From 7fa6c4c6f3ec64b0f1eec4228b01544187495f7d Mon Sep 17 00:00:00 2001 From: McKayla Washburn Date: Thu, 7 Aug 2025 16:57:20 +0000 Subject: [PATCH 1/3] test: add tests for updating workspace acl --- coderd/workspaces_test.go | 117 +++++++++++++++++++++++++++- enterprise/coderd/templates_test.go | 33 +++----- 2 files changed, 124 insertions(+), 26 deletions(-) diff --git a/coderd/workspaces_test.go b/coderd/workspaces_test.go index 96381043db0ab..5a416d969d297 100644 --- a/coderd/workspaces_test.go +++ b/coderd/workspaces_test.go @@ -2678,8 +2678,7 @@ func TestWorkspaceUpdateAutostart(t *testing.T) { // ensure test invariant: new workspaces have no autostart schedule. require.Empty(t, workspace.AutostartSchedule, "expected newly-minted workspace to have no autostart schedule") - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) err := client.UpdateWorkspaceAutostart(ctx, workspace.ID, codersdk.UpdateWorkspaceAutostartRequest{ Schedule: ptr.Ref("CRON_TZ=Europe/Dublin 30 9 * * 1-5"), @@ -2698,8 +2697,7 @@ func TestWorkspaceUpdateAutostart(t *testing.T) { } ) - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) err := client.UpdateWorkspaceAutostart(ctx, wsid, req) require.IsType(t, err, &codersdk.Error{}, "expected codersdk.Error") @@ -4813,3 +4811,114 @@ func TestMultipleAITasksDisallowed(t *testing.T) { require.NoError(t, err) require.Contains(t, pj.Error.String, "only one 'coder_ai_task' resource can be provisioned per template") } + +func TestUpdateWorkspaceACL(t *testing.T) { + t.Parallel() + + t.Run("OK", func(t *testing.T) { + t.Parallel() + + dv := coderdtest.DeploymentValues(t) + dv.Experiments = []string{string(codersdk.ExperimentWorkspaceSharing)} + adminClient := coderdtest.New(t, &coderdtest.Options{ + IncludeProvisionerDaemon: true, + DeploymentValues: dv, + }) + adminUser := coderdtest.CreateFirstUser(t, adminClient) + orgID := adminUser.OrganizationID + client, _ := coderdtest.CreateAnotherUser(t, adminClient, orgID) + _, friend := coderdtest.CreateAnotherUser(t, adminClient, orgID) + group := coderdtest.CreateGroup(t, adminClient, orgID, "bloob") + + tv := coderdtest.CreateTemplateVersion(t, adminClient, orgID, nil) + coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, tv.ID) + template := coderdtest.CreateTemplate(t, adminClient, orgID, tv.ID) + + ws := coderdtest.CreateWorkspace(t, client, template.ID) + coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID) + + ctx := testutil.Context(t, testutil.WaitLong) + err := client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{ + UserRoles: map[string]codersdk.WorkspaceRole{ + friend.ID.String(): codersdk.WorkspaceRoleAdmin, + }, + GroupRoles: map[string]codersdk.WorkspaceRole{ + group.ID.String(): codersdk.WorkspaceRoleAdmin, + }, + }) + require.NoError(t, err) + }) + + t.Run("UnknownIDs", func(t *testing.T) { + t.Parallel() + + dv := coderdtest.DeploymentValues(t) + dv.Experiments = []string{string(codersdk.ExperimentWorkspaceSharing)} + adminClient := coderdtest.New(t, &coderdtest.Options{ + IncludeProvisionerDaemon: true, + DeploymentValues: dv, + }) + adminUser := coderdtest.CreateFirstUser(t, adminClient) + orgID := adminUser.OrganizationID + client, _ := coderdtest.CreateAnotherUser(t, adminClient, orgID) + + tv := coderdtest.CreateTemplateVersion(t, adminClient, orgID, nil) + coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, tv.ID) + template := coderdtest.CreateTemplate(t, adminClient, orgID, tv.ID) + + ws := coderdtest.CreateWorkspace(t, client, template.ID) + coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID) + + ctx := testutil.Context(t, testutil.WaitLong) + err := client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{ + UserRoles: map[string]codersdk.WorkspaceRole{ + uuid.NewString(): codersdk.WorkspaceRoleAdmin, + }, + GroupRoles: map[string]codersdk.WorkspaceRole{ + uuid.NewString(): codersdk.WorkspaceRoleAdmin, + }, + }) + require.Error(t, err) + cerr, ok := codersdk.AsError(err) + require.True(t, ok) + require.Len(t, cerr.Validations, 2) + require.Equal(t, cerr.Validations[0].Field, "group_roles") + require.Equal(t, cerr.Validations[1].Field, "user_roles") + }) + + t.Run("DeletedUser", func(t *testing.T) { + t.Parallel() + + dv := coderdtest.DeploymentValues(t) + dv.Experiments = []string{string(codersdk.ExperimentWorkspaceSharing)} + adminClient := coderdtest.New(t, &coderdtest.Options{ + IncludeProvisionerDaemon: true, + DeploymentValues: dv, + }) + adminUser := coderdtest.CreateFirstUser(t, adminClient) + orgID := adminUser.OrganizationID + client, _ := coderdtest.CreateAnotherUser(t, adminClient, orgID) + _, mike := coderdtest.CreateAnotherUser(t, adminClient, orgID) + + tv := coderdtest.CreateTemplateVersion(t, adminClient, orgID, nil) + coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, tv.ID) + template := coderdtest.CreateTemplate(t, adminClient, orgID, tv.ID) + + ws := coderdtest.CreateWorkspace(t, client, template.ID) + coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID) + + ctx := testutil.Context(t, testutil.WaitLong) + err := adminClient.DeleteUser(ctx, mike.ID) + require.NoError(t, err) + err = client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{ + UserRoles: map[string]codersdk.WorkspaceRole{ + mike.ID.String(): codersdk.WorkspaceRoleAdmin, + }, + }) + require.Error(t, err) + cerr, ok := codersdk.AsError(err) + require.True(t, ok) + require.Len(t, cerr.Validations, 1) + require.Equal(t, cerr.Validations[0].Field, "user_roles") + }) +} diff --git a/enterprise/coderd/templates_test.go b/enterprise/coderd/templates_test.go index d95450e28e8aa..038500a0f7681 100644 --- a/enterprise/coderd/templates_test.go +++ b/enterprise/coderd/templates_test.go @@ -70,8 +70,7 @@ func TestTemplates(t *testing.T) { _ = coderdtest.CreateWorkspace(t, otherClient, secondTemplate.ID) - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) updated, err := client.UpdateTemplateMeta(ctx, template.ID, codersdk.UpdateTemplateMeta{ DeprecationMessage: ptr.Ref("Stop using this template"), @@ -185,8 +184,7 @@ func TestTemplates(t *testing.T) { ws, err := client.Workspace(context.Background(), ws.ID) require.NoError(t, err) - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) // OK var level codersdk.WorkspaceAgentPortShareLevel = codersdk.WorkspaceAgentPortShareLevelPublic @@ -704,8 +702,7 @@ func TestTemplates(t *testing.T) { coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) require.True(t, template.RequireActiveVersion) - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) // Update the field and assert it persists. updatedTemplate, err := anotherClient.UpdateTemplateMeta(ctx, template.ID, codersdk.UpdateTemplateMeta{ @@ -761,8 +758,7 @@ func TestTemplates(t *testing.T) { }) require.NoError(t, err) - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) _, err = owner.Template(ctx, template.ID) require.NoError(t, err) @@ -932,8 +928,7 @@ func TestTemplateACL(t *testing.T) { version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) acl, err := anotherClient.TemplateACL(ctx, template.ID) require.NoError(t, err) @@ -955,8 +950,7 @@ func TestTemplateACL(t *testing.T) { version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) //nolint:gocritic // non-template-admin cannot update template acl acl, err := client.TemplateACL(ctx, template.ID) @@ -1004,8 +998,7 @@ func TestTemplateACL(t *testing.T) { version := coderdtest.CreateTemplateVersion(t, client, admin.OrganizationID, nil) template := coderdtest.CreateTemplate(t, client, admin.OrganizationID, version.ID) - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) //nolint:gocritic // non-template-admin cannot get template acl acl, err := client.TemplateACL(ctx, template.ID) @@ -1267,8 +1260,7 @@ func TestUpdateTemplateACL(t *testing.T) { version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) err := anotherClient.UpdateTemplateACL(ctx, template.ID, codersdk.UpdateTemplateACL{ UserPerms: