Skip to content

Commit 35574ad

Browse files
johnstcnjohnstcn
committed
run golangci-lint and goimports
1 parent b1c7df4 commit 35574ad

File tree

5 files changed

+53
-30
lines changed

5 files changed

+53
-30
lines changed

coderd/rbac/authz.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,8 +61,14 @@ func (a RegoAuthorizer) Authorize(ctx context.Context, subjectID string, roles [
6161
return ForbiddenWithInternal(xerrors.Errorf("expect only 1 result, got %d", len(results)), input)
6262
}
6363

64-
if results[0].Bindings["allowed"] != true {
64+
allowedResult, ok := (results[0].Bindings["allowed"]).(bool)
65+
if !ok {
66+
return ForbiddenWithInternal(xerrors.Errorf("expected allowed to be a bool but got %T", allowedResult), input)
67+
}
68+
69+
if allowedResult {
6570
return ForbiddenWithInternal(xerrors.Errorf("policy disallows request"), input)
6671
}
72+
6773
return nil
6874
}

coderd/rbac/authz_test.go

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,13 @@ package rbac_test
33
import (
44
"context"
55
"encoding/json"
6-
"golang.org/x/xerrors"
76
"testing"
87

9-
"github.com/coder/coder/coderd/rbac"
8+
"golang.org/x/xerrors"
9+
1010
"github.com/stretchr/testify/require"
11+
12+
"github.com/coder/coder/coderd/rbac"
1113
)
1214

1315
// subject is required because rego needs
@@ -429,6 +431,7 @@ func TestAuthorizeDomain(t *testing.T) {
429431
}
430432

431433
// TestAuthorizeLevels ensures level overrides are acting appropriately
434+
//nolint:paralleltest
432435
func TestAuthorizeLevels(t *testing.T) {
433436
defOrg := "default"
434437
wrkID := "1234"
@@ -598,7 +601,7 @@ func testAuthorize(t *testing.T, name string, subject subject, sets ...[]authTes
598601
err := authorizer.Authorize(context.Background(), subject.UserID, subject.Roles, c.resource, a)
599602
if c.allow {
600603
if err != nil {
601-
var uerr *rbac.Unauthorized
604+
var uerr *rbac.UnauthorizedError
602605
xerrors.As(err, &uerr)
603606
d, _ := json.Marshal(uerr.Input())
604607
t.Log(string(d))

coderd/rbac/error.go

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11
package rbac
22

33
const (
4-
// UnauthorizedErrorMessage is the error message that should be returned to
4+
// errUnauthorized is the error message that should be returned to
55
// clients when an action is forbidden. It is intentionally vague to prevent
66
// disclosing information that a client should not have access to.
7-
UnauthorizedErrorMessage = "unauthorized"
7+
errUnauthorized = "unauthorized"
88
)
99

10-
// Unauthorized is the error type for authorization errors
11-
type Unauthorized struct {
10+
// UnauthorizedError is the error type for authorization errors
11+
type UnauthorizedError struct {
1212
// internal is the internal error that should never be shown to the client.
1313
// It is only for debugging purposes.
1414
internal error
@@ -18,26 +18,26 @@ type Unauthorized struct {
1818
// ForbiddenWithInternal creates a new error that will return a simple
1919
// "forbidden" to the client, logging internally the more detailed message
2020
// provided.
21-
func ForbiddenWithInternal(internal error, input map[string]interface{}) *Unauthorized {
21+
func ForbiddenWithInternal(internal error, input map[string]interface{}) *UnauthorizedError {
2222
if input == nil {
2323
input = map[string]interface{}{}
2424
}
25-
return &Unauthorized{
25+
return &UnauthorizedError{
2626
internal: internal,
2727
input: input,
2828
}
2929
}
3030

3131
// Error implements the error interface.
32-
func (e *Unauthorized) Error() string {
33-
return UnauthorizedErrorMessage
32+
func (UnauthorizedError) Error() string {
33+
return errUnauthorized
3434
}
3535

3636
// Internal allows the internal error message to be logged.
37-
func (e *Unauthorized) Internal() error {
37+
func (e *UnauthorizedError) Internal() error {
3838
return e.internal
3939
}
4040

41-
func (e *Unauthorized) Input() map[string]interface{} {
41+
func (e *UnauthorizedError) Input() map[string]interface{} {
4242
return e.input
4343
}

coderd/rbac/example_test.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,9 @@ import (
44
"context"
55
"testing"
66

7-
"github.com/coder/coder/coderd/rbac"
87
"github.com/stretchr/testify/require"
8+
9+
"github.com/coder/coder/coderd/rbac"
910
)
1011

1112
// TestExample gives some examples on how to use the authz library.

coderd/rbac/object.go

Lines changed: 28 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -16,29 +16,42 @@ type Object struct {
1616
// TODO: SharedUsers?
1717
}
1818

19+
// All returns an object matching all resources of the same type.
1920
func (z Object) All() Object {
20-
z.OrgID = ""
21-
z.Owner = ""
22-
z.ResourceID = ""
23-
return z
21+
return Object{
22+
ResourceID: "",
23+
Owner: "",
24+
OrgID: "",
25+
Type: z.Type,
26+
}
2427
}
2528

2629
// InOrg adds an org OwnerID to the resource
27-
//nolint:revive
2830
func (z Object) InOrg(orgID string) Object {
29-
z.OrgID = orgID
30-
return z
31+
return Object{
32+
ResourceID: z.ResourceID,
33+
Owner: z.Owner,
34+
OrgID: orgID,
35+
Type: z.Type,
36+
}
3137
}
3238

3339
// WithOwner adds an OwnerID to the resource
34-
//nolint:revive
35-
func (z Object) WithOwner(id string) Object {
36-
z.Owner = id
37-
return z
40+
func (z Object) WithOwner(ownerID string) Object {
41+
return Object{
42+
ResourceID: z.ResourceID,
43+
Owner: ownerID,
44+
OrgID: z.OrgID,
45+
Type: z.Type,
46+
}
3847
}
3948

40-
//nolint:revive
41-
func (z Object) WithID(id string) Object {
42-
z.ResourceID = id
43-
return z
49+
// WithID adds a ResourceID to the resource
50+
func (z Object) WithID(resourceID string) Object {
51+
return Object{
52+
ResourceID: resourceID,
53+
Owner: z.Owner,
54+
OrgID: z.OrgID,
55+
Type: z.Type,
56+
}
4457
}

0 commit comments

Comments
 (0)