Skip to content

Commit 91910af

Browse files
johnstcnjohnstcn
committed
fixup! un-skip TestAuthorizeAllEndpoints and remove always-true conditional for authzquerier unit tests
1 parent 567cfa4 commit 91910af

File tree

2 files changed

+4
-12
lines changed

2 files changed

+4
-12
lines changed

coderd/coderdtest/authorize.go

Lines changed: 4 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@ import (
1717
"golang.org/x/xerrors"
1818

1919
"github.com/coder/coder/coderd"
20-
"github.com/coder/coder/coderd/database/dbfake"
2120
"github.com/coder/coder/coderd/rbac"
2221
"github.com/coder/coder/coderd/rbac/regosql"
2322
"github.com/coder/coder/codersdk"
@@ -26,12 +25,6 @@ import (
2625
)
2726

2827
func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
29-
// For any route using SQL filters, we need to know if the database is an
30-
// in memory fake. This is because the in memory fake does not use SQL, and
31-
// still uses rego. So this boolean indicates how to assert the expected
32-
// behavior.
33-
_, isMemoryDB := a.api.Database.(dbfake.FakeDatabase)
34-
3528
// Some quick reused objects
3629
workspaceRBACObj := rbac.ResourceWorkspace.WithID(a.Workspace.ID).InOrg(a.Organization.ID).WithOwner(a.Workspace.OwnerID.String())
3730
workspaceExecObj := rbac.ResourceWorkspaceExecution.WithID(a.Workspace.ID).InOrg(a.Organization.ID).WithOwner(a.Workspace.OwnerID.String())
@@ -265,16 +258,17 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
265258
"POST:/api/v2/workspaces/{workspace}/builds": {StatusCode: http.StatusBadRequest, NoAuthorize: true},
266259
"POST:/api/v2/organizations/{organization}/templateversions": {StatusCode: http.StatusBadRequest, NoAuthorize: true},
267260

268-
// Endpoints that use the SQLQuery filter.
261+
// For any route using SQL filters, we do not check authorization.
262+
// This is because the in memory fake does not use SQL.
269263
"GET:/api/v2/workspaces/": {
270264
StatusCode: http.StatusOK,
271-
NoAuthorize: !isMemoryDB,
265+
NoAuthorize: true,
272266
AssertAction: rbac.ActionRead,
273267
AssertObject: rbac.ResourceWorkspace,
274268
},
275269
"GET:/api/v2/organizations/{organization}/templates": {
276270
StatusCode: http.StatusOK,
277-
NoAuthorize: !isMemoryDB,
271+
NoAuthorize: true,
278272
AssertAction: rbac.ActionRead,
279273
AssertObject: rbac.ResourceTemplate,
280274
},

coderd/rbac/authz.go

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,6 @@ import (
66
"sync"
77
"time"
88

9-
"github.com/coder/coder/coderd/util/slice"
10-
119
"github.com/open-policy-agent/opa/rego"
1210
"github.com/prometheus/client_golang/prometheus"
1311
"github.com/prometheus/client_golang/prometheus/promauto"

0 commit comments

Comments
 (0)