map[string]codersdk.TemplateRole{ @@ -1359,8 +1351,7 @@ func TestUpdateTemplateACL(t *testing.T) { }, } - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) err := anotherClient.UpdateTemplateACL(ctx, template.ID, req) require.NoError(t, err) @@ -1679,8 +1670,7 @@ func TestUpdateTemplateACL(t *testing.T) { version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) acl, err := anotherClient.TemplateACL(ctx, template.ID) require.NoError(t, err) @@ -1769,8 +1759,7 @@ func TestUpdateTemplateACL(t *testing.T) { version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + ctx := testutil.Context(t, testutil.WaitLong) acl, err := anotherClient.TemplateACL(ctx, template.ID) require.NoError(t, err) From 161ac2a8292037a89cc266d199161608b6481aca Mon Sep 17 00:00:00 2001 From: McKayla Washburn Date: Thu, 7 Aug 2025 17:05:46 +0000 Subject: [PATCH 2/3] tada --- coderd/workspaces_test.go | 6 +++--- enterprise/coderd/templates_test.go | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/coderd/workspaces_test.go b/coderd/workspaces_test.go index 5a416d969d297..2c90567f49865 100644 --- a/coderd/workspaces_test.go +++ b/coderd/workspaces_test.go @@ -4837,7 +4837,7 @@ func TestUpdateWorkspaceACL(t *testing.T) { ws := coderdtest.CreateWorkspace(t, client, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID) - ctx := testutil.Context(t, testutil.WaitLong) + ctx := testutil.Context(t, testutil.WaitMedium) err := client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{ UserRoles: map[string]codersdk.WorkspaceRole{ friend.ID.String(): codersdk.WorkspaceRoleAdmin, @@ -4869,7 +4869,7 @@ func TestUpdateWorkspaceACL(t *testing.T) { ws := coderdtest.CreateWorkspace(t, client, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID) - ctx := testutil.Context(t, testutil.WaitLong) + ctx := testutil.Context(t, testutil.WaitMedium) err := client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{ UserRoles: map[string]codersdk.WorkspaceRole{ uuid.NewString(): codersdk.WorkspaceRoleAdmin, @@ -4907,7 +4907,7 @@ func TestUpdateWorkspaceACL(t *testing.T) { ws := coderdtest.CreateWorkspace(t, client, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID) - ctx := testutil.Context(t, testutil.WaitLong) + ctx := testutil.Context(t, testutil.WaitMedium) err := adminClient.DeleteUser(ctx, mike.ID) require.NoError(t, err) err = client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{ diff --git a/enterprise/coderd/templates_test.go b/enterprise/coderd/templates_test.go index 038500a0f7681..30b04eaa007b4 100644 --- a/enterprise/coderd/templates_test.go +++ b/enterprise/coderd/templates_test.go @@ -758,8 +758,6 @@ func TestTemplates(t *testing.T) { }) require.NoError(t, err) - ctx := testutil.Context(t, testutil.WaitLong) - _, err = owner.Template(ctx, template.ID) require.NoError(t, err) }) From 32ec298ee730d328d8e95342b8541903a127633a Mon Sep 17 00:00:00 2001 From: McKayla Washburn Date: Thu, 7 Aug 2025 17:28:00 +0000 Subject: [PATCH 3/3] shuffle a little --- coderd/workspaces_test.go | 14 ++--- enterprise/coderd/workspaces_test.go | 81 ++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+), 11 deletions(-) diff --git a/coderd/workspaces_test.go b/coderd/workspaces_test.go index 2c90567f49865..90a7c87d41041 100644 --- a/coderd/workspaces_test.go +++ b/coderd/workspaces_test.go @@ -4828,7 +4828,6 @@ func TestUpdateWorkspaceACL(t *testing.T) { orgID := adminUser.OrganizationID client, _ := coderdtest.CreateAnotherUser(t, adminClient, orgID) _, friend := coderdtest.CreateAnotherUser(t, adminClient, orgID) - group := coderdtest.CreateGroup(t, adminClient, orgID, "bloob") tv := coderdtest.CreateTemplateVersion(t, adminClient, orgID, nil) coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, tv.ID) @@ -4842,14 +4841,11 @@ func TestUpdateWorkspaceACL(t *testing.T) { UserRoles: map[string]codersdk.WorkspaceRole{ friend.ID.String(): codersdk.WorkspaceRoleAdmin, }, - GroupRoles: map[string]codersdk.WorkspaceRole{ - group.ID.String(): codersdk.WorkspaceRoleAdmin, - }, }) require.NoError(t, err) }) - t.Run("UnknownIDs", func(t *testing.T) { + t.Run("UnknownUserID", func(t *testing.T) { t.Parallel() dv := coderdtest.DeploymentValues(t) @@ -4874,16 +4870,12 @@ func TestUpdateWorkspaceACL(t *testing.T) { UserRoles: map[string]codersdk.WorkspaceRole{ uuid.NewString(): codersdk.WorkspaceRoleAdmin, }, - GroupRoles: map[string]codersdk.WorkspaceRole{ - uuid.NewString(): codersdk.WorkspaceRoleAdmin, - }, }) require.Error(t, err) cerr, ok := codersdk.AsError(err) require.True(t, ok) - require.Len(t, cerr.Validations, 2) - require.Equal(t, cerr.Validations[0].Field, "group_roles") - require.Equal(t, cerr.Validations[1].Field, "user_roles") + require.Len(t, cerr.Validations, 1) + require.Equal(t, cerr.Validations[0].Field, "user_roles") }) t.Run("DeletedUser", func(t *testing.T) { diff --git a/enterprise/coderd/workspaces_test.go b/enterprise/coderd/workspaces_test.go index 2278fb2a71939..f8fcddb005e19 100644 --- a/enterprise/coderd/workspaces_test.go +++ b/enterprise/coderd/workspaces_test.go @@ -3523,3 +3523,84 @@ func must[T any](value T, err error) T { } return value } + +func TestUpdateWorkspaceACL(t *testing.T) { + t.Parallel() + + t.Run("OKWithGroup", func(t *testing.T) { + t.Parallel() + + dv := coderdtest.DeploymentValues(t) + dv.Experiments = []string{string(codersdk.ExperimentWorkspaceSharing)} + adminClient, adminUser := coderdenttest.New(t, &coderdenttest.Options{ + Options: &coderdtest.Options{ + IncludeProvisionerDaemon: true, + DeploymentValues: dv, + }, + LicenseOptions: &coderdenttest.LicenseOptions{ + Features: license.Features{ + codersdk.FeatureTemplateRBAC: 1, + }, + }, + }) + orgID := adminUser.OrganizationID + client, _ := coderdtest.CreateAnotherUser(t, adminClient, orgID) + _, friend := coderdtest.CreateAnotherUser(t, adminClient, orgID) + group := coderdtest.CreateGroup(t, adminClient, orgID, "bloob") + + tv := coderdtest.CreateTemplateVersion(t, adminClient, orgID, nil) + coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, tv.ID) + template := coderdtest.CreateTemplate(t, adminClient, orgID, tv.ID) + + ws := coderdtest.CreateWorkspace(t, client, template.ID) + coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID) + + ctx := testutil.Context(t, testutil.WaitMedium) + err := client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{ + UserRoles: map[string]codersdk.WorkspaceRole{ + friend.ID.String(): codersdk.WorkspaceRoleAdmin, + }, + GroupRoles: map[string]codersdk.WorkspaceRole{ + group.ID.String(): codersdk.WorkspaceRoleAdmin, + }, + }) + require.NoError(t, err) + }) + + t.Run("UnknownIDs", func(t *testing.T) { + t.Parallel() + + dv := coderdtest.DeploymentValues(t) + dv.Experiments = []string{string(codersdk.ExperimentWorkspaceSharing)} + adminClient := coderdtest.New(t, &coderdtest.Options{ + IncludeProvisionerDaemon: true, + DeploymentValues: dv, + }) + adminUser := coderdtest.CreateFirstUser(t, adminClient) + orgID := adminUser.OrganizationID + client, _ := coderdtest.CreateAnotherUser(t, adminClient, orgID) + + tv := coderdtest.CreateTemplateVersion(t, adminClient, orgID, nil) + coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, tv.ID) + template := coderdtest.CreateTemplate(t, adminClient, orgID, tv.ID) + + ws := coderdtest.CreateWorkspace(t, client, template.ID) + coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID) + + ctx := testutil.Context(t, testutil.WaitMedium) + err := client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{ + UserRoles: map[string]codersdk.WorkspaceRole{ + uuid.NewString(): codersdk.WorkspaceRoleAdmin, + }, + GroupRoles: map[string]codersdk.WorkspaceRole{ + uuid.NewString(): codersdk.WorkspaceRoleAdmin, + }, + }) + require.Error(t, err) + cerr, ok := codersdk.AsError(err) + require.True(t, ok) + require.Len(t, cerr.Validations, 2) + require.Equal(t, cerr.Validations[0].Field, "group_roles") + require.Equal(t, cerr.Validations[1].Field, "user_roles") + }) +}