Skip to content

Commit 68b022f

Browse files
defelmnqdefelmnq
committed
add dbauthz tests
1 parent 4bfb4cb commit 68b022f

22 files changed

+2207
-1950
lines changed

coderd/apidoc/docs.go

+4
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

+4
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dbauthz/dbauthz.go

+16
Original file line numberDiff line numberDiff line change
@@ -1392,6 +1392,10 @@ func (q *querier) FavoriteWorkspace(ctx context.Context, id uuid.UUID) error {
13921392
}
13931393

13941394
func (q *querier) FetchMemoryResourceMonitorsByAgentID(ctx context.Context, agentID uuid.UUID) (database.WorkspaceAgentMemoryResourceMonitor, error) {
1395+
if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceWorkspaceAgentMemoryResourceMonitor); err != nil {
1396+
return database.WorkspaceAgentMemoryResourceMonitor{}, err
1397+
}
1398+
13951399
return q.db.FetchMemoryResourceMonitorsByAgentID(ctx, agentID)
13961400
}
13971401

@@ -1403,6 +1407,10 @@ func (q *querier) FetchNewMessageMetadata(ctx context.Context, arg database.Fetc
14031407
}
14041408

14051409
func (q *querier) FetchVolumesResourceMonitorsByAgentID(ctx context.Context, agentID uuid.UUID) ([]database.WorkspaceAgentVolumeResourceMonitor, error) {
1410+
if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceWorkspaceAgentVolumeResourceMonitor); err != nil {
1411+
return nil, err
1412+
}
1413+
14061414
return q.db.FetchVolumesResourceMonitorsByAgentID(ctx, agentID)
14071415
}
14081416

@@ -2998,6 +3006,10 @@ func (q *querier) InsertLicense(ctx context.Context, arg database.InsertLicenseP
29983006
}
29993007

30003008
func (q *querier) InsertMemoryResourceMonitor(ctx context.Context, arg database.InsertMemoryResourceMonitorParams) (database.WorkspaceAgentMemoryResourceMonitor, error) {
3009+
if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceWorkspaceAgentMemoryResourceMonitor); err != nil {
3010+
return database.WorkspaceAgentMemoryResourceMonitor{}, err
3011+
}
3012+
30013013
return q.db.InsertMemoryResourceMonitor(ctx, arg)
30023014
}
30033015

@@ -3187,6 +3199,10 @@ func (q *querier) InsertUserLink(ctx context.Context, arg database.InsertUserLin
31873199
}
31883200

31893201
func (q *querier) InsertVolumeResourceMonitor(ctx context.Context, arg database.InsertVolumeResourceMonitorParams) (database.WorkspaceAgentVolumeResourceMonitor, error) {
3202+
if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceWorkspaceAgentVolumeResourceMonitor); err != nil {
3203+
return database.WorkspaceAgentVolumeResourceMonitor{}, err
3204+
}
3205+
31903206
return q.db.InsertVolumeResourceMonitor(ctx, arg)
31913207
}
31923208

