Skip to content

Commit 68b022f

Browse files
defelmnqdefelmnq
committed
add dbauthz tests
1 parent 4bfb4cb commit 68b022f

File tree

22 files changed

+2207
-1950
lines changed

22 files changed

+2207
-1950
lines changed

coderd/apidoc/docs.go

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dbauthz/dbauthz.go

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1392,6 +1392,10 @@ func (q *querier) FavoriteWorkspace(ctx context.Context, id uuid.UUID) error {
13921392
}
13931393

13941394
func (q *querier) FetchMemoryResourceMonitorsByAgentID(ctx context.Context, agentID uuid.UUID) (database.WorkspaceAgentMemoryResourceMonitor, error) {
1395+
if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceWorkspaceAgentMemoryResourceMonitor); err != nil {
1396+
return database.WorkspaceAgentMemoryResourceMonitor{}, err
1397+
}
1398+
13951399
return q.db.FetchMemoryResourceMonitorsByAgentID(ctx, agentID)
13961400
}
13971401

@@ -1403,6 +1407,10 @@ func (q *querier) FetchNewMessageMetadata(ctx context.Context, arg database.Fetc
14031407
}
14041408

14051409
func (q *querier) FetchVolumesResourceMonitorsByAgentID(ctx context.Context, agentID uuid.UUID) ([]database.WorkspaceAgentVolumeResourceMonitor, error) {
1410+
if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceWorkspaceAgentVolumeResourceMonitor); err != nil {
1411+
return nil, err
1412+
}
1413+
14061414
return q.db.FetchVolumesResourceMonitorsByAgentID(ctx, agentID)
14071415
}
14081416

@@ -2998,6 +3006,10 @@ func (q *querier) InsertLicense(ctx context.Context, arg database.InsertLicenseP
29983006
}
29993007

30003008
func (q *querier) InsertMemoryResourceMonitor(ctx context.Context, arg database.InsertMemoryResourceMonitorParams) (database.WorkspaceAgentMemoryResourceMonitor, error) {
3009+
if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceWorkspaceAgentMemoryResourceMonitor); err != nil {
3010+
return database.WorkspaceAgentMemoryResourceMonitor{}, err
3011+
}
3012+
30013013
return q.db.InsertMemoryResourceMonitor(ctx, arg)
30023014
}
30033015

@@ -3187,6 +3199,10 @@ func (q *querier) InsertUserLink(ctx context.Context, arg database.InsertUserLin
31873199
}
31883200

31893201
func (q *querier) InsertVolumeResourceMonitor(ctx context.Context, arg database.InsertVolumeResourceMonitorParams) (database.WorkspaceAgentVolumeResourceMonitor, error) {
3202+
if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceWorkspaceAgentVolumeResourceMonitor); err != nil {
3203+
return database.WorkspaceAgentVolumeResourceMonitor{}, err
3204+
}
3205+
31903206
return q.db.InsertVolumeResourceMonitor(ctx, arg)
31913207
}
31923208

