add unit test for ApplyGroupDifference

Emyrk · Emyrk · commit 9887057c890b · 2024-09-05T17:07:00.000-05:00
diff --git a/coderd/database/dbmem/dbmem.go b/coderd/database/dbmem/dbmem.go
@@ -2703,18 +2703,18 @@ func (q *FakeQuerier) GetGroups(_ context.Context, arg database.GetGroupsParams)
 	q.mutex.RLock()
 	defer q.mutex.RUnlock()
 
-	groupIDs := make(map[uuid.UUID]struct{})
+	userGroupIDs := make(map[uuid.UUID]struct{})
 	if arg.HasMemberID != uuid.Nil {
 		for _, member := range q.groupMembers {
 			if member.UserID == arg.HasMemberID {
-				groupIDs[member.GroupID] = struct{}{}
+				userGroupIDs[member.GroupID] = struct{}{}
 			}
 		}
 
 		// Handle the everyone group
 		for _, orgMember := range q.organizationMembers {
 			if orgMember.UserID == arg.HasMemberID {
-				groupIDs[orgMember.OrganizationID] = struct{}{}
+				userGroupIDs[orgMember.OrganizationID] = struct{}{}
 			}
 		}
 	}
@@ -2726,7 +2726,7 @@ func (q *FakeQuerier) GetGroups(_ context.Context, arg database.GetGroupsParams)
 			continue
 		}
 
-		_, ok := groupIDs[group.ID]
+		_, ok := userGroupIDs[group.ID]
 		if arg.HasMemberID != uuid.Nil && !ok {
 			continue
 		}
diff --git a/coderd/idpsync/group.go b/coderd/idpsync/group.go
@@ -168,7 +168,7 @@ func (s AGPLIDPSync) SyncGroups(ctx context.Context, db database.Store, user dat
 			groupIDsToAdd = append(groupIDsToAdd, assignGroups...)
 		}
 
-		err = s.applyGroupDifference(ctx, tx, user, groupIDsToAdd, groupIDsToRemove)
+		err = s.ApplyGroupDifference(ctx, tx, user, groupIDsToAdd, groupIDsToRemove)
 		if err != nil {
 			return xerrors.Errorf("apply group difference: %w", err)
 		}
@@ -183,7 +183,8 @@ func (s AGPLIDPSync) SyncGroups(ctx context.Context, db database.Store, user dat
 	return nil
 }
 
-func (s AGPLIDPSync) applyGroupDifference(ctx context.Context, tx database.Store, user database.User, add []uuid.UUID, removeIDs []uuid.UUID) error {
+// ApplyGroupDifference will add and remove the user from the specified groups.
+func (s AGPLIDPSync) ApplyGroupDifference(ctx context.Context, tx database.Store, user database.User, add []uuid.UUID, removeIDs []uuid.UUID) error {
 	// Always do group removal before group add. This way if there is an error,
 	// we error on the underprivileged side.
 	if len(removeIDs) > 0 {
diff --git a/coderd/idpsync/group_test.go b/coderd/idpsync/group_test.go
@@ -342,6 +342,158 @@ func TestGroupSyncTable(t *testing.T) {
 	})
 }
 