coderd/database/dbauthz/dbauthz_test.go

+91
Original file line numberDiff line numberDiff line change
@@ -4544,3 +4544,94 @@ func (s *MethodTestSuite) TestOAuth2ProviderAppTokens() {
45444544
}).Asserts(rbac.ResourceOauth2AppCodeToken.WithOwner(user.ID.String()), policy.ActionDelete)
45454545
}))
45464546
}
4547+
4548+
func (s *MethodTestSuite) TestResourcesMonitor() {
4549+
s.Run("InsertMemoryResourceMonitor", s.Subtest(func(db database.Store, check *expects) {
4550+
check.Args(database.InsertMemoryResourceMonitorParams{}).Asserts(rbac.ResourceWorkspaceAgentMemoryResourceMonitor, policy.ActionCreate)
4551+
}))
4552+
4553+
s.Run("InsertVolumeResourceMonitor", s.Subtest(func(db database.Store, check *expects) {
4554+
check.Args(database.InsertVolumeResourceMonitorParams{}).Asserts(rbac.ResourceWorkspaceAgentVolumeResourceMonitor, policy.ActionCreate)
4555+
}))
4556+
4557+
s.Run("FetchMemoryResourceMonitorsByAgentID", s.Subtest(func(db database.Store, check *expects) {
4558+
u := dbgen.User(s.T(), db, database.User{})
4559+
o := dbgen.Organization(s.T(), db, database.Organization{})
4560+
tpl := dbgen.Template(s.T(), db, database.Template{
4561+
OrganizationID: o.ID,
4562+
CreatedBy: u.ID,
4563+
})
4564+
tv := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{
4565+
TemplateID: uuid.NullUUID{UUID: tpl.ID, Valid: true},
4566+
OrganizationID: o.ID,
4567+
CreatedBy: u.ID,
4568+
})
4569+
w := dbgen.Workspace(s.T(), db, database.WorkspaceTable{
4570+
TemplateID: tpl.ID,
4571+
OrganizationID: o.ID,
4572+
OwnerID: u.ID,
4573+
})
4574+
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{
4575+
Type: database.ProvisionerJobTypeWorkspaceBuild,
4576+
})
4577+
b := dbgen.WorkspaceBuild(s.T(), db, database.WorkspaceBuild{
4578+
JobID: j.ID,
4579+
WorkspaceID: w.ID,
4580+
TemplateVersionID: tv.ID,
4581+
})
4582+
res := dbgen.WorkspaceResource(s.T(), db, database.WorkspaceResource{JobID: b.JobID})
4583+
agt := dbgen.WorkspaceAgent(s.T(), db, database.WorkspaceAgent{ResourceID: res.ID})
4584+
dbgen.WorkspaceAgentMemoryResourceMonitor(s.T(), db, database.WorkspaceAgentMemoryResourceMonitor{
4585+
AgentID: agt.ID,
4586+
Enabled: true,
4587+
Threshold: 80,
4588+
CreatedAt: dbtime.Now(),
4589+
})
4590+
4591+
monitor, err := db.FetchMemoryResourceMonitorsByAgentID(context.Background(), agt.ID)
4592+
require.NoError(s.T(), err)
4593+
4594+
check.Args(agt.ID).Asserts(rbac.ResourceWorkspaceAgentMemoryResourceMonitor, policy.ActionRead).Returns(monitor)
4595+
}))
4596+
4597+
s.Run("FetchVolumesResourceMonitorsByAgentID", s.Subtest(func(db database.Store, check *expects) {
4598+
u := dbgen.User(s.T(), db, database.User{})
4599+
o := dbgen.Organization(s.T(), db, database.Organization{})
4600+
tpl := dbgen.Template(s.T(), db, database.Template{
4601+
OrganizationID: o.ID,
4602+
CreatedBy: u.ID,
4603+
})
4604+
tv := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{
4605+
TemplateID: uuid.NullUUID{UUID: tpl.ID, Valid: true},
4606+
OrganizationID: o.ID,
4607+
CreatedBy: u.ID,
4608+
})
4609+
w := dbgen.Workspace(s.T(), db, database.WorkspaceTable{
4610+
TemplateID: tpl.ID,
4611+
OrganizationID: o.ID,
4612+
OwnerID: u.ID,
4613+
})
4614+
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{
4615+
Type: database.ProvisionerJobTypeWorkspaceBuild,
4616+
})
4617+
b := dbgen.WorkspaceBuild(s.T(), db, database.WorkspaceBuild{
4618+
JobID: j.ID,
4619+
WorkspaceID: w.ID,
4620+
TemplateVersionID: tv.ID,
4621+
})
4622+
res := dbgen.WorkspaceResource(s.T(), db, database.WorkspaceResource{JobID: b.JobID})
4623+
agt := dbgen.WorkspaceAgent(s.T(), db, database.WorkspaceAgent{ResourceID: res.ID})
4624+
dbgen.WorkspaceAgentVolumeResourceMonitor(s.T(), db, database.WorkspaceAgentVolumeResourceMonitor{
4625+
AgentID: agt.ID,
4626+
Path: "/var/lib",
4627+
Enabled: true,
4628+
Threshold: 80,
4629+
CreatedAt: dbtime.Now(),
4630+
})
4631+
4632+
monitors, err := db.FetchVolumesResourceMonitorsByAgentID(context.Background(), agt.ID)
4633+
require.NoError(s.T(), err)
4634+
4635+
check.Args(agt.ID).Asserts(rbac.ResourceWorkspaceAgentVolumeResourceMonitor, policy.ActionRead).Returns(monitors)
4636+
}))
4637+
}

coderd/database/dbgen/dbgen.go

+23
Original file line numberDiff line numberDiff line change
@@ -1032,6 +1032,29 @@ func OAuth2ProviderAppToken(t testing.TB, db database.Store, seed database.OAuth
10321032
return token
10331033
}
10341034

1035+
func WorkspaceAgentMemoryResourceMonitor(t testing.TB, db database.Store, seed database.WorkspaceAgentMemoryResourceMonitor) database.WorkspaceAgentMemoryResourceMonitor {
1036+
monitor, err := db.InsertMemoryResourceMonitor(genCtx, database.InsertMemoryResourceMonitorParams{
1037+
AgentID: takeFirst(seed.AgentID, uuid.New()),
1038+
Enabled: takeFirst(seed.Enabled, true),
1039+
Threshold: takeFirst(seed.Threshold, 100),
1040+
CreatedAt: takeFirst(seed.CreatedAt, dbtime.Now()),
1041+
})
1042+
require.NoError(t, err, "insert workspace agent memory resource monitor")
1043+
return monitor
1044+
}
1045+
1046+
func WorkspaceAgentVolumeResourceMonitor(t testing.TB, db database.Store, seed database.WorkspaceAgentVolumeResourceMonitor) database.WorkspaceAgentVolumeResourceMonitor {
1047+
monitor, err := db.InsertVolumeResourceMonitor(genCtx, database.InsertVolumeResourceMonitorParams{
1048+
AgentID: takeFirst(seed.AgentID, uuid.New()),
1049+
Path: takeFirst(seed.Path, "/"),
1050+
Enabled: takeFirst(seed.Enabled, true),
1051+
Threshold: takeFirst(seed.Threshold, 100),
1052+
CreatedAt: takeFirst(seed.CreatedAt, dbtime.Now()),
1053+
})
1054+
require.NoError(t, err, "insert workspace agent volume resource monitor")
1055+
return monitor
1056+
}
1057+
10351058
func CustomRole(t testing.TB, db database.Store, seed database.CustomRole) database.CustomRole {
10361059
role, err := db.InsertCustomRole(genCtx, database.InsertCustomRoleParams{
10371060
Name: takeFirst(seed.Name, strings.ToLower(testutil.GetRandomName(t))),

0 commit comments

Comments
 (0)