Skip to content

Commit 232a536

Browse files
ethanndicksonethanndickson
committed
add dbauthz test
1 parent feb6355 commit 232a536

File tree

2 files changed

+67
-36
lines changed

2 files changed

+67
-36
lines changed

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1476,6 +1476,7 @@ func (s *MethodTestSuite) TestWorkspace() {
14761476
_ = dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{ID: build.JobID, Type: database.ProvisionerJobTypeWorkspaceBuild})
14771477
res := dbgen.WorkspaceResource(s.T(), db, database.WorkspaceResource{JobID: build.JobID})
14781478
_ = dbgen.WorkspaceAgent(s.T(), db, database.WorkspaceAgent{ResourceID: res.ID})
1479+
// No asserts here because SQLFilter.
14791480
check.Args(ws.OwnerID).Asserts()
14801481
}))
14811482
s.Run("GetAuthorizedWorkspacesAndAgentsByOwnerID", s.Subtest(func(db database.Store, check *expects) {
@@ -1484,6 +1485,7 @@ func (s *MethodTestSuite) TestWorkspace() {
14841485
_ = dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{ID: build.JobID, Type: database.ProvisionerJobTypeWorkspaceBuild})
14851486
res := dbgen.WorkspaceResource(s.T(), db, database.WorkspaceResource{JobID: build.JobID})
14861487
_ = dbgen.WorkspaceAgent(s.T(), db, database.WorkspaceAgent{ResourceID: res.ID})
1488+
// No asserts here because SQLFilter.
14871489
check.Args(ws.OwnerID, emptyPreparedAuthorized{}).Asserts()
14881490
}))
14891491
s.Run("GetLatestWorkspaceBuildByWorkspaceID", s.Subtest(func(db database.Store, check *expects) {

coderd/database/querier_test.go

Lines changed: 65 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -625,6 +625,7 @@ func TestGetAuthorizedWorkspacesAndAgentsByOwnerID(t *testing.T) {
625625
err := migrations.Up(sqlDB)
626626
require.NoError(t, err)
627627
db := database.New(sqlDB)
628+
authorizer := rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())
628629

629630
org := dbgen.Organization(t, db, database.Organization{})
630631
owner := dbgen.User(t, db, database.User{
@@ -669,44 +670,72 @@ func TestGetAuthorizedWorkspacesAndAgentsByOwnerID(t *testing.T) {
669670
CreateAgent: false,
670671
})
671672