+// TestApplyGroupDifference is mainly testing the database functions
+func TestApplyGroupDifference(t *testing.T) {
+	t.Parallel()
+
+	ids := coderdtest.NewDeterministicUUIDGenerator()
+	testCase := []struct {
+		Name   string
+		Before map[uuid.UUID]bool
+		Add    []uuid.UUID
+		Remove []uuid.UUID
+		Expect []uuid.UUID
+	}{
+		{
+			Name: "Empty",
+		},
+		{
+			Name: "AddFromNone",
+			Before: map[uuid.UUID]bool{
+				ids.ID("g1"): false,
+			},
+			Add: []uuid.UUID{
+				ids.ID("g1"),
+			},
+			Expect: []uuid.UUID{
+				ids.ID("g1"),
+			},
+		},
+		{
+			Name: "AddSome",
+			Before: map[uuid.UUID]bool{
+				ids.ID("g1"): true,
+				ids.ID("g2"): false,
+				ids.ID("g3"): false,
+				uuid.New():   false,
+			},
+			Add: []uuid.UUID{
+				ids.ID("g2"),
+				ids.ID("g3"),
+			},
+			Expect: []uuid.UUID{
+				ids.ID("g1"),
+				ids.ID("g2"),
+				ids.ID("g3"),
+			},
+		},
+		{
+			Name: "RemoveAll",
+			Before: map[uuid.UUID]bool{
+				uuid.New():   false,
+				ids.ID("g2"): true,
+				ids.ID("g3"): true,
+			},
+			Remove: []uuid.UUID{
+				ids.ID("g2"),
+				ids.ID("g3"),
+			},
+			Expect: []uuid.UUID{},
+		},
+		{
+			Name: "Mixed",
+			Before: map[uuid.UUID]bool{
+				// adds
+				ids.ID("a1"): true,
+				ids.ID("a2"): true,
+				ids.ID("a3"): false,
+				ids.ID("a4"): false,
+				// removes
+				ids.ID("r1"): true,
+				ids.ID("r2"): true,
+				ids.ID("r3"): false,
+				ids.ID("r4"): false,
+				// stable
+				ids.ID("s1"): true,
+				ids.ID("s2"): true,
+				// noise
+				uuid.New(): false,
+				uuid.New(): false,
+			},
+			Add: []uuid.UUID{
+				ids.ID("a1"), ids.ID("a2"),
+				ids.ID("a3"), ids.ID("a4"),
+				// Double up to try and confuse
+				ids.ID("a1"),
+				ids.ID("a4"),
+			},
+			Remove: []uuid.UUID{
+				ids.ID("r1"), ids.ID("r2"),
+				ids.ID("r3"), ids.ID("r4"),
+				// Double up to try and confuse
+				ids.ID("r1"),
+				ids.ID("r4"),
+			},
+			Expect: []uuid.UUID{
+				ids.ID("a1"), ids.ID("a2"), ids.ID("a3"), ids.ID("a4"),
+				ids.ID("s1"), ids.ID("s2"),
+			},
+		},
+	}
+
+	for _, tc := range testCase {
+		tc := tc
+		t.Run(tc.Name, func(t *testing.T) {
+			mgr := runtimeconfig.NewStoreManager()
+			db, _ := dbtestutil.NewDB(t)
+
+			ctx := testutil.Context(t, testutil.WaitMedium)
+			//nolint:gocritic // testing
+			ctx = dbauthz.AsSystemRestricted(ctx)
+
+			org := dbgen.Organization(t, db, database.Organization{})
+			_, err := db.InsertAllUsersGroup(ctx, org.ID)
+			require.NoError(t, err)
+
+			user := dbgen.User(t, db, database.User{})
+			_ = dbgen.OrganizationMember(t, db, database.OrganizationMember{
+				UserID:         user.ID,
+				OrganizationID: org.ID,
+			})
+
+			for gid, in := range tc.Before {
+				group := dbgen.Group(t, db, database.Group{
+					ID:             gid,
+					OrganizationID: org.ID,
+				})
+				if in {
+					_ = dbgen.GroupMember(t, db, database.GroupMemberTable{
+						UserID:  user.ID,
+						GroupID: group.ID,
+					})
+				}
+			}
+
+			s := idpsync.NewAGPLSync(slogtest.Make(t, &slogtest.Options{}), mgr, idpsync.FromDeploymentValues(coderdtest.DeploymentValues(t)))
+			err = s.ApplyGroupDifference(context.Background(), db, user, tc.Add, tc.Remove)
+			require.NoError(t, err)
+
+			userGroups, err := db.GetGroups(ctx, database.GetGroupsParams{
+				HasMemberID: user.ID,
+			})
+			require.NoError(t, err)
+
+			// assert
+			found := db2sdk.List(userGroups, func(g database.GetGroupsRow) uuid.UUID {
+				return g.Group.ID
+			})
+
+			// Add everyone group
+			require.ElementsMatch(t, append(tc.Expect, org.ID), found)
+		})
+	}
+}
+
 func SetupOrganization(t *testing.T, s *idpsync.AGPLIDPSync, db database.Store, user database.User, orgID uuid.UUID, def orgSetupDefinition) {
 	t.Helper()
 

Original file line number	Diff line number	Diff line change
`@@ -2703,18 +2703,18 @@ func (q *FakeQuerier) GetGroups(_ context.Context, arg database.GetGroupsParams)`
`2703`	`2703`	`q.mutex.RLock()`
`2704`	`2704`	`defer q.mutex.RUnlock()`
`2705`	`2705`
`2706`		`- groupIDs := make(map[uuid.UUID]struct{})`
	`2706`	`+ userGroupIDs := make(map[uuid.UUID]struct{})`
`2707`	`2707`	`if arg.HasMemberID != uuid.Nil {`
`2708`	`2708`	`for _, member := range q.groupMembers {`
`2709`	`2709`	`if member.UserID == arg.HasMemberID {`
`2710`		`- groupIDs[member.GroupID] = struct{}{}`
	`2710`	`+ userGroupIDs[member.GroupID] = struct{}{}`
`2711`	`2711`	`}`
`2712`	`2712`	`}`
`2713`	`2713`
`2714`	`2714`	`// Handle the everyone group`
`2715`	`2715`	`for _, orgMember := range q.organizationMembers {`
`2716`	`2716`	`if orgMember.UserID == arg.HasMemberID {`
`2717`		`- groupIDs[orgMember.OrganizationID] = struct{}{}`
	`2717`	`+ userGroupIDs[orgMember.OrganizationID] = struct{}{}`
`2718`	`2718`	`}`
`2719`	`2719`	`}`
`2720`	`2720`	`}`
`@@ -2726,7 +2726,7 @@ func (q *FakeQuerier) GetGroups(_ context.Context, arg database.GetGroupsParams)`
`2726`	`2726`	`continue`
`2727`	`2727`	`}`
`2728`	`2728`
`2729`		`- _, ok := groupIDs[group.ID]`
	`2729`	`+ _, ok := userGroupIDs[group.ID]`
`2730`	`2730`	`if arg.HasMemberID != uuid.Nil && !ok {`
`2731`	`2731`	`continue`
`2732`	`2732`	`}`
Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,7 @@ func (s AGPLIDPSync) SyncGroups(ctx context.Context, db database.Store, user dat`
`168`	`168`	`groupIDsToAdd = append(groupIDsToAdd, assignGroups...)`
`169`	`169`	`}`
`170`	`170`
`171`		`- err = s.applyGroupDifference(ctx, tx, user, groupIDsToAdd, groupIDsToRemove)`
	`171`	`+ err = s.ApplyGroupDifference(ctx, tx, user, groupIDsToAdd, groupIDsToRemove)`
`172`	`172`	`if err != nil {`
`173`	`173`	`return xerrors.Errorf("apply group difference: %w", err)`
`174`	`174`	`}`
`@@ -183,7 +183,8 @@ func (s AGPLIDPSync) SyncGroups(ctx context.Context, db database.Store, user dat`
`183`	`183`	`return nil`
`184`	`184`	`}`
`185`	`185`
`186`		`-func (s AGPLIDPSync) applyGroupDifference(ctx context.Context, tx database.Store, user database.User, add []uuid.UUID, removeIDs []uuid.UUID) error {`
	`186`	`+// ApplyGroupDifference will add and remove the user from the specified groups.`
	`187`	`+func (s AGPLIDPSync) ApplyGroupDifference(ctx context.Context, tx database.Store, user database.User, add []uuid.UUID, removeIDs []uuid.UUID) error {`
`187`	`188`	`// Always do group removal before group add. This way if there is an error,`
`188`	`189`	`// we error on the underprivileged side.`
`189`	`190`	`if len(removeIDs) > 0 {`