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 91 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4544,3 +4544,94 @@ func (s *MethodTestSuite) TestOAuth2ProviderAppTokens() {
45444544
}).Asserts(rbac.ResourceOauth2AppCodeToken.WithOwner(user.ID.String()), policy.ActionDelete)
45454545
}))
45464546
}
4547+
4548+
func (s *MethodTestSuite) TestResourcesMonitor() {
4549+
s.Run("InsertMemoryResourceMonitor", s.Subtest(func(db database.Store, check *expects) {
4550+
check.Args(database.InsertMemoryResourceMonitorParams{}).Asserts(rbac.ResourceWorkspaceAgentMemoryResourceMonitor, policy.ActionCreate)
4551+
}))
4552+
4553+
s.Run("InsertVolumeResourceMonitor", s.Subtest(func(db database.Store, check *expects) {
4554+
check.Args(database.InsertVolumeResourceMonitorParams{}).Asserts(rbac.ResourceWorkspaceAgentVolumeResourceMonitor, policy.ActionCreate)
4555+
}))
4556+
4557+
s.Run("FetchMemoryResourceMonitorsByAgentID", s.Subtest(func(db database.Store, check *expects) {
4558+
u := dbgen.User(s.T(), db, database.User{})
4559+
o := dbgen.Organization(s.T(), db, database.Organization{})
4560+
tpl := dbgen.Template(s.T(), db, database.Template{
4561+
OrganizationID: o.ID,
4562+
CreatedBy: u.ID,
4563+
})
4564+
tv := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{
4565+
TemplateID: uuid.NullUUID{UUID: tpl.ID, Valid: true},
4566+
OrganizationID: o.ID,
4567+
CreatedBy: u.ID,
4568+
})
4569+
w := dbgen.Workspace(s.T(), db, database.WorkspaceTable{
4570+
TemplateID: tpl.ID,
4571+
OrganizationID: o.ID,
4572+
OwnerID: u.ID,
4573+
})
4574+
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{
4575+
Type: database.ProvisionerJobTypeWorkspaceBuild,
4576+
})
4577+
b := dbgen.WorkspaceBuild(s.T(), db, database.WorkspaceBuild{
4578+
JobID: j.ID,
4579+
WorkspaceID: w.ID,
4580+
TemplateVersionID: tv.ID,
4581+
})
4582+
res := dbgen.WorkspaceResource(s.T(), db, database.WorkspaceResource{JobID: b.JobID})
4583+
agt := dbgen.WorkspaceAgent(s.T(), db, database.WorkspaceAgent{ResourceID: res.ID})
4584+
dbgen.WorkspaceAgentMemoryResourceMonitor(s.T(), db, database.WorkspaceAgentMemoryResourceMonitor{
4585+
AgentID: agt.ID,
4586+
Enabled: true,
4587+
Threshold: 80,
4588+
CreatedAt: dbtime.Now(),
4589+
})
4590+
4591+
monitor, err := db.FetchMemoryResourceMonitorsByAgentID(context.Background(), agt.ID)
4592+
require.NoError(s.T(), err)
4593+
4594+
check.Args(agt.ID).Asserts(rbac.ResourceWorkspaceAgentMemoryResourceMonitor, policy.ActionRead).Returns(monitor)
4595+
}))
4596+
4597+
s.Run("FetchVolumesResourceMonitorsByAgentID", s.Subtest(func(db database.Store, check *expects) {
4598+
u := dbgen.User(s.T(), db, database.User{})
4599+
o := dbgen.Organization(s.T(), db, database.Organization{})
4600+
tpl := dbgen.Template(s.T(), db, database.Template{
4601+
OrganizationID: o.ID,
4602+
CreatedBy: u.ID,
4603+
})
4604+
tv := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{
4605+
TemplateID: uuid.NullUUID{UUID: tpl.ID, Valid: true},
4606+
OrganizationID: o.ID,
4607+
CreatedBy: u.ID,
4608+
})
4609+
w := dbgen.Workspace(s.T(), db, database.WorkspaceTable{
4610+
TemplateID: tpl.ID,
4611+
OrganizationID: o.ID,
4612+
OwnerID: u.ID,
4613+
})
4614+
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{
4615+
Type: database.ProvisionerJobTypeWorkspaceBuild,
4616+
})
4617+
b := dbgen.WorkspaceBuild(s.T(), db, database.WorkspaceBuild{
4618+
JobID: j.ID,
4619+
WorkspaceID: w.ID,
4620+
TemplateVersionID: tv.ID,
4621+
})
4622+
res := dbgen.WorkspaceResource(s.T(), db, database.WorkspaceResource{JobID: b.JobID})
4623+
agt := dbgen.WorkspaceAgent(s.T(), db, database.WorkspaceAgent{ResourceID: res.ID})
4624+
dbgen.WorkspaceAgentVolumeResourceMonitor(s.T(), db, database.WorkspaceAgentVolumeResourceMonitor{
4625+
AgentID: agt.ID,
4626+
Path: "/var/lib",
4627+
Enabled: true,
4628+
Threshold: 80,
4629+
CreatedAt: dbtime.Now(),
4630+
})
4631+
4632+
monitors, err := db.FetchVolumesResourceMonitorsByAgentID(context.Background(), agt.ID)
4633+
require.NoError(s.T(), err)
4634+
4635+
check.Args(agt.ID).Asserts(rbac.ResourceWorkspaceAgentVolumeResourceMonitor, policy.ActionRead).Returns(monitors)
4636+
}))
4637+
}

coderd/database/dbgen/dbgen.go

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1032,6 +1032,29 @@ func OAuth2ProviderAppToken(t testing.TB, db database.Store, seed database.OAuth
10321032
return token
10331033
}
10341034

1035+
func WorkspaceAgentMemoryResourceMonitor(t testing.TB, db database.Store, seed database.WorkspaceAgentMemoryResourceMonitor) database.WorkspaceAgentMemoryResourceMonitor {
1036+
monitor, err := db.InsertMemoryResourceMonitor(genCtx, database.InsertMemoryResourceMonitorParams{
1037+
AgentID: takeFirst(seed.AgentID, uuid.New()),
1038+
Enabled: takeFirst(seed.Enabled, true),
1039+
Threshold: takeFirst(seed.Threshold, 100),
1040+
CreatedAt: takeFirst(seed.CreatedAt, dbtime.Now()),
1041+
})
1042+
require.NoError(t, err, "insert workspace agent memory resource monitor")
1043+
return monitor
1044+
}
1045+
1046+
func WorkspaceAgentVolumeResourceMonitor(t testing.TB, db database.Store, seed database.WorkspaceAgentVolumeResourceMonitor) database.WorkspaceAgentVolumeResourceMonitor {
1047+
monitor, err := db.InsertVolumeResourceMonitor(genCtx, database.InsertVolumeResourceMonitorParams{
1048+
AgentID: takeFirst(seed.AgentID, uuid.New()),
1049+
Path: takeFirst(seed.Path, "/"),
1050+
Enabled: takeFirst(seed.Enabled, true),
1051+
Threshold: takeFirst(seed.Threshold, 100),
1052+
CreatedAt: takeFirst(seed.CreatedAt, dbtime.Now()),
1053+
})
1054+
require.NoError(t, err, "insert workspace agent volume resource monitor")
1055+
return monitor
1056+
}
1057+
10351058
func CustomRole(t testing.TB, db database.Store, seed database.CustomRole) database.CustomRole {
10361059
role, err := db.InsertCustomRole(genCtx, database.InsertCustomRoleParams{
10371060
Name: takeFirst(seed.Name, strings.ToLower(testutil.GetRandomName(t))),

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy