Skip to content

Commit 6eeb500

Browse files
EmyrkEmyrk
committed
more test fixes
1 parent 769ac83 commit 6eeb500

File tree

14 files changed

+92
-96
lines changed

14 files changed

+92
-96
lines changed

coderd/database/db2sdk/db2sdk.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -525,13 +525,13 @@ func ProvisionerDaemon(dbDaemon database.ProvisionerDaemon) codersdk.Provisioner
525525

526526
func SlimRole(role rbac.Role) codersdk.SlimRole {
527527
orgID := ""
528-
if role.Name.OrganizationID != uuid.Nil {
529-
orgID = role.Name.OrganizationID.String()
528+
if role.Identifier.OrganizationID != uuid.Nil {
529+
orgID = role.Identifier.OrganizationID.String()
530530
}
531531

532532
return codersdk.SlimRole{
533533
DisplayName: role.DisplayName,
534-
Name: role.Name.Name,
534+
Name: role.Identifier.Name,
535535
OrganizationID: orgID,
536536
}
537537
}

coderd/database/dbauthz/customroles_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ func TestUpsertCustomRoles(t *testing.T) {
3535
}
3636

3737
canAssignRole := rbac.Role{
38-
Name: "can-assign",
38+
Identifier: "can-assign",
3939
DisplayName: "",
4040
Site: rbac.Permissions(map[string][]policy.Action{
4141
rbac.ResourceAssignRole.Type: {policy.ActionRead, policy.ActionCreate},

coderd/database/dbauthz/dbauthz.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,7 @@ var (
162162
ID: uuid.Nil.String(),
163163
Roles: rbac.Roles([]rbac.Role{
164164
{
165-
Name: rbac.RoleIdentifier{Name: "provisionerd"},
165+
Identifier: rbac.RoleIdentifier{Name: "provisionerd"},
166166
DisplayName: "Provisioner Daemon",
167167
Site: rbac.Permissions(map[string][]policy.Action{
168168
// TODO: Add ProvisionerJob resource type.
@@ -191,7 +191,7 @@ var (
191191
ID: uuid.Nil.String(),
192192
Roles: rbac.Roles([]rbac.Role{
193193
{
194-
Name: rbac.RoleIdentifier{Name: "autostart"},
194+
Identifier: rbac.RoleIdentifier{Name: "autostart"},
195195
DisplayName: "Autostart Daemon",
196196
Site: rbac.Permissions(map[string][]policy.Action{
197197
rbac.ResourceSystem.Type: {policy.WildcardSymbol},
@@ -213,7 +213,7 @@ var (
213213
ID: uuid.Nil.String(),
214214
Roles: rbac.Roles([]rbac.Role{
215215
{
216-
Name: rbac.RoleIdentifier{Name: "hangdetector"},
216+
Identifier: rbac.RoleIdentifier{Name: "hangdetector"},
217217
DisplayName: "Hang Detector Daemon",
218218
Site: rbac.Permissions(map[string][]policy.Action{
219219
rbac.ResourceSystem.Type: {policy.WildcardSymbol},
@@ -232,7 +232,7 @@ var (
232232
ID: uuid.Nil.String(),
233233
Roles: rbac.Roles([]rbac.Role{
234234
{
235-
Name: rbac.RoleIdentifier{Name: "system"},
235+
Identifier: rbac.RoleIdentifier{Name: "system"},
236236
DisplayName: "Coder",
237237
Site: rbac.Permissions(map[string][]policy.Action{
238238
rbac.ResourceWildcard.Type: {policy.ActionRead},
@@ -672,7 +672,7 @@ func (q *querier) canAssignRoles(ctx context.Context, orgID *uuid.UUID, added, r
672672
// returns them all, but then someone could pass in a large list to make us do
673673
// a lot of loop iterations.
674674
if !slices.ContainsFunc(expandedCustomRoles, func(customRole rbac.Role) bool {
675-
return strings.EqualFold(customRole.Name.Name, role.Name) && customRole.Name.OrganizationID == role.OrganizationID
675+
return strings.EqualFold(customRole.Identifier.Name, role.Name) && customRole.Identifier.OrganizationID == role.OrganizationID
676676
}) {
677677
return xerrors.Errorf("%q is not a supported role", role)
678678
}

coderd/database/modelmethods.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -375,7 +375,7 @@ func (p ProvisionerJob) FinishedAt() time.Time {
375375
return time.Time{}
376376
}
377377

