NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commite2b330f

authored

chore: change sql parameter for custom roles to be a(name,org_id) tuple (#13480)

* chore: sql parameter to custom roles to be a (name,org) tupleCustomRole lookup takes (name,org_id) tuples as the search criteria.

1 parent1adc19b commite2b330fCopy full SHA for e2b330f

File tree

12 files changed

+339

-26

lines changed

coderd
- database
  - dbauthz
    - customroles_test.go
  - dbmem
    - dbmem.go
  - dbtestutil
    - postgres.go
  - dump.sql
  - migrations
    - 000216_custom_role_pair_parameter.down.sql
    - 000216_custom_role_pair_parameter.up.sql
  - querier_test.go
  - queries.sql.go
  - queries
    - roles.sql
  - sqlc.yaml
  - types.go
- rbac/rolestore
  - rolestore.go

12 files changed

+339

-26

lines changed

`‎coderd/database/dbauthz/customroles_test.go‎`

Lines changed: 15 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ func TestUpsertCustomRoles(t *testing.T) {`
`38`	`38`	`Name:"can-assign",`
`39`	`39`	`DisplayName:"",`
`40`	`40`	`Site:rbac.Permissions(map[string][]policy.Action{`
`41`		`-rbac.ResourceAssignRole.Type: {policy.ActionCreate},`
	`41`	`+rbac.ResourceAssignRole.Type: {policy.ActionRead,policy.ActionCreate},`
`42`	`42`	`}),`
`43`	`43`	`}`
`44`	`44`
`@@ -243,6 +243,20 @@ func TestUpsertCustomRoles(t *testing.T) {`
`243`	`243`	`require.ErrorContains(t,err,tc.errorContains)`
`244`	`244`	`}else {`
`245`	`245`	`require.NoError(t,err)`
	`246`	`+`
	`247`	`+// Verify we can fetch the role`
	`248`	`+roles,err:=az.CustomRoles(ctx, database.CustomRolesParams{`
	`249`	`+LookupRoles: []database.NameOrganizationPair{`
	`250`	`+{`
	`251`	`+Name:"test-role",`
	`252`	`+OrganizationID:tc.organizationID.UUID,`
	`253`	`+},`
	`254`	`+},`
	`255`	`+ExcludeOrgRoles:false,`
	`256`	`+OrganizationID: uuid.UUID{},`
	`257`	`+})`
	`258`	`+require.NoError(t,err)`
	`259`	`+require.Len(t,roles,1)`
`246`	`260`	`}`
`247`	`261`	`})`
`248`	`262`	`}`

`‎coderd/database/dbmem/dbmem.go‎`

Lines changed: 10 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -1187,12 +1187,17 @@ func (q *FakeQuerier) CustomRoles(_ context.Context, arg database.CustomRolesPar`
`1187`	`1187`	`for_,role:=rangeq.data.customRoles {`
`1188`	`1188`	`role:=role`
`1189`	`1189`	`iflen(arg.LookupRoles)>0 {`
`1190`		`-if!slices.ContainsFunc(arg.LookupRoles,func(sstring)bool {`
`1191`		`-roleName:=rbac.RoleName(role.Name,"")`
`1192`		`-ifrole.OrganizationID.UUID!=uuid.Nil {`
`1193`		`-roleName=rbac.RoleName(role.Name,role.OrganizationID.UUID.String())`
	`1190`	`+if!slices.ContainsFunc(arg.LookupRoles,func(pair database.NameOrganizationPair)bool {`
	`1191`	`+ifpair.Name!=role.Name {`
	`1192`	`+returnfalse`
`1194`	`1193`	`}`
`1195`		`-returnstrings.EqualFold(s,roleName)`
	`1194`	`+`
	`1195`	`+ifrole.OrganizationID.Valid {`
	`1196`	`+// Expect org match`
	`1197`	`+returnrole.OrganizationID.UUID==pair.OrganizationID`
	`1198`	`+}`
	`1199`	`+// Expect no org`
	`1200`	`+returnpair.OrganizationID==uuid.Nil`
`1196`	`1201`	`}) {`
`1197`	`1202`	`continue`
`1198`	`1203`	`}`

`‎coderd/database/dbtestutil/postgres.go‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ func Open() (string, func(), error) {`
`28`	`28`	`iferr!=nil {`
`29`	`29`	`return"",nil,xerrors.Errorf("connect to ci postgres: %w",err)`
`30`	`30`	`}`
	`31`	`+`
`31`	`32`	`deferdb.Close()`
`32`	`33`
`33`	`34`	`dbName,err:=cryptorand.StringCharset(cryptorand.Lower,10)`

`‎coderd/database/dump.sql‎`

Lines changed: 5 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/migrations/000216_custom_role_pair_parameter.down.sql‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+DROPTYPE name_organization_pair;`

`‎coderd/database/migrations/000216_custom_role_pair_parameter.up.sql‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+CREATETYPEname_organization_pairAS (nametext, organization_id uuid);`

`‎coderd/database/querier_test.go‎`

Lines changed: 230 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import (`
`6`	`6`	`"context"`
`7`	`7`	`"database/sql"`
`8`	`8`	`"encoding/json"`
	`9`	`+"fmt"`
`9`	`10`	`"sort"`
`10`	`11`	`"testing"`
`11`	`12`	`"time"`
`@@ -14,6 +15,7 @@ import (`
`14`	`15`	`"github.com/stretchr/testify/require"`
`15`	`16`
`16`	`17`	`"github.com/coder/coder/v2/coderd/database"`
	`18`	`+"github.com/coder/coder/v2/coderd/database/db2sdk"`
`17`	`19`	`"github.com/coder/coder/v2/coderd/database/dbgen"`
`18`	`20`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
`19`	`21`	`"github.com/coder/coder/v2/coderd/database/migrations"`
`@@ -514,6 +516,234 @@ func TestDefaultOrg(t *testing.T) {`
`514`	`516`	`require.True(t,all[0].IsDefault,"first org should always be default")`
`515`	`517`	`}`
`516`	`518`
	`519`	`+// TestReadCustomRoles tests the input params returns the correct set of roles.`
	`520`	`+funcTestReadCustomRoles(t*testing.T) {`
	`521`	`+t.Parallel()`
	`522`	`+`
	`523`	`+iftesting.Short() {`
	`524`	`+t.SkipNow()`
	`525`	`+}`
	`526`	`+`
	`527`	`+sqlDB:=testSQLDB(t)`
	`528`	`+err:=migrations.Up(sqlDB)`
	`529`	`+require.NoError(t,err)`
	`530`	`+`
	`531`	`+db:=database.New(sqlDB)`
	`532`	`+ctx:=testutil.Context(t,testutil.WaitLong)`
	`533`	`+`
	`534`	`+// Make a few site roles, and a few org roles`
	`535`	`+orgIDs:=make([]uuid.UUID,3)`
	`536`	`+fori:=rangeorgIDs {`
	`537`	`+orgIDs[i]=uuid.New()`
	`538`	`+}`
	`539`	`+`
	`540`	`+allRoles:=make([]database.CustomRole,0)`
	`541`	`+siteRoles:=make([]database.CustomRole,0)`
	`542`	`+orgRoles:=make([]database.CustomRole,0)`
	`543`	`+fori:=0;i<15;i++ {`
	`544`	`+orgID:= uuid.NullUUID{`
	`545`	`+UUID:orgIDs[i%len(orgIDs)],`
	`546`	`+Valid:true,`
	`547`	`+}`
	`548`	`+ifi%4==0 {`
	`549`	`+// Some should be site wide`
	`550`	`+orgID= uuid.NullUUID{}`
	`551`	`+}`
	`552`	`+`
	`553`	`+role,err:=db.UpsertCustomRole(ctx, database.UpsertCustomRoleParams{`
	`554`	`+Name:fmt.Sprintf("role-%d",i),`
	`555`	`+OrganizationID:orgID,`
	`556`	`+})`
	`557`	`+require.NoError(t,err)`
	`558`	`+allRoles=append(allRoles,role)`
	`559`	`+iforgID.Valid {`
	`560`	`+orgRoles=append(orgRoles,role)`
	`561`	`+}else {`
	`562`	`+siteRoles=append(siteRoles,role)`
	`563`	`+}`
	`564`	`+}`
	`565`	`+`
	`566`	`+// normalizedRoleName allows for the simple ElementsMatch to work properly.`
	`567`	`+normalizedRoleName:=func(role database.CustomRole)string {`
	`568`	`+returnrole.Name+":"+role.OrganizationID.UUID.String()`
	`569`	`+}`
	`570`	`+`
	`571`	`+roleToLookup:=func(role database.CustomRole) database.NameOrganizationPair {`
	`572`	`+return database.NameOrganizationPair{`
