Movatterモバイル変換

[0]ホーム
URL:

Alert GO-2024-3228: Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder
Notice  The highest tagged major version isv2.

coderdtest

package
v0.27.3Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest Published: Aug 1, 2023 License:AGPL-3.0Imports:86Imported by:0

Details

Repository

github.com/coder/coder

Links

Documentation

Index

Constants

This section is empty.

Variables

View Source
var AppSecurityKey = must(workspaceapps.KeyFromString("6465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e2077617320686572"))

AppSecurityKey is a 96-byte key used to sign JWTs and encrypt JWEs forworkspace app tokens in tests.

View Source
var FirstUserParams =codersdk.CreateFirstUserRequest{Email:    "testuser@coder.com",Username: "testuser",Password: "SomeSecurePassword!",}

Functions

funcAwaitTemplateVersionJobadded inv0.4.0

func AwaitTemplateVersionJob(t *testing.T, client *codersdk.Client, versionuuid.UUID)codersdk.TemplateVersion

AwaitTemplateImportJob awaits for an import job to reach completed status.

funcAwaitWorkspaceAgents

func AwaitWorkspaceAgents(t *testing.T, client *codersdk.Client, workspaceIDuuid.UUID, agentNames ...string) []codersdk.WorkspaceResource

AwaitWorkspaceAgents waits for all resources with agents to be connected. Ifspecific agents are provided, it will wait for those agents to be connectedbut will not fail if other agents are not connected.

funcAwaitWorkspaceBuildJob

func AwaitWorkspaceBuildJob(t *testing.T, client *codersdk.Client, builduuid.UUID)codersdk.WorkspaceBuild

AwaitWorkspaceBuildJob waits for a workspace provision job to reach completed status.

funcCreateAnotherUser

func CreateAnotherUser(t *testing.T, client *codersdk.Client, organizationIDuuid.UUID, roles ...string) (*codersdk.Client,codersdk.User)

CreateAnotherUser creates and authenticates a new user.

funcCreateAnotherUserMutatorsadded inv0.25.0

func CreateAnotherUserMutators(t *testing.T, client *codersdk.Client, organizationIDuuid.UUID, roles []string, mutators ...func(r *codersdk.CreateUserRequest)) (*codersdk.Client,codersdk.User)

funcCreateFirstUser

func CreateFirstUser(ttesting.TB, client *codersdk.Client)codersdk.CreateFirstUserResponse

CreateFirstUser creates a user with preset credentials and authenticateswith the passed in codersdk client.

funcCreateTemplateadded inv0.4.0

func CreateTemplate(t *testing.T, client *codersdk.Client, organizationuuid.UUID, versionuuid.UUID, mutators ...func(*codersdk.CreateTemplateRequest))codersdk.Template

CreateTemplate creates a template with the "echo" provisioner forcompatibility with testing. The name assigned is randomly generated.

funcCreateTemplateVersionadded inv0.4.0

func CreateTemplateVersion(t *testing.T, client *codersdk.Client, organizationIDuuid.UUID, res *echo.Responses, mutators ...func(*codersdk.CreateTemplateVersionRequest))codersdk.TemplateVersion

CreateTemplateVersion creates a template import provisioner jobwith the responses provided. It uses the "echo" provisioner for compatibilitywith testing.

funcCreateWorkspace

func CreateWorkspace(t *testing.T, client *codersdk.Client, organizationuuid.UUID, templateIDuuid.UUID, mutators ...func(*codersdk.CreateWorkspaceRequest))codersdk.Workspace

CreateWorkspace creates a workspace for the user and template provided.A random name is generated for it.To customize the defaults, pass a mutator func.

funcCreateWorkspaceBuildadded inv0.6.0

func CreateWorkspaceBuild(t *testing.T,client *codersdk.Client,workspacecodersdk.Workspace,transitiondatabase.WorkspaceTransition,mutators ...func(*codersdk.CreateWorkspaceBuildRequest),)codersdk.WorkspaceBuild

CreateWorkspaceBuild creates a workspace build for the given workspace and transition.

funcDeploymentValuesadded inv0.19.0

func DeploymentValues(ttesting.TB) *codersdk.DeploymentValues

funcMustTransitionWorkspaceadded inv0.6.3

func MustTransitionWorkspace(t *testing.T, client *codersdk.Client, workspaceIDuuid.UUID, from, todatabase.WorkspaceTransition)codersdk.Workspace