378-
func (r CustomRole) RoleName() rbac.RoleIdentifier {
378+
func (r CustomRole) RoleIdentifier() rbac.RoleIdentifier {
379379
return rbac.RoleIdentifier{
380380
Name: r.Name,
381381
OrganizationID: r.OrganizationID.UUID,

coderd/rbac/authz_internal_test.go

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -394,7 +394,7 @@ func TestAuthorizeDomain(t *testing.T) {
394394
ID: "me",
395395
Scope: must(ExpandScope(ScopeAll)),
396396
Roles: Roles{{
397-
Name: RoleIdentifier{Name: "deny-all"},
397+
Identifier: RoleIdentifier{Name: "deny-all"},
398398
// List out deny permissions explicitly
399399
Site: []Permission{
400400
{
@@ -607,8 +607,8 @@ func TestAuthorizeDomain(t *testing.T) {
607607
Scope: must(ExpandScope(ScopeAll)),
608608
Roles: Roles{
609609
{
610-
Name: RoleIdentifier{Name: "ReadOnlyOrgAndUser"},
611-
Site: []Permission{},
610+
Identifier: RoleIdentifier{Name: "ReadOnlyOrgAndUser"},
611+
Site: []Permission{},
612612
Org: map[string][]Permission{
613613
defOrg.String(): {{
614614
Negate: false,
@@ -701,7 +701,7 @@ func TestAuthorizeLevels(t *testing.T) {
701701
Roles: Roles{
702702
must(RoleByName(RoleOwner())),
703703
{
704-
Name: RoleIdentifier{Name: "org-deny:", OrganizationID: defOrg},
704+
Identifier: RoleIdentifier{Name: "org-deny:", OrganizationID: defOrg},
705705
Org: map[string][]Permission{
706706
defOrg.String(): {
707707
{
@@ -713,7 +713,7 @@ func TestAuthorizeLevels(t *testing.T) {
713713
},
714714
},
715715
{
716-
Name: RoleIdentifier{Name: "user-deny-all"},
716+
Identifier: RoleIdentifier{Name: "user-deny-all"},
717717
// List out deny permissions explicitly
718718
User: []Permission{
719719
{
@@ -761,7 +761,7 @@ func TestAuthorizeLevels(t *testing.T) {
761761
Scope: must(ExpandScope(ScopeAll)),
762762
Roles: Roles{
763763
{
764-
Name: RoleIdentifier{Name: "site-noise"},
764+
Identifier: RoleIdentifier{Name: "site-noise"},
765765
Site: []Permission{
766766
{
767767
Negate: true,
@@ -772,7 +772,7 @@ func TestAuthorizeLevels(t *testing.T) {
772772
},
773773
must(RoleByName(ScopedRoleOrgAdmin(defOrg))),
774774
{
775-
Name: RoleIdentifier{Name: "user-deny-all"},
775+
Identifier: RoleIdentifier{Name: "user-deny-all"},
776776
// List out deny permissions explicitly
777777
User: []Permission{
778778
{
@@ -896,7 +896,7 @@ func TestAuthorizeScope(t *testing.T) {
896896
},
897897
Scope: Scope{
898898
Role: Role{
899-
Name: RoleIdentifier{Name: "workspace_agent"},
899+
Identifier: RoleIdentifier{Name: "workspace_agent"},
900900
DisplayName: "Workspace Agent",
901901
Site: Permissions(map[string][]policy.Action{
902902
// Only read access for workspaces.
@@ -985,7 +985,7 @@ func TestAuthorizeScope(t *testing.T) {
985985
},
986986
Scope: Scope{
987987
Role: Role{
988-
Name: RoleIdentifier{Name: "create_workspace"},
988+
Identifier: RoleIdentifier{Name: "create_workspace"},
989989
DisplayName: "Create Workspace",
990990
Site: Permissions(map[string][]policy.Action{
991991
// Only read access for workspaces.

coderd/rbac/roles.go

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -216,7 +216,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
216216
// on every authorize call. 'withCachedRegoValue' can be used as well to
217217
// preallocate the rego value that is used by the rego eval engine.
218218
ownerRole := Role{
219-
Name: RoleOwner(),
219+
Identifier: RoleOwner(),
220220
DisplayName: "Owner",
221221
Site: append(
222222
// Workspace dormancy and workspace are omitted.
@@ -232,7 +232,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
232232
}.withCachedRegoValue()
233233

234234
memberRole := Role{
235-
Name: RoleMember(),
235+
Identifier: RoleMember(),
236236
DisplayName: "Member",
237237
Site: Permissions(map[string][]policy.Action{
238238
ResourceAssignRole.Type: {policy.ActionRead},
@@ -258,7 +258,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
258258
}.withCachedRegoValue()
259259

260260
auditorRole := Role{
261-
Name: RoleAuditor(),
261+
Identifier: RoleAuditor(),
262262
DisplayName: "Auditor",
263263
Site: Permissions(map[string][]policy.Action{
264264
// Should be able to read all template details, even in orgs they
@@ -278,7 +278,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
278278
}.withCachedRegoValue()
279279

280280
templateAdminRole := Role{
281-
Name: RoleTemplateAdmin(),
281+
Identifier: RoleTemplateAdmin(),
282282
DisplayName: "Template Admin",
283283
Site: Permissions(map[string][]policy.Action{
284284
ResourceTemplate.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete, policy.ActionViewInsights},
@@ -299,7 +299,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
299299
}.withCachedRegoValue()
300300

301301
userAdminRole := Role{
302-
Name: RoleUserAdmin(),
302+
Identifier: RoleUserAdmin(),
303303
DisplayName: "User Admin",
304304
Site: Permissions(map[string][]policy.Action{
305305
ResourceAssignRole.Type: {policy.ActionAssign, policy.ActionDelete, policy.ActionRead},
@@ -345,7 +345,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
345345
// organization scope.
346346
orgAdmin: func(organizationID uuid.UUID) Role {
347347
return Role{
348-
Name: RoleIdentifier{Name: orgAdmin, OrganizationID: organizationID},
348+
Identifier: RoleIdentifier{Name: orgAdmin, OrganizationID: organizationID},
349349
DisplayName: "Organization Admin",
350350
Site: []Permission{},
351351
Org: map[string][]Permission{
@@ -363,7 +363,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
363363
// in an organization.
364364
orgMember: func(organizationID uuid.UUID) Role {
365365
return Role{
366-
Name: RoleIdentifier{Name: orgMember, OrganizationID: organizationID},
366+
Identifier: RoleIdentifier{Name: orgMember, OrganizationID: organizationID},
367367
DisplayName: "",
368368
Site: []Permission{},
369369
Org: map[string][]Permission{
@@ -482,7 +482,7 @@ func (perm Permission) Valid() error {
482482
// Users of this package should instead **only** use the role names, and
483483
// this package will expand the role names into their json payloads.
484484
type Role struct {
485-
Name RoleIdentifier `json:"name"`
485+
Identifier RoleIdentifier `json:"name"`
486486
// DisplayName is used for UI purposes. If the role has no display name,
487487
// that means the UI should never display it.
488488
DisplayName string `json:"display_name"`
@@ -535,7 +535,7 @@ func (roles Roles) Expand() ([]Role, error) {
535535
func (roles Roles) Names() []RoleIdentifier {
536536
names := make([]RoleIdentifier, 0, len(roles))
537537
for _, r := range roles {
538-
names = append(names, r.Name)
538+
names = append(names, r.Identifier)
539539
}
540540
return names
541541
}
@@ -610,7 +610,7 @@ func OrganizationRoles(organizationID uuid.UUID) []Role {
610610
var roles []Role
611611
for _, roleF := range builtInRoles {
612612
role := roleF(organizationID)
613-
if role.Name.OrganizationID == organizationID {
613+
if role.Identifier.OrganizationID == organizationID {
614614
roles = append(roles, role)
615615
}
616616
}
@@ -627,7 +627,7 @@ func SiteRoles() []Role {
627627
for _, roleF := range builtInRoles {
628628
// Must provide some non-nil uuid to filter out org roles.
629629
role := roleF(uuid.New())
630-
if !role.Name.IsOrgRole() {
630+
if !role.Identifier.IsOrgRole() {
631631
roles = append(roles, role)
632632
}
633633
}

coderd/rbac/roles_internal_test.go

Lines changed: 18 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -213,25 +213,25 @@ func TestRoleByName(t *testing.T) {
213213
testCases := []struct {
214214
Role Role
215215
}{
216-
{Role: builtInRoles[owner]("")},
217-
{Role: builtInRoles[member]("")},
218-
{Role: builtInRoles[templateAdmin]("")},
219-
{Role: builtInRoles[userAdmin]("")},
220-
{Role: builtInRoles[auditor]("")},
221-
222-
{Role: builtInRoles[orgAdmin]("4592dac5-0945-42fd-828d-a903957d3dbb")},
223-
{Role: builtInRoles[orgAdmin]("24c100c5-1920-49c0-8c38-1b640ac4b38c")},
224-
{Role: builtInRoles[orgAdmin]("4a00f697-0040-4079-b3ce-d24470281a62")},
225-
226-
{Role: builtInRoles[orgMember]("3293c50e-fa5d-414f-a461-01112a4dfb6f")},
227-
{Role: builtInRoles[orgMember]("f88dd23d-bdbd-469d-b82e-36ee06c3d1e1")},
228-
{Role: builtInRoles[orgMember]("02cfd2a5-016c-4d8d-8290-301f5f18023d")},
216+
{Role: builtInRoles[owner](uuid.Nil)},
217+
{Role: builtInRoles[member](uuid.Nil)},
218+
{Role: builtInRoles[templateAdmin](uuid.Nil)},
219+
{Role: builtInRoles[userAdmin](uuid.Nil)},
220+
{Role: builtInRoles[auditor](uuid.Nil)},
221+
222+
{Role: builtInRoles[orgAdmin](uuid.New())},
223+
{Role: builtInRoles[orgAdmin](uuid.New())},
224+
{Role: builtInRoles[orgAdmin](uuid.New())},
225+
226+
{Role: builtInRoles[orgMember](uuid.New())},
227+
{Role: builtInRoles[orgMember](uuid.New())},
228+
{Role: builtInRoles[orgMember](uuid.New())},
229229
}
230230

231231
for _, c := range testCases {
232232
c := c
233-
t.Run(c.Role.Name, func(t *testing.T) {
234-
role, err := RoleByName(c.Role.Name)
233+
t.Run(c.Role.Identifier.String(), func(t *testing.T) {
234+
role, err := RoleByName(c.Role.Identifier)
235235
require.NoError(t, err, "role exists")
236236
equalRoles(t, c.Role, role)
237237
})
@@ -242,20 +242,17 @@ func TestRoleByName(t *testing.T) {
242242
t.Run("Errors", func(t *testing.T) {
243243
var err error
244244

245-
_, err = RoleByName("")
245+
_, err = RoleByName(RoleIdentifier{})
246246
require.Error(t, err, "empty role")
247247

248-
_, err = RoleByName("too:many:colons")
249-
require.Error(t, err, "too many colons")
250-
251-
_, err = RoleByName(orgMember)
248+
_, err = RoleByName(RoleIdentifier{Name: orgMember})
252249
require.Error(t, err, "expect orgID")
253250
})
254251
}
255252

256253
// SameAs compares 2 roles for equality.
257254
func equalRoles(t *testing.T, a, b Role) {
258-
require.Equal(t, a.Name, b.Name, "role names")
255+
require.Equal(t, a.Identifier, b.Identifier, "role names")
259256
require.Equal(t, a.DisplayName, b.DisplayName, "role display names")
260257
require.ElementsMatch(t, a.Site, b.Site, "site permissions")
261258
require.ElementsMatch(t, a.User, b.User, "user permissions")

0 commit comments

Comments
 (0)