Add codersdk roles

Emyrk · Emyrk · commit 3c44caaf9333 · 2024-06-07T17:15:02.000-05:00
diff --git a/cli/server_createadminuser_test.go b/cli/server_createadminuser_test.go
@@ -17,6 +17,7 @@ import (
 	"github.com/coder/coder/v2/coderd/database/dbtime"
 	"github.com/coder/coder/v2/coderd/rbac"
 	"github.com/coder/coder/v2/coderd/userpassword"
+	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/coder/v2/pty/ptytest"
 	"github.com/coder/coder/v2/testutil"
 )
@@ -56,7 +57,7 @@ func TestServerCreateAdminUser(t *testing.T) {
 		require.NoError(t, err)
 		require.True(t, ok, "password does not match")
 
-		require.EqualValues(t, []string{rbac.RoleOwner().String()}, user.RBACRoles, "user does not have owner role")
+		require.EqualValues(t, []string{codersdk.RoleOwner}, user.RBACRoles, "user does not have owner role")
 
 		// Check that user is admin in every org.
 		orgs, err := db.GetOrganizations(ctx)
diff --git a/coderd/httpmw/authorize_test.go b/coderd/httpmw/authorize_test.go
@@ -27,27 +27,26 @@ func TestExtractUserRoles(t *testing.T) {
 	t.Parallel()
 	testCases := []struct {
 		Name    string
-		AddUser func(db database.Store) (database.User, []string, string)
+		AddUser func(db database.Store) (database.User, []rbac.RoleName, string)
 	}{
 		{
 			Name: "Member",
-			AddUser: func(db database.Store) (database.User, []string, string) {
-				roles := []string{}
-				user, token := addUser(t, db, roles...)
-				return user, append(roles, rbac.RoleMember()), token
+			AddUser: func(db database.Store) (database.User, []rbac.RoleName, string) {
+				user, token := addUser(t, db)
+				return user, []rbac.RoleName{rbac.RoleMember()}, token
 			},
 		},
 		{
-			Name: "Admin",
-			AddUser: func(db database.Store) (database.User, []string, string) {
-				roles := []string{rbac.RoleOwner()}
+			Name: "Owner",
+			AddUser: func(db database.Store) (database.User, []rbac.RoleName, string) {
+				roles := []string{codersdk.RoleOwner}
 				user, token := addUser(t, db, roles...)
-				return user, append(roles, rbac.RoleMember()), token
+				return user, []rbac.RoleName{rbac.RoleOwner(), rbac.RoleMember()}, token
 			},
 		},
 		{
 			Name: "OrgMember",
-			AddUser: func(db database.Store) (database.User, []string, string) {
+			AddUser: func(db database.Store) (database.User, []rbac.RoleName, string) {
 				roles := []string{}
 				user, token := addUser(t, db, roles...)
 				org, err := db.InsertOrganization(context.Background(), database.InsertOrganizationParams{
@@ -68,15 +67,15 @@ func TestExtractUserRoles(t *testing.T) {
 					Roles:          orgRoles,
 				})
 				require.NoError(t, err)
-				return user, append(roles, append(orgRoles, rbac.RoleMember(), rbac.ScopedRoleOrgMember(org.ID))...), token
+				return user, []rbac.RoleName{rbac.RoleMember(), rbac.ScopedRoleOrgMember(org.ID)}, token
 			},
 		},
 		{
 			Name: "MultipleOrgMember",
-			AddUser: func(db database.Store) (database.User, []string, string) {
-				roles := []string{}
-				user, token := addUser(t, db, roles...)
-				roles = append(roles, rbac.RoleMember())
+			AddUser: func(db database.Store) (database.User, []rbac.RoleName, string) {
+				expected := []rbac.RoleName{}
+				user, token := addUser(t, db)
+				expected = append(expected, rbac.RoleMember())
 				for i := 0; i < 3; i++ {
 					organization, err := db.InsertOrganization(context.Background(), database.InsertOrganizationParams{
 						ID:          uuid.New(),
@@ -89,8 +88,8 @@ func TestExtractUserRoles(t *testing.T) {
 
