Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitf0d2c8c

Browse files
committed
Compiling
1 parent096525e commitf0d2c8c

File tree

6 files changed

+45
-35
lines changed

6 files changed

+45
-35
lines changed

‎coderd/coderdtest/authorize.go

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,10 +60,13 @@ func AssertRBAC(t *testing.T, api *coderd.API, client *codersdk.Client) RBACAsse
6060
roles,err:=api.Database.GetAuthorizationUserRoles(ctx,key.UserID)
6161
require.NoError(t,err,"fetch user roles")
6262

63+
roleNames,err:=roles.RoleNames()
64+
require.NoError(t,err)
65+
6366
returnRBACAsserter{
6467
Subject: rbac.Subject{
6568
ID:key.UserID.String(),
66-
Roles:rbac.RoleNames(roles.Roles),
69+
Roles:rbac.RoleNames(roleNames),
6770
Groups:roles.Groups,
6871
Scope:rbac.ScopeName(key.Scope),
6972
},

‎coderd/coderdtest/coderdtest.go

Lines changed: 22 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ import (
5656
"github.com/coder/coder/v2/coderd/awsidentity"
5757
"github.com/coder/coder/v2/coderd/batchstats"
5858
"github.com/coder/coder/v2/coderd/database"
59+
"github.com/coder/coder/v2/coderd/database/db2sdk"
5960
"github.com/coder/coder/v2/coderd/database/dbauthz"
6061
"github.com/coder/coder/v2/coderd/database/dbrollup"
6162
"github.com/coder/coder/v2/coderd/database/dbtestutil"
@@ -678,7 +679,11 @@ func AuthzUserSubject(user codersdk.User, orgID uuid.UUID) rbac.Subject {
678679
// Member role is always implied
679680
roles=append(roles,rbac.RoleMember())
680681
for_,r:=rangeuser.Roles {
681-
roles=append(roles,r.Name)
682+
orgID,_:=uuid.Parse(r.OrganizationID)// defaults to nil
683+
roles=append(roles, rbac.RoleName{
684+
Name:r.Name,
685+
OrganizationID:orgID,
686+
})
682687
}
683688
// We assume only 1 org exists
684689
roles=append(roles,rbac.ScopedRoleOrgMember(orgID))
@@ -749,36 +754,37 @@ func createAnotherUserRetry(t testing.TB, client *codersdk.Client, organizationI
749754

750755
iflen(roles)>0 {
751756
// Find the roles for the org vs the site wide roles
752-
orgRoles:=make(map[string][]string)
753-
varsiteRoles []string
757+
orgRoles:=make(map[uuid.UUID][]rbac.RoleName)
758+
varsiteRoles []rbac.RoleName
754759

755760
for_,roleName:=rangeroles {
756-
roleName:=roleName
757-
orgID,ok:=rbac.IsOrgRole(roleName)
758-
roleName,_,err=rbac.RoleSplit(roleName)
759-
require.NoError(t,err,"split org role name")
761+
ok:=roleName.IsOrgRole()
760762
ifok {
761-
roleName,_,err=rbac.RoleSplit(roleName)
762-
require.NoError(t,err,"split rolename")
763-
orgRoles[orgID]=append(orgRoles[orgID],roleName)
763+
orgRoles[roleName.OrganizationID]=append(orgRoles[roleName.OrganizationID],roleName)
764764
}else {
765765
siteRoles=append(siteRoles,roleName)
766766
}
767767
}
768768
// Update the roles
769769
for_,r:=rangeuser.Roles {
770-
siteRoles=append(siteRoles,r.Name)
770+
orgID,_:=uuid.Parse(r.OrganizationID)
771+
siteRoles=append(siteRoles, rbac.RoleName{
772+
Name:r.Name,
773+
OrganizationID:orgID,
774+
})
775+
}
776+
777+
onlyName:=func(role rbac.RoleName)string {
778+
returnrole.Name
771779
}
772780

773-
user,err=client.UpdateUserRoles(context.Background(),user.ID.String(), codersdk.UpdateRoles{Roles:siteRoles})
781+
user,err=client.UpdateUserRoles(context.Background(),user.ID.String(), codersdk.UpdateRoles{Roles:db2sdk.List(siteRoles,onlyName)})
774782
require.NoError(t,err,"update site roles")
775783

776784
// Update org roles
777785
fororgID,roles:=rangeorgRoles {
778-
organizationID,err:=uuid.Parse(orgID)
779-
require.NoError(t,err,fmt.Sprintf("parse org id %q",orgID))
780-
_,err=client.UpdateOrganizationMemberRoles(context.Background(),organizationID,user.ID.String(),
781-
codersdk.UpdateRoles{Roles:roles})
786+
_,err=client.UpdateOrganizationMemberRoles(context.Background(),orgID,user.ID.String(),
787+
codersdk.UpdateRoles{Roles:db2sdk.List(roles,onlyName)})
782788
require.NoError(t,err,"update org membership roles")
783789
}
784790
}