	`573`	`+Name:role.Name,`
	`574`	`+OrganizationID:role.OrganizationID.UUID,`
	`575`	`+}`
	`576`	`+}`
	`577`	`+`
	`578`	`+testCases:= []struct {`
	`579`	`+Namestring`
	`580`	`+Params database.CustomRolesParams`
	`581`	`+Matchfunc(role database.CustomRole)bool`
	`582`	`+}{`
	`583`	`+{`
	`584`	`+Name:"NilRoles",`
	`585`	`+Params: database.CustomRolesParams{`
	`586`	`+LookupRoles:nil,`
	`587`	`+ExcludeOrgRoles:false,`
	`588`	`+OrganizationID: uuid.UUID{},`
	`589`	`+},`
	`590`	`+Match:func(role database.CustomRole)bool {`
	`591`	`+returntrue`
	`592`	`+},`
	`593`	`+},`
	`594`	`+{`
	`595`	`+// Empty params should return all roles`
	`596`	`+Name:"Empty",`
	`597`	`+Params: database.CustomRolesParams{`
	`598`	`+LookupRoles: []database.NameOrganizationPair{},`
	`599`	`+ExcludeOrgRoles:false,`
	`600`	`+OrganizationID: uuid.UUID{},`
	`601`	`+},`
	`602`	`+Match:func(role database.CustomRole)bool {`
	`603`	`+returntrue`
	`604`	`+},`
	`605`	`+},`
	`606`	`+{`
	`607`	`+Name:"Organization",`
	`608`	`+Params: database.CustomRolesParams{`
	`609`	`+LookupRoles: []database.NameOrganizationPair{},`
	`610`	`+ExcludeOrgRoles:false,`
	`611`	`+OrganizationID:orgIDs[1],`
	`612`	`+},`
	`613`	`+Match:func(role database.CustomRole)bool {`
	`614`	`+returnrole.OrganizationID.UUID==orgIDs[1]`
	`615`	`+},`
	`616`	`+},`
	`617`	`+{`
	`618`	`+Name:"SpecificOrgRole",`
	`619`	`+Params: database.CustomRolesParams{`
	`620`	`+LookupRoles: []database.NameOrganizationPair{`
	`621`	`+{`
	`622`	`+Name:orgRoles[0].Name,`
	`623`	`+OrganizationID:orgRoles[0].OrganizationID.UUID,`
	`624`	`+},`
	`625`	`+},`
	`626`	`+},`
	`627`	`+Match:func(role database.CustomRole)bool {`
	`628`	`+returnrole.Name==orgRoles[0].Name&&role.OrganizationID.UUID==orgRoles[0].OrganizationID.UUID`
	`629`	`+},`
	`630`	`+},`
	`631`	`+{`
	`632`	`+Name:"SpecificSiteRole",`
	`633`	`+Params: database.CustomRolesParams{`
	`634`	`+LookupRoles: []database.NameOrganizationPair{`
	`635`	`+{`
	`636`	`+Name:siteRoles[0].Name,`
	`637`	`+OrganizationID:siteRoles[0].OrganizationID.UUID,`
	`638`	`+},`
	`639`	`+},`
	`640`	`+},`
	`641`	`+Match:func(role database.CustomRole)bool {`
	`642`	`+returnrole.Name==siteRoles[0].Name&&role.OrganizationID.UUID==siteRoles[0].OrganizationID.UUID`
	`643`	`+},`
	`644`	`+},`
	`645`	`+{`
	`646`	`+Name:"FewSpecificRoles",`
	`647`	`+Params: database.CustomRolesParams{`
	`648`	`+LookupRoles: []database.NameOrganizationPair{`
	`649`	`+{`
	`650`	`+Name:orgRoles[0].Name,`
	`651`	`+OrganizationID:orgRoles[0].OrganizationID.UUID,`
	`652`	`+},`
	`653`	`+{`
	`654`	`+Name:orgRoles[1].Name,`
	`655`	`+OrganizationID:orgRoles[1].OrganizationID.UUID,`
	`656`	`+},`
	`657`	`+{`
	`658`	`+Name:siteRoles[0].Name,`
	`659`	`+OrganizationID:siteRoles[0].OrganizationID.UUID,`
	`660`	`+},`
	`661`	`+},`
	`662`	`+},`
	`663`	`+Match:func(role database.CustomRole)bool {`
	`664`	`+return (role.Name==orgRoles[0].Name&&role.OrganizationID.UUID==orgRoles[0].OrganizationID.UUID)\|\|`
	`665`	`+(role.Name==orgRoles[1].Name&&role.OrganizationID.UUID==orgRoles[1].OrganizationID.UUID)\|\|`