TransitionWorkspace is a convenience method for transitioning a workspace from one state to another.

funcMustWorkspaceadded inv0.6.3

func MustWorkspace(t *testing.T, client *codersdk.Client, workspaceIDuuid.UUID)codersdk.Workspace

MustWorkspace is a convenience method for fetching a workspace that should exist.

funcNew

func New(ttesting.TB, options *Options) *codersdk.Client

New constructs a codersdk client connected to an in-memory API instance.

funcNewAWSInstanceIdentity

func NewAWSInstanceIdentity(t *testing.T, instanceIDstring) (awsidentity.Certificates, *http.Client)

NewAWSInstanceIdentity returns a metadata client and ID token validator for fakinginstance authentication for AWS.

funcNewAzureInstanceIdentityadded inv0.4.4

func NewAzureInstanceIdentity(t *testing.T, instanceIDstring) (x509.VerifyOptions, *http.Client)

NewAzureInstanceIdentity returns a metadata client and ID token validator for fakinginstance authentication for Azure.

funcNewExternalProvisionerDaemonadded inv0.12.8

func NewExternalProvisionerDaemon(t *testing.T, client *codersdk.Client, orguuid.UUID, tags map[string]string)io.Closer

funcNewGoogleInstanceIdentity

func NewGoogleInstanceIdentity(t *testing.T, instanceIDstring, expiredbool) (*idtoken.Validator, *metadata.Client)

NewGoogleInstanceIdentity returns a metadata client and ID token validator for fakinginstance authentication for Google Cloud.nolint:revive

funcNewOptionsadded inv0.9.0

func NewOptions(ttesting.TB, options *Options) (func(http.Handler),context.CancelFunc, *url.URL, *coderd.Options)

funcNewProvisionerDaemon

func NewProvisionerDaemon(ttesting.TB, coderAPI *coderd.API)io.Closer

NewProvisionerDaemon launches a provisionerd instance configured to workwell with coderd testing. It registers the "echo" provisioner forquick testing.

funcNewWithAPIadded inv0.6.1

func NewWithAPI(ttesting.TB, options *Options) (*codersdk.Client,io.Closer, *coderd.API)

NewWithAPI constructs an in-memory API instance and returns a client to talk to it.Most tests never need a reference to the API, but AuthorizationTest in this module uses it.Do not expose the API or wrath shall descend upon thee.

funcNewWithProvisionerCloseradded inv0.7.6

func NewWithProvisionerCloser(t *testing.T, options *Options) (*codersdk.Client,io.Closer)

NewWithProvisionerCloser returns a client as well as a handle to closethe provisioner. This is a temporary function while work is done tostandardize how provisioners are registered with coderd. The optionto include a provisioner is set to true for convenience.

funcRandomRBACActionadded inv0.17.2

func RandomRBACAction()rbac.Action

funcRandomRBACObjectadded inv0.17.2

func RandomRBACObject()rbac.Object

funcRandomRBACSubjectadded inv0.17.2

func RandomRBACSubject()rbac.Subject

funcRequestGitAuthCallbackadded inv0.18.0

func RequestGitAuthCallback(t *testing.T, providerIDstring, client *codersdk.Client) *http.Response

RequestGitAuthCallback makes a request with the proper OAuth2 state cookieto the git auth callback endpoint.

funcSDKErroradded inv0.8.12

func SDKError(t *testing.T, errerror) *codersdk.Error

SDKError coerces err into an SDK error.

funcUpdateTemplateVersionadded inv0.5.6

func UpdateTemplateVersion(t *testing.T, client *codersdk.Client, organizationIDuuid.UUID, res *echo.Responses, templateIDuuid.UUID)codersdk.TemplateVersion

UpdateTemplateVersion creates a new template version with the "echo" provisionerand associates it with the given templateID.

funcVerifySwaggerDefinitionsadded inv0.15.0

func VerifySwaggerDefinitions(t *testing.T, router chi.Router, swaggerComments []SwaggerComment)

Types

typeActionObjectPairadded inv0.17.0

type ActionObjectPair struct {Actionrbac.ActionObjectrbac.Object}

typeAuthCalladded inv0.20.0

type AuthCall struct {rbac.AuthCall// contains filtered or unexported fields}

typeFakeAuthorizeradded inv0.17.0

type FakeAuthorizer struct {// AlwaysReturn is the error that will be returned by Authorize.AlwaysReturnerror}

FakeAuthorizer is an Authorizer that always returns the same error.

func (*FakeAuthorizer)Authorizeadded inv0.17.0

func (*FakeAuthorizer)Prepareadded inv0.17.0

typeOIDCConfigadded inv0.10.2

type OIDCConfig struct {// contains filtered or unexported fields}

funcNewOIDCConfigadded inv0.10.2

func NewOIDCConfig(t *testing.T, issuerstring) *OIDCConfig

func (*OIDCConfig)AuthCodeURLadded inv0.10.2

func (*OIDCConfig) AuthCodeURL(statestring, _ ...oauth2.AuthCodeOption)string

func (*OIDCConfig)EncodeClaimsadded inv0.10.2

func (o *OIDCConfig) EncodeClaims(t *testing.T, claimsjwt.MapClaims)string

func (*OIDCConfig)Exchangeadded inv0.10.2

func (*OIDCConfig)OIDCConfigadded inv0.10.2

func (o *OIDCConfig) OIDCConfig(t *testing.T, userInfoClaimsjwt.MapClaims, opts ...func(cfg *coderd.OIDCConfig)) *coderd.OIDCConfig

func (*OIDCConfig)TokenSourceadded inv0.10.2

typeOptions

type Options struct {// AccessURL denotes a custom access URL. By default we use the httptest// server's URL. Setting this may result in unexpected behavior (especially// with running agents).AccessURL             *url.URLAppHostnamestringAWSCertificatesawsidentity.CertificatesAuthorizerrbac.AuthorizerAzureCertificatesx509.VerifyOptionsGithubOAuth2Config    *coderd.GithubOAuth2ConfigRealIPConfig          *httpmw.RealIPConfigOIDCConfig            *coderd.OIDCConfigGoogleTokenValidator  *idtoken.ValidatorSSHKeygenAlgorithmgitsshkey.AlgorithmAutobuildTicker       <-chantime.TimeAutobuildStats        chan<-autobuild.StatsAuditoraudit.AuditorTLSCertificates       []tls.CertificateGitAuthConfigs        []*gitauth.ConfigTrialGenerator        func(context.Context,string)errorTemplateScheduleStoreschedule.TemplateScheduleStoreCoordinatortailnet.CoordinatorHealthcheckFunc    func(ctxcontext.Context, apiKeystring) *healthcheck.ReportHealthcheckTimeouttime.DurationHealthcheckRefreshtime.Duration// All rate limits default to -1 (unlimited) in tests if not set.APIRateLimitintLoginRateLimitintFilesRateLimitint// IncludeProvisionerDaemon when true means to start an in-memory provisionerDIncludeProvisionerDaemonboolMetricsCacheRefreshIntervaltime.DurationAgentStatsRefreshIntervaltime.DurationDeploymentValues            *codersdk.DeploymentValues// Set update check options to enable update check.UpdateCheckOptions *updatecheck.Options// Overriding the database is heavily discouraged.// It should only be used in cases where multiple Coder// test instances are running against the same database.Databasedatabase.StorePubsubpubsub.PubsubConfigSSHcodersdk.SSHConfigResponseSwaggerEndpointbool// Logger should only be overridden if you expect errors// as part of your test.Logger *slog.Logger}

typePreparedRecorderadded inv0.17.0

type PreparedRecorder struct {// contains filtered or unexported fields}

PreparedRecorder is the prepared version of the RecordingAuthorizer.It records the Authorize() calls to the original recorder. If the calleruses CompileToSQL, all recording stops. This is to support parity betweenmemory and SQL backed dbs.

func (*PreparedRecorder)Authorizeadded inv0.17.0

func (s *PreparedRecorder) Authorize(ctxcontext.Context, objectrbac.Object)error

func (*PreparedRecorder)CompileToSQLadded inv0.17.0

typeRBACAsserteradded inv0.20.0

type RBACAsserter struct {Subjectrbac.SubjectRecorder *RecordingAuthorizer}

RBACAsserter is a helper for asserting that the correct RBAC checks areperformed. This struct is tied to a given user, and only authorizes callsfor this user are checked.