‎enterprise/coderd/coderd_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -497,7 +497,7 @@ func testDBAuthzRole(ctx context.Context) context.Context {
497497
ID:uuid.Nil.String(),
498498
Roles:rbac.Roles([]rbac.Role{
499499
{
500-
Name:"testing",
500+
Name:rbac.RoleName{Name:"testing"},
501501
DisplayName:"Unit Tests",
502502
Site:rbac.Permissions(map[string][]policy.Action{
503503
rbac.ResourceWildcard.Type: {policy.WildcardSymbol},

‎enterprise/coderd/insights_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -78,15 +78,15 @@ func TestTemplateInsightsWithRole(t *testing.T) {
7878

7979
typeteststruct {
8080
interval codersdk.InsightsReportInterval
81-
rolestring
81+
rolerbac.RoleName
8282
allowedbool
8383
}
8484

8585
tests:= []test{
8686
{codersdk.InsightsReportIntervalDay,rbac.RoleTemplateAdmin(),true},
8787
{"",rbac.RoleTemplateAdmin(),true},
88-
{codersdk.InsightsReportIntervalDay,"auditor",true},
89-
{"","auditor",true},
88+
{codersdk.InsightsReportIntervalDay,rbac.RoleAuditor(),true},
89+
{"",rbac.RoleAuditor(),true},
9090
{codersdk.InsightsReportIntervalDay,rbac.RoleUserAdmin(),false},
9191
{"",rbac.RoleUserAdmin(),false},
9292
{codersdk.InsightsReportIntervalDay,rbac.RoleMember(),false},

‎enterprise/coderd/roles_test.go

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ import (
99
"github.com/stretchr/testify/require"
1010

1111
"github.com/coder/coder/v2/coderd/coderdtest"
12+
"github.com/coder/coder/v2/coderd/rbac"
1213
"github.com/coder/coder/v2/codersdk"
1314
"github.com/coder/coder/v2/enterprise/coderd/coderdenttest"
1415
"github.com/coder/coder/v2/enterprise/coderd/license"
@@ -57,7 +58,7 @@ func TestCustomOrganizationRole(t *testing.T) {
5758
require.NoError(t,err,"upsert role")
5859

5960
// Assign the custom template admin role
60-
tmplAdmin,_:=coderdtest.CreateAnotherUser(t,owner,first.OrganizationID,role.FullName())
61+
tmplAdmin,_:=coderdtest.CreateAnotherUser(t,owner,first.OrganizationID,rbac.RoleName{Name:role.Name,OrganizationID:first.OrganizationID})
6162

6263
// Assert the role exists
6364
// TODO: At present user roles are not returned by the user endpoints.
@@ -124,7 +125,7 @@ func TestCustomOrganizationRole(t *testing.T) {
124125
require.ErrorContains(t,err,"roles are not enabled")
125126

126127
// Assign the custom template admin role
127-
tmplAdmin,_:=coderdtest.CreateAnotherUser(t,owner,first.OrganizationID,role.FullName())
128+
tmplAdmin,_:=coderdtest.CreateAnotherUser(t,owner,first.OrganizationID,rbac.RoleName{Name:role.Name,OrganizationID:first.OrganizationID})
128129

129130
// Try to create a template version, eg using the custom role
130131
coderdtest.CreateTemplateVersion(t,tmplAdmin,first.OrganizationID,nil)
@@ -152,7 +153,7 @@ func TestCustomOrganizationRole(t *testing.T) {
152153
require.NoError(t,err,"upsert role")
153154

154155
// Assign the custom template admin role
155-
tmplAdmin,_:=coderdtest.CreateAnotherUser(t,owner,first.OrganizationID,role.FullName())
156+
tmplAdmin,_:=coderdtest.CreateAnotherUser(t,owner,first.OrganizationID,rbac.RoleName{Name:role.Name,OrganizationID:first.OrganizationID})
156157

157158
// Try to create a template version, eg using the custom role
158159
coderdtest.CreateTemplateVersion(t,tmplAdmin,first.OrganizationID,nil)

‎enterprise/coderd/userauth_test.go

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ func TestUserOIDC(t *testing.T) {
6666
cfg.AllowSignups=true
6767
cfg.UserRoleField="roles"
6868
cfg.UserRoleMapping=map[string][]string{
69-
oidcRoleName: {rbac.RoleTemplateAdmin()},
69+
oidcRoleName: {rbac.RoleTemplateAdmin().String()},
7070
}
7171
},
7272
})
@@ -79,7 +79,7 @@ func TestUserOIDC(t *testing.T) {
7979
"roles":oidcRoleName,
8080
})
8181
require.Equal(t,http.StatusOK,resp.StatusCode)
82-
runner.AssertRoles(t,"alice", []string{rbac.RoleTemplateAdmin()})
82+
runner.AssertRoles(t,"alice", []string{rbac.RoleTemplateAdmin().String()})
8383
})
8484

8585
// A user has some roles, then on an oauth refresh will lose said
@@ -92,23 +92,23 @@ func TestUserOIDC(t *testing.T) {
9292

9393
constoidcRoleName="TemplateAuthor"
9494
runner:=setupOIDCTest(t,oidcTestConfig{
95-
Userinfo: jwt.MapClaims{oidcRoleName: []string{rbac.RoleTemplateAdmin(),rbac.RoleUserAdmin()}},
95+
Userinfo: jwt.MapClaims{oidcRoleName: []string{rbac.RoleTemplateAdmin().String(),rbac.RoleUserAdmin().String()}},
9696
Config:func(cfg*coderd.OIDCConfig) {
9797
cfg.AllowSignups=true
9898
cfg.UserRoleField="roles"
9999
cfg.UserRoleMapping=map[string][]string{
100-
oidcRoleName: {rbac.RoleTemplateAdmin(),rbac.RoleUserAdmin()},
100+
oidcRoleName: {rbac.RoleTemplateAdmin().String(),rbac.RoleUserAdmin().String()},
101101
}
102102
},
103103
})
104104

105105
// User starts with the owner role
106106
client,resp:=runner.Login(t, jwt.MapClaims{
107107
"email":"alice@coder.com",
108-
"roles": []string{"random",oidcRoleName,rbac.RoleOwner()},
108+
"roles": []string{"random",oidcRoleName,rbac.RoleOwner().String()},
109109
})
110110
require.Equal(t,http.StatusOK,resp.StatusCode)
111-
runner.AssertRoles(t,"alice", []string{rbac.RoleTemplateAdmin(),rbac.RoleUserAdmin(),rbac.RoleOwner()})
111+
runner.AssertRoles(t,"alice", []string{rbac.RoleTemplateAdmin().String(),rbac.RoleUserAdmin().String(),rbac.RoleOwner().String()})
112112

113113
// Now refresh the oauth, and check the roles are removed.
114114
// Force a refresh, and assert nothing has changes
@@ -126,23 +126,23 @@ func TestUserOIDC(t *testing.T) {
126126

127127
constoidcRoleName="TemplateAuthor"
128128
runner:=setupOIDCTest(t,oidcTestConfig{
129-
Userinfo: jwt.MapClaims{oidcRoleName: []string{rbac.RoleTemplateAdmin(),rbac.RoleUserAdmin()}},
129+
Userinfo: jwt.MapClaims{oidcRoleName: []string{rbac.RoleTemplateAdmin().String(),rbac.RoleUserAdmin().String()}},
130130
Config:func(cfg*coderd.OIDCConfig) {
131131
cfg.AllowSignups=true
132132
cfg.UserRoleField="roles"
133133
cfg.UserRoleMapping=map[string][]string{
134-
oidcRoleName: {rbac.RoleTemplateAdmin(),rbac.RoleUserAdmin()},
134+
oidcRoleName: {rbac.RoleTemplateAdmin().String(),rbac.RoleUserAdmin().String()},
135135
}
136136
},
137137
})
138138

139139
// User starts with the owner role
140140
_,resp:=runner.Login(t, jwt.MapClaims{
141141
"email":"alice@coder.com",
142-
"roles": []string{"random",oidcRoleName,rbac.RoleOwner()},
142+
"roles": []string{"random",oidcRoleName,rbac.RoleOwner().String()},
143143
})
144144
require.Equal(t,http.StatusOK,resp.StatusCode)
145-
runner.AssertRoles(t,"alice", []string{rbac.RoleTemplateAdmin(),rbac.RoleUserAdmin(),rbac.RoleOwner()})
145+
runner.AssertRoles(t,"alice", []string{rbac.RoleTemplateAdmin().String(),rbac.RoleUserAdmin().String(),rbac.RoleOwner().String()})
146146

147147
// Now login with oauth again, and check the roles are removed.
148148
_,resp=runner.Login(t, jwt.MapClaims{
@@ -175,7 +175,7 @@ func TestUserOIDC(t *testing.T) {
175175
ctx:=testutil.Context(t,testutil.WaitShort)
176176
_,err:=runner.AdminClient.UpdateUserRoles(ctx,"alice", codersdk.UpdateRoles{
177177
Roles: []string{
178-
rbac.RoleTemplateAdmin(),
178+
rbac.RoleTemplateAdmin().String(),
179179
},
180180
})
181181
require.Error(t,err)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp