Skip to content

Commit 5120fb1

Browse files
ibetitsmikeibetitsmike
committed
WIP
1 parent d8db119 commit 5120fb1

File tree

6 files changed

+17
-17
lines changed

6 files changed

+17
-17
lines changed

coderd/database/dbauthz/dbauthz.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -347,6 +347,7 @@ var (
347347
rbac.ResourceNotificationTemplate.Type: {policy.ActionCreate, policy.ActionUpdate, policy.ActionDelete},
348348
rbac.ResourceCryptoKey.Type: {policy.ActionCreate, policy.ActionUpdate, policy.ActionDelete},
349349
rbac.ResourceFile.Type: {policy.ActionCreate, policy.ActionRead},
350+
rbac.ResourceProvisionerJobs.Type: {policy.ActionRead, policy.ActionUpdate, policy.ActionCreate},
350351
}),
351352
Org: map[string][]rbac.Permission{},
352353
User: []rbac.Permission{},

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 12 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -3892,7 +3892,7 @@ func (s *MethodTestSuite) TestSystemFunctions() {
38923892
}))
38933893
s.Run("GetProvisionerJobsCreatedAfter", s.Subtest(func(db database.Store, check *expects) {
38943894
_ = dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{CreatedAt: time.Now().Add(-time.Hour)})
3895-
check.Args(time.Now()).Asserts(rbac.ResourceSystem, policy.ActionRead)
3895+
check.Args(time.Now()).Asserts(rbac.ResourceProvisionerJobs, policy.ActionRead)
38963896
}))
38973897
s.Run("GetTemplateVersionsByIDs", s.Subtest(func(db database.Store, check *expects) {
38983898
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
@@ -3978,7 +3978,7 @@ func (s *MethodTestSuite) TestSystemFunctions() {
39783978
a := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
39793979
b := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
39803980
check.Args([]uuid.UUID{a.ID, b.ID}).
3981-
Asserts(rbac.ResourceSystem, policy.ActionRead).
3981+
Asserts(rbac.ResourceProvisionerJobs, policy.ActionRead).
39823982
Returns(slice.New(a, b))
39833983
}))
39843984
s.Run("InsertWorkspaceAgent", s.Subtest(func(db database.Store, check *expects) {
@@ -4022,26 +4022,26 @@ func (s *MethodTestSuite) TestSystemFunctions() {
40224022
OrganizationID: j.OrganizationID,
40234023
Types: []database.ProvisionerType{j.Provisioner},
40244024
ProvisionerTags: must(json.Marshal(j.Tags)),
4025-
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
4025+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionUpdate)
40264026
}))
40274027
s.Run("UpdateProvisionerJobWithCompleteByID", s.Subtest(func(db database.Store, check *expects) {
40284028
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
40294029
check.Args(database.UpdateProvisionerJobWithCompleteByIDParams{
40304030
ID: j.ID,
4031-
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
4031+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionUpdate)
40324032
}))
40334033
s.Run("UpdateProvisionerJobWithCompleteWithStartedAtByID", s.Subtest(func(db database.Store, check *expects) {
40344034
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
40354035
check.Args(database.UpdateProvisionerJobWithCompleteWithStartedAtByIDParams{
40364036
ID: j.ID,
4037-
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
4037+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionUpdate)
40384038
}))
40394039
s.Run("UpdateProvisionerJobByID", s.Subtest(func(db database.Store, check *expects) {
40404040
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
40414041
check.Args(database.UpdateProvisionerJobByIDParams{
40424042
ID: j.ID,
40434043
UpdatedAt: time.Now(),
4044-
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
4044+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionUpdate)
40454045
}))
40464046
s.Run("InsertProvisionerJob", s.Subtest(func(db database.Store, check *expects) {
40474047
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
@@ -4051,19 +4051,19 @@ func (s *MethodTestSuite) TestSystemFunctions() {
40514051
StorageMethod: database.ProvisionerStorageMethodFile,
40524052
Type: database.ProvisionerJobTypeWorkspaceBuild,
40534053
Input: json.RawMessage("{}"),
4054-
}).Asserts(rbac.ResourceSystem, policy.ActionCreate)
4054+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionCreate)
40554055
}))
40564056
s.Run("InsertProvisionerJobLogs", s.Subtest(func(db database.Store, check *expects) {
40574057
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
40584058
check.Args(database.InsertProvisionerJobLogsParams{
40594059
JobID: j.ID,
4060-
}).Asserts(rbac.ResourceSystem, policy.ActionCreate)
4060+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionUpdate)
40614061
}))
40624062
s.Run("InsertProvisionerJobTimings", s.Subtest(func(db database.Store, check *expects) {
40634063
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
40644064
check.Args(database.InsertProvisionerJobTimingsParams{
40654065
JobID: j.ID,
4066-
}).Asserts(rbac.ResourceSystem, policy.ActionCreate)
4066+
}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionUpdate)
40674067
}))
40684068
s.Run("UpsertProvisionerDaemon", s.Subtest(func(db database.Store, check *expects) {
40694069
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
@@ -4199,11 +4199,8 @@ func (s *MethodTestSuite) TestSystemFunctions() {
41994199
s.Run("GetFileTemplates", s.Subtest(func(db database.Store, check *expects) {
42004200
check.Args(uuid.New()).Asserts(rbac.ResourceSystem, policy.ActionRead)
42014201
}))
4202-
s.Run("GetHungProvisionerJobs", s.Subtest(func(db database.Store, check *expects) {
4203-
check.Args(time.Time{}).Asserts()
4204-
}))
4205-
s.Run("GetPendingProvisionerJobs", s.Subtest(func(db database.Store, check *expects) {
4206-
check.Args(time.Time{}).Asserts()
4202+
s.Run("GetProvisionerJobsToBeReaped", s.Subtest(func(db database.Store, check *expects) {
4203+
check.Args(database.GetProvisionerJobsToBeReapedParams{}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionRead)
42074204
}))
42084205
s.Run("UpsertOAuthSigningKey", s.Subtest(func(db database.Store, check *expects) {
42094206
check.Args("foo").Asserts(rbac.ResourceSystem, policy.ActionUpdate)
@@ -4282,7 +4279,7 @@ func (s *MethodTestSuite) TestSystemFunctions() {
42824279
check.Args([]uuid.UUID{uuid.New()}).Asserts(rbac.ResourceSystem, policy.ActionRead)
42834280
}))
42844281
s.Run("GetProvisionerJobsByIDsWithQueuePosition", s.Subtest(func(db database.Store, check *expects) {
4285-
check.Args([]uuid.UUID{}).Asserts()
4282+
check.Args([]uuid.UUID{}).Asserts(rbac.ResourceProvisionerJobs, policy.ActionRead)
42864283
}))
42874284
s.Run("GetReplicaByID", s.Subtest(func(db database.Store, check *expects) {
42884285
check.Args(uuid.New()).Asserts(rbac.ResourceSystem, policy.ActionRead).Errors(sql.ErrNoRows)

coderd/rbac/object_gen.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/rbac/policy/policy.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -184,6 +184,7 @@ var RBACPermissions = map[string]PermissionDefinition{
184184
Actions: map[Action]ActionDefinition{
185185
ActionRead: actDef("read provisioner jobs"),
186186
ActionUpdate: actDef("update provisioner jobs"),
187+
ActionCreate: actDef("create provisioner jobs"),
187188
},
188189
},
189190
"organization": {

coderd/rbac/roles_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -580,7 +580,7 @@ func TestRolePermissions(t *testing.T) {
580580
},
581581
{
582582
Name: "ProvisionerJobs",
583-
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate},
583+
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate, policy.ActionCreate},
584584
Resource: rbac.ResourceProvisionerJobs.InOrg(orgID),
585585
AuthorizeMap: map[bool][]hasAuthSubjects{
586586
true: {owner, orgTemplateAdmin, orgAdmin},

codersdk/rbacresources_gen.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)