672-
authorizer := rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())
673-
userSubject, _, err := httpmw.UserRBACSubject(ctx, db, user.ID, rbac.ExpandableScope(rbac.ScopeAll))
674-
require.NoError(t, err)
675-
preparedUser, err := authorizer.Prepare(ctx, userSubject, policy.ActionRead, rbac.ResourceWorkspace.Type)
676-
require.NoError(t, err)
677-
userCtx := dbauthz.As(ctx, userSubject)
678-
userRows, err := db.GetAuthorizedWorkspacesAndAgentsByOwnerID(userCtx, owner.ID, preparedUser)
679-
require.NoError(t, err)
680-
require.Len(t, userRows, 0)
681-
682-
ownerSubject, _, err := httpmw.UserRBACSubject(ctx, db, owner.ID, rbac.ExpandableScope(rbac.ScopeAll))
683-
require.NoError(t, err)
684-
preparedOwner, err := authorizer.Prepare(ctx, ownerSubject, policy.ActionRead, rbac.ResourceWorkspace.Type)
685-
require.NoError(t, err)
686-
ownerCtx := dbauthz.As(ctx, ownerSubject)
687-
ownerRows, err := db.GetAuthorizedWorkspacesAndAgentsByOwnerID(ownerCtx, owner.ID, preparedOwner)
688-
require.NoError(t, err)
689-
require.Len(t, ownerRows, 4)
690-
for _, row := range ownerRows {
691-
switch row.ID {
692-
case pendingID:
693-
require.Len(t, row.Agents, 1)
694-
require.Equal(t, database.ProvisionerJobStatusPending, row.JobStatus)
695-
case failedID:
696-
require.Len(t, row.Agents, 1)
697-
require.Equal(t, database.ProvisionerJobStatusFailed, row.JobStatus)
698-
case succeededID:
699-
require.Len(t, row.Agents, 2)
700-
require.Equal(t, database.ProvisionerJobStatusSucceeded, row.JobStatus)
701-
require.Equal(t, database.WorkspaceTransitionStart, row.Transition)
702-
case deletedID:
703-
require.Len(t, row.Agents, 0)
704-
require.Equal(t, database.ProvisionerJobStatusSucceeded, row.JobStatus)
705-
require.Equal(t, database.WorkspaceTransitionDelete, row.Transition)
706-
default:
707-
t.Fatalf("unexpected workspace ID: %s", row.ID)
673+
ownerCheckFn := func(ownerRows []database.GetWorkspacesAndAgentsByOwnerIDRow) {
674+
require.Len(t, ownerRows, 4)
675+
for _, row := range ownerRows {
676+
switch row.ID {
677+
case pendingID:
678+
require.Len(t, row.Agents, 1)
679+
require.Equal(t, database.ProvisionerJobStatusPending, row.JobStatus)
680+
case failedID:
681+
require.Len(t, row.Agents, 1)
682+
require.Equal(t, database.ProvisionerJobStatusFailed, row.JobStatus)
683+
case succeededID:
684+
require.Len(t, row.Agents, 2)
685+
require.Equal(t, database.ProvisionerJobStatusSucceeded, row.JobStatus)
686+
require.Equal(t, database.WorkspaceTransitionStart, row.Transition)
687+
case deletedID:
688+
require.Len(t, row.Agents, 0)
689+
require.Equal(t, database.ProvisionerJobStatusSucceeded, row.JobStatus)
690+
require.Equal(t, database.WorkspaceTransitionDelete, row.Transition)
691+
default:
692+
t.Fatalf("unexpected workspace ID: %s", row.ID)
693+
}
708694
}
709695
}
696+
t.Run("sqlQuerier", func(t *testing.T) {
697+
t.Parallel()
698+
699+
userSubject, _, err := httpmw.UserRBACSubject(ctx, db, user.ID, rbac.ExpandableScope(rbac.ScopeAll))
700+
require.NoError(t, err)
701+
preparedUser, err := authorizer.Prepare(ctx, userSubject, policy.ActionRead, rbac.ResourceWorkspace.Type)
702+
require.NoError(t, err)
703+
userCtx := dbauthz.As(ctx, userSubject)
704+
userRows, err := db.GetAuthorizedWorkspacesAndAgentsByOwnerID(userCtx, owner.ID, preparedUser)
705+
require.NoError(t, err)
706+
require.Len(t, userRows, 0)
707+
708+
ownerSubject, _, err := httpmw.UserRBACSubject(ctx, db, owner.ID, rbac.ExpandableScope(rbac.ScopeAll))
709+
require.NoError(t, err)
710+
preparedOwner, err := authorizer.Prepare(ctx, ownerSubject, policy.ActionRead, rbac.ResourceWorkspace.Type)
711+
require.NoError(t, err)
712+
ownerCtx := dbauthz.As(ctx, ownerSubject)
713+
ownerRows, err := db.GetAuthorizedWorkspacesAndAgentsByOwnerID(ownerCtx, owner.ID, preparedOwner)
714+
require.NoError(t, err)
715+
ownerCheckFn(ownerRows)
716+
})
717+
718+
t.Run("dbauthz", func(t *testing.T) {
719+
t.Parallel()
720+
721+
authzdb := dbauthz.New(db, authorizer, slogtest.Make(t, &slogtest.Options{}), coderdtest.AccessControlStorePointer())
722+
723+
userSubject, _, err := httpmw.UserRBACSubject(ctx, authzdb, user.ID, rbac.ExpandableScope(rbac.ScopeAll))
724+
require.NoError(t, err)
725+
userCtx := dbauthz.As(ctx, userSubject)
726+
727+
ownerSubject, _, err := httpmw.UserRBACSubject(ctx, authzdb, owner.ID, rbac.ExpandableScope(rbac.ScopeAll))
728+
require.NoError(t, err)
729+
ownerCtx := dbauthz.As(ctx, ownerSubject)
730+
731+
userRows, err := authzdb.GetWorkspacesAndAgentsByOwnerID(userCtx, owner.ID)
732+
require.NoError(t, err)
733+
require.Len(t, userRows, 0)
734+
735+
ownerRows, err := authzdb.GetWorkspacesAndAgentsByOwnerID(ownerCtx, owner.ID)
736+
require.NoError(t, err)
737+
ownerCheckFn(ownerRows)
738+
})
710739
}
711740

712741
func TestInsertWorkspaceAgentLogs(t *testing.T) {

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy