Skip to content

Commit 5120fb1

Browse files
ibetitsmikeibetitsmike
committed
WIP
1 parent d8db119 commit 5120fb1

File tree

6 files changed

+17
-17
lines changed

6 files changed

+17
-17
lines changed

coderd/database/dbauthz/dbauthz.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -347,6 +347,7 @@ var (
347347
rbac.ResourceNotificationTemplate.Type: {policy.ActionCreate, policy.ActionUpdate, policy.ActionDelete},
348348
rbac.ResourceCryptoKey.Type: {policy.ActionCreate, policy.ActionUpdate, policy.ActionDelete},
349349
rbac.ResourceFile.Type: {policy.ActionCreate, policy.ActionRead},
350+
rbac.ResourceProvisionerJobs.Type: {policy.ActionRead, policy.ActionUpdate, policy.ActionCreate},
350351
}),
351352
Org: map[string][]rbac.Permission{},
352353
User: []rbac.Permission{},

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 12 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -3892,7 +3892,7 @@ func (s *MethodTestSuite) TestSystemFunctions() {
38923892
}))
38933893
s.Run("GetProvisionerJobsCreatedAfter", s.Subtest(func(db database.Store, check *expects) {
38943894
_ = dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{CreatedAt: time.Now().Add(-time.Hour)})
3895-
check.Args(time.Now()).Asserts(rbac.ResourceSystem, policy.ActionRead)
3895+
check.Args(time.Now()).Asserts(rbac.ResourceProvisionerJobs, policy.ActionRead)
38963896
}))
38973897
s.Run("GetTemplateVersionsByIDs", s.Subtest(func(db database.Store, check *expects) {
38983898
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
@@ -3978,7 +3978,7 @@ func (s *MethodTestSuite) TestSystemFunctions() {
39783978
a := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
39793979
b := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
39803980
check.Args([]uuid.UUID{a.ID, b.ID}).
3981-
Asserts(rbac.ResourceSystem, policy.ActionRead).
3981+
Asserts(rbac.ResourceProvisionerJobs, policy.ActionRead).
39823982
Returns(slice.New(a, b))
39833983
}))
39843984
s.Run("InsertWorkspaceAgent", s.Subtest(func(db database.Store, check *expects) {
@@ -4022,26 +4022,26 @@ func (s *MethodTestSuite) TestSystemFunctions() {
40224022
OrganizationID: j.OrganizationID,
40234023
Types: []database.ProvisionerType{j.Provisioner},
40244024
ProvisionerTags: must(json.Marshal(j.Tags)),
4025-
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
4025+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionUpdate)
40264026
}))
40274027
s.Run("UpdateProvisionerJobWithCompleteByID", s.Subtest(func(db database.Store, check *expects) {
40284028
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
40294029
check.Args(database.UpdateProvisionerJobWithCompleteByIDParams{
40304030
ID: j.ID,
4031-
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
4031+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionUpdate)
40324032
}))
40334033
s.Run("UpdateProvisionerJobWithCompleteWithStartedAtByID", s.Subtest(func(db database.Store, check *expects) {
40344034
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
40354035
check.Args(database.UpdateProvisionerJobWithCompleteWithStartedAtByIDParams{
40364036
ID: j.ID,
4037-
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
4037+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionUpdate)
40384038
}))
40394039
s.Run("UpdateProvisionerJobByID", s.Subtest(func(db database.Store, check *expects) {
40404040
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
40414041
check.Args(database.UpdateProvisionerJobByIDParams{
40424042
ID: j.ID,
40434043
UpdatedAt: time.Now(),
4044-
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
4044+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionUpdate)
40454045
}))
40464046
s.Run("InsertProvisionerJob", s.Subtest(func(db database.Store, check *expects) {
40474047
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
@@ -4051,19 +4051,19 @@ func (s *MethodTestSuite) TestSystemFunctions() {
40514051
StorageMethod: database.ProvisionerStorageMethodFile,
40524052
Type: database.ProvisionerJobTypeWorkspaceBuild,
40534053
Input: json.RawMessage("{}"),
4054-
}).Asserts(rbac.ResourceSystem, policy.ActionCreate)
4054+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionCreate)
40554055
}))
40564056
s.Run("InsertProvisionerJobLogs", s.Subtest(func(db database.Store, check *expects) {
40574057
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
40584058
check.Args(database.InsertProvisionerJobLogsParams{
40594059
JobID: j.ID,
4060-
}).Asserts(rbac.ResourceSystem, policy.ActionCreate)
4060+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionUpdate)
40614061
}))
40624062
s.Run("InsertProvisionerJobTimings", s.Subtest(func(db database.Store, check *expects) {
40634063
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
40644064
check.Args(database.InsertProvisionerJobTimingsParams{
40654065
JobID: j.ID,
4066-
}).Asserts(rbac.ResourceSystem, policy.ActionCreate)
4066+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionUpdate)
40674067
}))
40684068
s.Run("UpsertProvisionerDaemon", s.Subtest(func(db database.Store, check *expects) {
40694069
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
@@ -4199,11 +4199,8 @@ func (s *MethodTestSuite) TestSystemFunctions() {
41994199
s.Run("GetFileTemplates", s.Subtest(func(db database.Store, check *expects) {
42004200
check.Args(uuid.New()).Asserts(rbac.ResourceSystem, policy.ActionRead)
42014201
}))
4202-
s.Run("GetHungProvisionerJobs", s.Subtest(func(db database.Store, check *expects) {
4203-
check.Args(time.Time{}).Asserts()
4204-
}))
4205-
s.Run("GetPendingProvisionerJobs", s.Subtest(func(db database.Store, check *expects) {
4206-
check.Args(time.Time{}).Asserts()
4202+
s.Run("GetProvisionerJobsToBeReaped", s.Subtest(func(db database.Store, check *expects) {
4203+
check.Args(database.GetProvisionerJobsToBeReapedParams{}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionRead)
42074204
}))
42084205
s.Run("UpsertOAuthSigningKey", s.Subtest(func(db database.Store, check *expects) {
42094206
check.Args("foo").Asserts(rbac.ResourceSystem, policy.ActionUpdate)
@@ -4282,7 +4279,7 @@ func (s *MethodTestSuite) TestSystemFunctions() {
42824279
check.Args([]uuid.UUID{uuid.New()}).Asserts(rbac.ResourceSystem, policy.ActionRead)
42834280
}))
42844281
s.Run("GetProvisionerJobsByIDsWithQueuePosition", s.Subtest(func(db database.Store, check *expects) {
4285-
check.Args([]uuid.UUID{}).Asserts()
4282+
check.Args([]uuid.UUID{}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionRead)
42864283
}))
42874284
s.Run("GetReplicaByID", s.Subtest(func(db database.Store, check *expects) {
42884285
check.Args(uuid.New()).Asserts(rbac.ResourceSystem, policy.ActionRead).Errors(sql.ErrNoRows)

coderd/rbac/object_gen.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/rbac/policy/policy.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -184,6 +184,7 @@ var RBACPermissions = map[string]PermissionDefinition{
184184
Actions: map[Action]ActionDefinition{
185185
ActionRead: actDef("read provisioner jobs"),
186186
ActionUpdate: actDef("update provisioner jobs"),
187+
ActionCreate: actDef("create provisioner jobs"),
187188
},
188189
},
189190
"organization": {

coderd/rbac/roles_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -580,7 +580,7 @@ func TestRolePermissions(t *testing.T) {
580580
},
581581
{
582582
Name: "ProvisionerJobs",
583-
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
583+
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate, policy.ActionCreate},
584584
Resource: rbac.ResourceProvisionerJobs.InOrg(orgID),
585585
AuthorizeMap: map[bool][]hasAuthSubjects{
586586
true: {owner, orgTemplateAdmin, orgAdmin},

codersdk/rbacresources_gen.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy