JobID:build.JobID})
14861487
_=dbgen.WorkspaceAgent(s.T(),db, database.WorkspaceAgent{ResourceID:res.ID})
1488+
// No asserts here because SQLFilter.
14871489
check.Args(ws.OwnerID,emptyPreparedAuthorized{}).Asserts()
14881490
}))
14891491
s.Run("GetLatestWorkspaceBuildByWorkspaceID",s.Subtest(func(db database.Store,check*expects) {

‎coderd/database/querier_test.go

Lines changed: 65 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -625,6 +625,7 @@ func TestGetAuthorizedWorkspacesAndAgentsByOwnerID(t *testing.T) {
625625
err:=migrations.Up(sqlDB)
626626
require.NoError(t,err)
627627
db:=database.New(sqlDB)
628+
authorizer:=rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())
628629

629630
org:=dbgen.Organization(t,db, database.Organization{})
630631
owner:=dbgen.User(t,db, database.User{
@@ -669,44 +670,72 @@ func TestGetAuthorizedWorkspacesAndAgentsByOwnerID(t *testing.T) {
669670
CreateAgent:false,
670671
})
671672

672-
authorizer:=rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())
673-
userSubject,_,err:=httpmw.UserRBACSubject(ctx,db,user.ID,rbac.ExpandableScope(rbac.ScopeAll))
674-
require.NoError(t,err)
675-
preparedUser,err:=authorizer.Prepare(ctx,userSubject,policy.ActionRead,rbac.ResourceWorkspace.Type)
676-
require.NoError(t,err)
677-
userCtx:=dbauthz.As(ctx,userSubject)
678-
userRows,err:=db.GetAuthorizedWorkspacesAndAgentsByOwnerID(userCtx,owner.ID,preparedUser)
679-
require.NoError(t,err)
680-
require.Len(t,userRows,0)
681-
682-
ownerSubject,_,err:=httpmw.UserRBACSubject(ctx,db,owner.ID,rbac.ExpandableScope(rbac.ScopeAll))
683-
require.NoError(t,err)
684-
preparedOwner,err:=authorizer.Prepare(ctx,ownerSubject,policy.ActionRead,rbac.ResourceWorkspace.Type)
685-
require.NoError(t,err)
686-
ownerCtx:=dbauthz.As(ctx,ownerSubject)
687-
ownerRows,err:=db.GetAuthorizedWorkspacesAndAgentsByOwnerID(ownerCtx,owner.ID,preparedOwner)
688-
require.NoError(t,err)
689-
require.Len(t,ownerRows,4)
690-
for_,row:=rangeownerRows {
691-
switchrow.ID {
692-
casependingID:
693-
require.Len(t,row.Agents,1)
694-
require.Equal(t,database.ProvisionerJobStatusPending,row.JobStatus)
695-
casefailedID:
696-
require.Len(t,row.Agents,1)
697-
require.Equal(t,database.ProvisionerJobStatusFailed,row.JobStatus)
698-
casesucceededID:
699-
require.Len(t,row.Agents,2)
700-
require.Equal(t,database.ProvisionerJobStatusSucceeded,row.JobStatus)
701-
require.Equal(t,database.WorkspaceTransitionStart,row.Transition)
702-
casedeletedID:
703-
require.Len(t,row.Agents,0)
704-
require.Equal(t,database.ProvisionerJobStatusSucceeded,row.JobStatus)
705-
require.Equal(t,database.WorkspaceTransitionDelete,row.Transition)
706-
default:
707-
t.Fatalf("unexpected workspace ID: %s",row.ID)
673+
ownerCheckFn:=func(ownerRows []database.GetWorkspacesAndAgentsByOwnerIDRow) {
674+
require.Len(t,ownerRows,4)
675+
for_,row:=rangeownerRows {
676+
switchrow.ID {
677+
casependingID:
678+
require.Len(t,row.Agents,1)
679+
require.Equal(t,database.ProvisionerJobStatusPending,row.JobStatus)
680+
casefailedID:
681+
require.Len(t,row.Agents,1)
682+
require.Equal(t,database.ProvisionerJobStatusFailed,row.JobStatus)
683+
casesucceededID:
684+
require.Len(t,row.Agents,2)
685+
require.Equal(t,database.ProvisionerJobStatusSucceeded,row.JobStatus)
686+
require.Equal(t,database.WorkspaceTransitionStart,row.Transition)
687+
casedeletedID:
688+
require.Len(t,row.Agents,0)
689+
require.Equal(t,database.ProvisionerJobStatusSucceeded,row.JobStatus)
690+
require.Equal(t,database.WorkspaceTransitionDelete,row.Transition)
691+
default:
692+
t.Fatalf("unexpected workspace ID: %s",row.ID)
693+
}
708694
}
709695
}
696+
t.Run("sqlQuerier",func(t*testing.T) {
697+
t.Parallel()
698+
699+
userSubject,_,err:=httpmw.UserRBACSubject(ctx,db,user.ID,rbac.ExpandableScope(rbac.ScopeAll))
700+
require.NoError(t,err)
701+
preparedUser,err:=authorizer.Prepare(ctx,userSubject,policy.ActionRead,rbac.ResourceWorkspace.Type)
702+
require.NoError(t,err)
703+
userCtx:=dbauthz.As(ctx,userSubject)
704+
userRows,err:=db.GetAuthorizedWorkspacesAndAgentsByOwnerID(userCtx,owner.ID,preparedUser)
705+
require.NoError(t,err)
706+
require.Len(t,userRows,0)
707+
708+
ownerSubject,_,err:=httpmw.UserRBACSubject(ctx,db,owner.ID,rbac.ExpandableScope(rbac.ScopeAll))
709+
require.NoError(t,err)
710+
preparedOwner,err:=authorizer.Prepare(ctx,ownerSubject,policy.ActionRead,rbac.ResourceWorkspace.Type)
711+
require.NoError(t,err)
712+
ownerCtx:=dbauthz.As(ctx,ownerSubject)
713+
ownerRows,err:=db.GetAuthorizedWorkspacesAndAgentsByOwnerID(ownerCtx,owner.ID,preparedOwner)
714+
require.NoError(t,err)
715+
ownerCheckFn(ownerRows)
716+
})
717+
718+
t.Run("dbauthz",func(t*testing.T) {
719+
t.Parallel()
720+
721+
authzdb:=dbauthz.New(db,authorizer,slogtest.Make(t,&slogtest.Options{}),coderdtest.AccessControlStorePointer())
722+
723+
userSubject,_,err:=httpmw.UserRBACSubject(ctx,authzdb,user.ID,rbac.ExpandableScope(rbac.ScopeAll))
724+
require.NoError(t,err)
725+
userCtx:=dbauthz.As(ctx,userSubject)
726+
727+
ownerSubject,_,err:=httpmw.UserRBACSubject(ctx,authzdb,owner.ID,rbac.ExpandableScope(rbac.ScopeAll))
728+
require.NoError(t,err)
729+
ownerCtx:=dbauthz.As(ctx,ownerSubject)
730+
731+
userRows,err:=authzdb.GetWorkspacesAndAgentsByOwnerID(userCtx,owner.ID)
732+
require.NoError(t,err)
733+
require.Len(t,userRows,0)
734+
735+
ownerRows,err:=authzdb.GetWorkspacesAndAgentsByOwnerID(ownerCtx,owner.ID)
736+
require.NoError(t,err)
737+
ownerCheckFn(ownerRows)
738+
})
710739
}
711740

712741
funcTestInsertWorkspaceAgentLogs(t*testing.T) {

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp