Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

chore: prevent removing members from the default organization#14094

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
Emyrk merged 6 commits intomainfromstevenmasley/keep_default_members
Aug 5, 2024
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 0 additions & 46 deletionscli/organizationmembers_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -34,49 +34,3 @@ func TestListOrganizationMembers(t *testing.T) {
require.Contains(t, buf.String(), owner.UserID.String())
})
}

func TestRemoveOrganizationMembers(t *testing.T) {
t.Parallel()

t.Run("OK", func(t *testing.T) {
t.Parallel()

ownerClient := coderdtest.New(t, &coderdtest.Options{})
owner := coderdtest.CreateFirstUser(t, ownerClient)
orgAdminClient, _ := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID, rbac.ScopedRoleOrgAdmin(owner.OrganizationID))
_, user := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID)

ctx := testutil.Context(t, testutil.WaitMedium)

inv, root := clitest.New(t, "organization", "members", "remove", "-O", owner.OrganizationID.String(), user.Username)
clitest.SetupConfig(t, orgAdminClient, root)

buf := new(bytes.Buffer)
inv.Stdout = buf
err := inv.WithContext(ctx).Run()
require.NoError(t, err)

members, err := orgAdminClient.OrganizationMembers(ctx, owner.OrganizationID)
require.NoError(t, err)

require.Len(t, members, 2)
})

t.Run("UserNotExists", func(t *testing.T) {
t.Parallel()

ownerClient := coderdtest.New(t, &coderdtest.Options{})
owner := coderdtest.CreateFirstUser(t, ownerClient)
orgAdminClient, _ := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID, rbac.ScopedRoleOrgAdmin(owner.OrganizationID))

ctx := testutil.Context(t, testutil.WaitMedium)

inv, root := clitest.New(t, "organization", "members", "remove", "-O", owner.OrganizationID.String(), "random_name")
clitest.SetupConfig(t, orgAdminClient, root)

buf := new(bytes.Buffer)
inv.Stdout = buf
err := inv.WithContext(ctx).Run()
require.ErrorContains(t, err, "must be an existing uuid or username")
})
}
13 changes: 13 additions & 0 deletionscoderd/members.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -106,6 +106,19 @@ func (api *API) deleteOrganizationMember(rw http.ResponseWriter, r *http.Request
aReq.Old = member.OrganizationMember.Auditable(member.Username)
defer commitAudit()

if organization.IsDefault {
// Multi-organizations is currently an experiment, which means it is feasible
// for a deployment to enable, then disable this. To maintain backwards
// compatibility, this safety is necessary.
// TODO: Remove this check when multi-organizations is fully supported.
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Ideally I'd like to have a test confirm this path behavior

Emyrk reacted with thumbs up emoji
Message: "Removing members from the default organization is not supported.",
Detail: "Multi-organizations is currently an experiment, and until it is fully supported, the default org should be protected.",
Validations: nil,
})
return
}

if member.UserID == apiKey.UserID {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{Message: "cannot remove self from an organization"})
return
Expand Down
43 changes: 15 additions & 28 deletionscoderd/members_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -30,54 +30,41 @@ func TestAddMember(t *testing.T) {
})
}

funcTestListMembers(t *testing.T) {
funcTestDeleteMember(t *testing.T) {
t.Parallel()

t.Run("OK", func(t *testing.T) {
t.Run("NotAllowed", func(t *testing.T) {
t.Parallel()
owner := coderdtest.New(t, nil)
first := coderdtest.CreateFirstUser(t, owner)
_, user := coderdtest.CreateAnotherUser(t, owner, first.OrganizationID)

client, user := coderdtest.CreateAnotherUser(t, owner, first.OrganizationID, rbac.ScopedRoleOrgAdmin(first.OrganizationID))

ctx := testutil.Context(t, testutil.WaitShort)
members, err := client.OrganizationMembers(ctx, first.OrganizationID)
require.NoError(t, err)
require.Len(t, members, 2)
require.ElementsMatch(t,
[]uuid.UUID{first.UserID, user.ID},
db2sdk.List(members, onlyIDs))
ctx := testutil.Context(t, testutil.WaitMedium)
// Deleting members from the default org is not allowed.
// If this behavior changes, and we allow deleting members from the default org,
// this test should be updated to check there is no error.
// nolint:gocritic // must be an owner to see the user
err := owner.DeleteOrganizationMember(ctx, first.OrganizationID, user.Username)
require.ErrorContains(t, err, "Multi-organizations is currently an experiment")
})
}

funcTestRemoveMember(t *testing.T) {
funcTestListMembers(t *testing.T) {
t.Parallel()

t.Run("OK", func(t *testing.T) {
t.Parallel()
owner := coderdtest.New(t, nil)
first := coderdtest.CreateFirstUser(t, owner)
orgAdminClient, orgAdmin := coderdtest.CreateAnotherUser(t, owner, first.OrganizationID, rbac.ScopedRoleOrgAdmin(first.OrganizationID))
_, user := coderdtest.CreateAnotherUser(t, owner, first.OrganizationID)

ctx := testutil.Context(t, testutil.WaitMedium)
// Verify the org of 3 members
members, err := orgAdminClient.OrganizationMembers(ctx, first.OrganizationID)
require.NoError(t, err)
require.Len(t, members, 3)
require.ElementsMatch(t,
[]uuid.UUID{first.UserID, user.ID, orgAdmin.ID},
db2sdk.List(members, onlyIDs))

// Delete a member
err = orgAdminClient.DeleteOrganizationMember(ctx, first.OrganizationID, user.Username)
require.NoError(t, err)
client, user := coderdtest.CreateAnotherUser(t, owner, first.OrganizationID, rbac.ScopedRoleOrgAdmin(first.OrganizationID))

members, err = orgAdminClient.OrganizationMembers(ctx, first.OrganizationID)
ctx := testutil.Context(t, testutil.WaitShort)
members, err := client.OrganizationMembers(ctx, first.OrganizationID)
require.NoError(t, err)
require.Len(t, members, 2)
require.ElementsMatch(t,
[]uuid.UUID{first.UserID,orgAdmin.ID},
[]uuid.UUID{first.UserID,user.ID},
db2sdk.List(members, onlyIDs))
})
}
Expand Down
58 changes: 58 additions & 0 deletionsenterprise/cli/organizationmembers_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -15,6 +15,64 @@ import (
"github.com/coder/coder/v2/testutil"
)

func TestRemoveOrganizationMembers(t *testing.T) {
t.Parallel()

t.Run("OK", func(t *testing.T) {
t.Parallel()
dv := coderdtest.DeploymentValues(t)
dv.Experiments = []string{string(codersdk.ExperimentMultiOrganization)}

ownerClient, _ := coderdenttest.New(t, &coderdenttest.Options{
Options: &coderdtest.Options{
DeploymentValues: dv,
},
LicenseOptions: &coderdenttest.LicenseOptions{
Features: license.Features{
codersdk.FeatureMultipleOrganizations: 1,
},
},
})

secondOrganization := coderdenttest.CreateOrganization(t, ownerClient, coderdenttest.CreateOrganizationOptions{})
orgAdminClient, _ := coderdtest.CreateAnotherUser(t, ownerClient, secondOrganization.ID, rbac.ScopedRoleOrgAdmin(secondOrganization.ID))
_, user := coderdtest.CreateAnotherUser(t, ownerClient, secondOrganization.ID)

ctx := testutil.Context(t, testutil.WaitMedium)

inv, root := clitest.New(t, "organization", "members", "remove", "-O", secondOrganization.ID.String(), user.Username)
clitest.SetupConfig(t, orgAdminClient, root)

buf := new(bytes.Buffer)
inv.Stdout = buf
err := inv.WithContext(ctx).Run()
require.NoError(t, err)

members, err := orgAdminClient.OrganizationMembers(ctx, secondOrganization.ID)
require.NoError(t, err)

require.Len(t, members, 2)
})

t.Run("UserNotExists", func(t *testing.T) {
t.Parallel()

ownerClient := coderdtest.New(t, &coderdtest.Options{})
owner := coderdtest.CreateFirstUser(t, ownerClient)
orgAdminClient, _ := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID, rbac.ScopedRoleOrgAdmin(owner.OrganizationID))

ctx := testutil.Context(t, testutil.WaitMedium)

inv, root := clitest.New(t, "organization", "members", "remove", "-O", owner.OrganizationID.String(), "random_name")
clitest.SetupConfig(t, orgAdminClient, root)

buf := new(bytes.Buffer)
inv.Stdout = buf
err := inv.WithContext(ctx).Run()
require.ErrorContains(t, err, "must be an existing uuid or username")
})
}

func TestEnterpriseListOrganizationMembers(t *testing.T) {
t.Parallel()

Expand Down
41 changes: 41 additions & 0 deletionsenterprise/members_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -18,6 +18,47 @@ import (
func TestEnterpriseMembers(t *testing.T) {
t.Parallel()

t.Run("Remove", func(t *testing.T) {
t.Parallel()
dv := coderdtest.DeploymentValues(t)
dv.Experiments = []string{string(codersdk.ExperimentMultiOrganization)}
owner, first := coderdenttest.New(t, &coderdenttest.Options{
Options: &coderdtest.Options{
DeploymentValues: dv,
},
LicenseOptions: &coderdenttest.LicenseOptions{
Features: license.Features{
codersdk.FeatureMultipleOrganizations: 1,
},
},
})

secondOrg := coderdenttest.CreateOrganization(t, owner, coderdenttest.CreateOrganizationOptions{})

orgAdminClient, orgAdmin := coderdtest.CreateAnotherUser(t, owner, secondOrg.ID, rbac.ScopedRoleOrgAdmin(secondOrg.ID))
_, user := coderdtest.CreateAnotherUser(t, owner, secondOrg.ID)

ctx := testutil.Context(t, testutil.WaitMedium)
// Verify the org of 3 members
members, err := orgAdminClient.OrganizationMembers(ctx, secondOrg.ID)
require.NoError(t, err)
require.Len(t, members, 3)
require.ElementsMatch(t,
[]uuid.UUID{first.UserID, user.ID, orgAdmin.ID},
db2sdk.List(members, onlyIDs))

// Delete a member
err = orgAdminClient.DeleteOrganizationMember(ctx, secondOrg.ID, user.Username)
require.NoError(t, err)

members, err = orgAdminClient.OrganizationMembers(ctx, secondOrg.ID)
require.NoError(t, err)
require.Len(t, members, 2)
require.ElementsMatch(t,
[]uuid.UUID{first.UserID, orgAdmin.ID},
db2sdk.List(members, onlyIDs))
})

t.Run("PostUser", func(t *testing.T) {
t.Parallel()

Expand Down
Loading
[8]ページ先頭
©2009-2025 Movatter.jp