 					orgRoles := []string{}
 					if i%2 == 0 {
-						orgRoles = append(orgRoles, rbac.RoleOrgAdmin())
-						roles = append(roles, rbac.ScopedRoleOrgAdmin(organization.ID))
+						orgRoles = append(orgRoles, codersdk.RoleOrganizationAdmin)
+						expected = append(expected, rbac.ScopedRoleOrgAdmin(organization.ID))
 					}
 					_, err = db.InsertOrganizationMember(context.Background(), database.InsertOrganizationMemberParams{
 						OrganizationID: organization.ID,
@@ -100,9 +99,9 @@ func TestExtractUserRoles(t *testing.T) {
 						Roles:          orgRoles,
 					})
 					require.NoError(t, err)
-					roles = append(roles, rbac.ScopedRoleOrgMember(organization.ID))
+					expected = append(expected, rbac.ScopedRoleOrgMember(organization.ID))
 				}
-				return user, roles, token
+				return user, expected, token
 			},
 		},
 	}
diff --git a/coderd/httpmw/organizationparam_test.go b/coderd/httpmw/organizationparam_test.go
@@ -16,7 +16,6 @@ import (
 	"github.com/coder/coder/v2/coderd/database/dbmem"
 	"github.com/coder/coder/v2/coderd/database/dbtime"
 	"github.com/coder/coder/v2/coderd/httpmw"
-	"github.com/coder/coder/v2/coderd/rbac"
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/coder/v2/testutil"
 )
@@ -152,11 +151,11 @@ func TestOrganizationParam(t *testing.T) {
 		_ = dbgen.OrganizationMember(t, db, database.OrganizationMember{
 			OrganizationID: organization.ID,
 			UserID:         user.ID,
-			Roles:          []string{rbac.ScopedRoleOrgMember(organization.ID)},
+			Roles:          []string{codersdk.RoleOrganizationMember},
 		})
 		_, err := db.UpdateUserRoles(ctx, database.UpdateUserRolesParams{
 			ID:           user.ID,
-			GrantedRoles: []string{rbac.RoleTemplateAdmin()},
+			GrantedRoles: []string{codersdk.RoleTemplateAdmin},
 		})
 		require.NoError(t, err)
 
diff --git a/coderd/httpmw/ratelimit_test.go b/coderd/httpmw/ratelimit_test.go
@@ -16,7 +16,6 @@ import (
 	"github.com/coder/coder/v2/coderd/database/dbgen"
 	"github.com/coder/coder/v2/coderd/database/dbmem"
 	"github.com/coder/coder/v2/coderd/httpmw"
-	"github.com/coder/coder/v2/coderd/rbac"
 	"github.com/coder/coder/v2/codersdk"
 )
 
@@ -117,7 +116,7 @@ func TestRateLimit(t *testing.T) {
 		db := dbmem.New()
 
 		u := dbgen.User(t, db, database.User{
-			RBACRoles: []string{rbac.RoleOwner()},
+			RBACRoles: []string{codersdk.RoleOwner},
 		})
 		_, key := dbgen.APIKey(t, db, database.APIKey{UserID: u.ID})
 
diff --git a/coderd/users_test.go b/coderd/users_test.go
@@ -994,7 +994,7 @@ func TestGrantSiteRoles(t *testing.T) {
 			Name:         "UserNotExists",
 			Client:       admin,
 			AssignToUser: uuid.NewString(),
-			Roles:        []string{rbac.RoleOwner()},
+			Roles:        []string{codersdk.RoleOwner},
 			Error:        true,
 			StatusCode:   http.StatusBadRequest,
 		},
@@ -1020,7 +1020,7 @@ func TestGrantSiteRoles(t *testing.T) {
 			Client:       admin,
 			OrgID:        first.OrganizationID,
 			AssignToUser: codersdk.Me,
-			Roles:        []string{rbac.RoleOwner()},
+			Roles:        []string{codersdk.RoleOwner},
 			Error:        true,
 			StatusCode:   http.StatusBadRequest,
 		},
@@ -1057,9 +1057,9 @@ func TestGrantSiteRoles(t *testing.T) {
 			Name:         "UserAdminMakeMember",
 			Client:       userAdmin,
 			AssignToUser: newUser,
-			Roles:        []string{rbac.RoleMember()},
+			Roles:        []string{codersdk.RoleMember},
 			ExpectedRoles: []string{
-				rbac.RoleMember(),
+				codersdk.RoleMember,
 			},
 			Error: false,
 		},
@@ -1124,7 +1124,7 @@ func TestInitialRoles(t *testing.T) {
 	roles, err := client.UserRoles(ctx, codersdk.Me)
 	require.NoError(t, err)
 	require.ElementsMatch(t, roles.Roles, []string{
-		rbac.RoleOwner(),
+		codersdk.RoleOwner,
 	}, "should be a member and admin")
 