funcAssertRBACadded inv0.20.0

func AssertRBAC(t *testing.T, api *coderd.API, client *codersdk.Client)RBACAsserter

AssertRBAC returns an RBACAsserter for the given user. This asserter willallow asserting that the correct RBAC checks are performed for the given user.All checks that are not run against this user will be ignored.

func (RBACAsserter)AllCallsadded inv0.20.0

func (aRBACAsserter) AllCalls() []AuthCall

AllCalls is for debugging. If you are not sure where calls are coming from,call this and use a debugger or print them. They have small callstackson them to help locate the 'Authorize' call.Only calls to Authorize by the given subject will be returned.Note that duplicate rbac calls are handled by the rbac.Cacher(), butwill be recorded twice. So AllCalls() returns calls regardless if theywere returned from the cached or not.

func (RBACAsserter)AssertCheckedadded inv0.20.0

func (aRBACAsserter) AssertChecked(t *testing.T, actionrbac.Action, objects ...interface{})

AssertChecked will assert a given rbac check was performed. It does not careabout order of checks, or any other checks. This is useful when you do notcare about asserting every check that was performed.

func (RBACAsserter)AssertInOrderadded inv0.20.0

func (aRBACAsserter) AssertInOrder(t *testing.T, actionrbac.Action, objects ...interface{})

AssertInOrder must be called in the correct order of authz checks. If the objectsor actions are not in the correct order, the test will fail.

func (RBACAsserter)Resetadded inv0.20.0

func (aRBACAsserter) Reset()RBACAsserter

Reset will clear all previously recorded authz calls.This is helpful when wanting to ignore checks run in test setup.

typeRecordingAuthorizeradded inv0.9.0

type RecordingAuthorizer struct {sync.RWMutexCalled  []AuthCallWrappedrbac.Authorizer}

RecordingAuthorizer wraps any rbac.Authorizer and records all Authorize()calls made. This is useful for testing as these calls can later be asserted.

func (*RecordingAuthorizer)AllAssertedadded inv0.17.0

func (r *RecordingAuthorizer) AllAsserted()error

AllAsserted returns an error if all calls to Authorize() have not beenasserted and checked. This is useful for testing to ensure that allAuthorize() calls are checked in the unit test.

func (*RecordingAuthorizer)AllCallsadded inv0.20.0

func (r *RecordingAuthorizer) AllCalls(actor *rbac.Subject) []AuthCall

AllCalls is useful for debugging.

func (*RecordingAuthorizer)AssertActoradded inv0.17.0

func (r *RecordingAuthorizer) AssertActor(t *testing.T, actorrbac.Subject, did ...ActionObjectPair)

AssertActor asserts in order. If the order of authz calls does not match,this will fail.

func (*RecordingAuthorizer)AssertOutOfOrderadded inv0.20.0

func (r *RecordingAuthorizer) AssertOutOfOrder(t *testing.T, actorrbac.Subject, did ...ActionObjectPair)

AssertOutOfOrder asserts that the given actor performed the given actionon the given objects. It does not care about the order of the calls.When marking authz calls as asserted, it will mark the first matchingcalls first.

func (*RecordingAuthorizer)Authorizeadded inv0.15.3

func (r *RecordingAuthorizer) Authorize(ctxcontext.Context, subjectrbac.Subject, actionrbac.Action, objectrbac.Object)error

func (*RecordingAuthorizer)Pairadded inv0.17.0

Pair is on the RecordingAuthorizer to be easy to find and keep the pkginterface smaller.

func (*RecordingAuthorizer)Prepareadded inv0.15.3

func (r *RecordingAuthorizer) Prepare(ctxcontext.Context, subjectrbac.Subject, actionrbac.Action, objectTypestring) (rbac.PreparedAuthorized,error)

func (*RecordingAuthorizer)Resetadded inv0.17.0

func (r *RecordingAuthorizer) Reset()

Reset clears the recorded Authorize() calls.

typeSwaggerCommentadded inv0.15.0

type SwaggerComment struct {// contains filtered or unexported fields}

funcParseSwaggerCommentsadded inv0.15.0

func ParseSwaggerComments(dirs ...string) ([]SwaggerComment,error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f orF : Jump to
y orY : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic.Learn more.
[8]ページ先頭
©2009-2025 Movatter.jp