	`666`	`+(role.Name==siteRoles[0].Name&&role.OrganizationID.UUID==siteRoles[0].OrganizationID.UUID)`
	`667`	`+},`
	`668`	`+},`
	`669`	`+{`
	`670`	`+Name:"AllRolesByLookup",`
	`671`	`+Params: database.CustomRolesParams{`
	`672`	`+LookupRoles:db2sdk.List(allRoles,roleToLookup),`
	`673`	`+},`
	`674`	`+Match:func(role database.CustomRole)bool {`
	`675`	`+returntrue`
	`676`	`+},`
	`677`	`+},`
	`678`	`+{`
	`679`	`+Name:"NotExists",`
	`680`	`+Params: database.CustomRolesParams{`
	`681`	`+LookupRoles: []database.NameOrganizationPair{`
	`682`	`+{`
	`683`	`+Name:"not-exists",`
	`684`	`+OrganizationID:uuid.New(),`
	`685`	`+},`
	`686`	`+{`
	`687`	`+Name:"not-exists",`
	`688`	`+OrganizationID:uuid.Nil,`
	`689`	`+},`
	`690`	`+},`
	`691`	`+},`
	`692`	`+Match:func(role database.CustomRole)bool {`
	`693`	`+returnfalse`
	`694`	`+},`
	`695`	`+},`
	`696`	`+{`
	`697`	`+Name:"Mixed",`
	`698`	`+Params: database.CustomRolesParams{`
	`699`	`+LookupRoles: []database.NameOrganizationPair{`
	`700`	`+{`
	`701`	`+Name:"not-exists",`
	`702`	`+OrganizationID:uuid.New(),`
	`703`	`+},`
	`704`	`+{`
	`705`	`+Name:"not-exists",`
	`706`	`+OrganizationID:uuid.Nil,`
	`707`	`+},`
	`708`	`+{`
	`709`	`+Name:orgRoles[0].Name,`
	`710`	`+OrganizationID:orgRoles[0].OrganizationID.UUID,`
	`711`	`+},`
	`712`	`+{`
	`713`	`+Name:siteRoles[0].Name,`
	`714`	`+},`
	`715`	`+},`
	`716`	`+},`
	`717`	`+Match:func(role database.CustomRole)bool {`
	`718`	`+return (role.Name==orgRoles[0].Name&&role.OrganizationID.UUID==orgRoles[0].OrganizationID.UUID)\|\|`
	`719`	`+(role.Name==siteRoles[0].Name&&role.OrganizationID.UUID==siteRoles[0].OrganizationID.UUID)`
	`720`	`+},`
	`721`	`+},`
	`722`	`+}`
	`723`	`+`
	`724`	`+for_,tc:=rangetestCases {`
	`725`	`+tc:=tc`
	`726`	`+`
	`727`	`+t.Run(tc.Name,func(t*testing.T) {`
	`728`	`+t.Parallel()`
	`729`	`+`
	`730`	`+ctx:=testutil.Context(t,testutil.WaitLong)`
	`731`	`+found,err:=db.CustomRoles(ctx,tc.Params)`
	`732`	`+require.NoError(t,err)`
	`733`	`+filtered:=make([]database.CustomRole,0)`
	`734`	`+for_,role:=rangeallRoles {`
	`735`	`+iftc.Match(role) {`
	`736`	`+filtered=append(filtered,role)`
	`737`	`+}`
	`738`	`+}`
	`739`	`+`
	`740`	`+a:=db2sdk.List(filtered,normalizedRoleName)`
	`741`	`+b:=db2sdk.List(found,normalizedRoleName)`
	`742`	`+require.Equal(t,a,b)`
	`743`	`+})`
	`744`	`+}`
	`745`	`+}`
	`746`	`+`
`517`	`747`	`typetvArgsstruct {`
`518`	`748`	`Status database.ProvisionerJobStatus`
`519`	`749`	`// CreateWorkspace is true if we should create a workspace for the template version`

`‎coderd/database/queries.sql.go‎`

Lines changed: 11 additions & 11 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commite2b330f

File tree

12 files changed

12 files changed

`‎coderd/database/dbauthz/customroles_test.go‎`

`‎coderd/database/dbmem/dbmem.go‎`

`‎coderd/database/dbtestutil/postgres.go‎`

`‎coderd/database/dump.sql‎`

`‎coderd/database/migrations/000216_custom_role_pair_parameter.down.sql‎`

`‎coderd/database/migrations/000216_custom_role_pair_parameter.up.sql‎`

`‎coderd/database/querier_test.go‎`

`‎coderd/database/queries.sql.go‎`

0 commit comments