 	require.ElementsMatch(t, roles.OrganizationRoles[first.OrganizationID], []string{}, "should be a member")
@@ -1289,12 +1289,12 @@ func TestUsersFilter(t *testing.T) {
 	users := make([]codersdk.User, 0)
 	users = append(users, firstUser)
 	for i := 0; i < 15; i++ {
-		roles := []string{}
+		roles := []rbac.RoleName{}
 		if i%2 == 0 {
 			roles = append(roles, rbac.RoleTemplateAdmin(), rbac.RoleUserAdmin())
 		}
 		if i%3 == 0 {
-			roles = append(roles, "auditor")
+			roles = append(roles, rbac.RoleAuditor())
 		}
 		userClient, userData := coderdtest.CreateAnotherUser(t, client, first.OrganizationID, roles...)
 		// Set the last seen for each user to a unique day
@@ -1379,12 +1379,12 @@ func TestUsersFilter(t *testing.T) {
 		{
 			Name: "Admins",
 			Filter: codersdk.UsersRequest{
-				Role:   rbac.RoleOwner(),
+				Role:   codersdk.RoleOwner,
 				Status: codersdk.UserStatusSuspended + "," + codersdk.UserStatusActive,
 			},
 			FilterF: func(_ codersdk.UsersRequest, u codersdk.User) bool {
 				for _, r := range u.Roles {
-					if r.Name == rbac.RoleOwner() {
+					if r.Name == codersdk.RoleOwner {
 						return true
 					}
 				}
@@ -1399,7 +1399,7 @@ func TestUsersFilter(t *testing.T) {
 			},
 			FilterF: func(_ codersdk.UsersRequest, u codersdk.User) bool {
 				for _, r := range u.Roles {
-					if r.Name == rbac.RoleOwner() {
+					if r.Name == codersdk.RoleOwner {
 						return true
 					}
 				}
@@ -1409,7 +1409,7 @@ func TestUsersFilter(t *testing.T) {
 		{
 			Name: "Members",
 			Filter: codersdk.UsersRequest{
-				Role:   rbac.RoleMember(),
+				Role:   codersdk.RoleMember,
 				Status: codersdk.UserStatusSuspended + "," + codersdk.UserStatusActive,
 			},
 			FilterF: func(_ codersdk.UsersRequest, u codersdk.User) bool {
@@ -1423,7 +1423,7 @@ func TestUsersFilter(t *testing.T) {
 			},
 			FilterF: func(_ codersdk.UsersRequest, u codersdk.User) bool {
 				for _, r := range u.Roles {
-					if r.Name == rbac.RoleOwner() {
+					if r.Name == codersdk.RoleOwner {
 						return (strings.ContainsAny(u.Username, "iI") || strings.ContainsAny(u.Email, "iI")) &&
 							u.Status == codersdk.UserStatusActive
 					}
@@ -1438,7 +1438,7 @@ func TestUsersFilter(t *testing.T) {
 			},
 			FilterF: func(_ codersdk.UsersRequest, u codersdk.User) bool {
 				for _, r := range u.Roles {
-					if r.Name == rbac.RoleOwner() {
+					if r.Name == codersdk.RoleOwner {
 						return (strings.ContainsAny(u.Username, "iI") || strings.ContainsAny(u.Email, "iI")) &&
 							u.Status == codersdk.UserStatusActive
 					}
diff --git a/codersdk/rbacroles.go b/codersdk/rbacroles.go
@@ -0,0 +1,13 @@
+package codersdk
+
+// Ideally this roles would be generated from the rbac/roles.go package.
+const (
+	RoleOwner         string = "owner"
+	RoleMember        string = "member"
+	RoleTemplateAdmin string = "template-admin"
+	RoleUserAdmin     string = "user-admin"
+	RoleAuditor       string = "auditor"
+
+	RoleOrganizationAdmin  string = "organization-admin"
+	RoleOrganizationMember string = "organization-member"
+)
