Skip to content

Commit 991448d

Browse files
EmyrkEmyrk
committed
Fix auth test on all http method types
1 parent 48ed5db commit 991448d

File tree

1 file changed

+42
-26
lines changed

1 file changed

+42
-26
lines changed

coderd/coderdtest/authtest.go

Lines changed: 42 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,7 @@ func NewAuthTester(ctx context.Context, t *testing.T, options *Options) *AuthTes
8585
Name: "some",
8686
Type: "example",
8787
Agents: []*proto.Agent{{
88+
Name: "agent",
8889
Id: "something",
8990
Auth: &proto.Agent_Token{},
9091
Apps: []*proto.App{{
@@ -119,23 +120,23 @@ func NewAuthTester(ctx context.Context, t *testing.T, options *Options) *AuthTes
119120
require.NoError(t, err, "create template param")
120121

121122
urlParameters := map[string]string{
122-
"{organization}": admin.OrganizationID.String(),
123-
"{user}": admin.UserID.String(),
124-
"{organizationname}": organization.Name,
125-
"{workspace}": workspace.ID.String(),
126-
"{workspacebuild}": workspace.LatestBuild.ID.String(),
127-
"{workspacename}": workspace.Name,
128-
"{workspacebuildname}": workspace.LatestBuild.Name,
129-
"{workspaceagent}": workspaceResources[0].Agents[0].ID.String(),
130-
"{buildnumber}": strconv.FormatInt(int64(workspace.LatestBuild.BuildNumber), 10),
131-
"{template}": template.ID.String(),
132-
"{hash}": file.Hash,
133-
"{workspaceresource}": workspaceResources[0].ID.String(),
134-
"{workspaceapp}": workspaceResources[0].Agents[0].Apps[0].Name,
135-
"{templateversion}": version.ID.String(),
136-
"{jobID}": templateVersionDryRun.ID.String(),
137-
"{templatename}": template.Name,
138-
"workspacename_and_agent": workspace.Name + "." + workspaceResources[0].Agents[0].Name,
123+
"{organization}": admin.OrganizationID.String(),
124+
"{user}": admin.UserID.String(),
125+
"{organizationname}": organization.Name,
126+
"{workspace}": workspace.ID.String(),
127+
"{workspacebuild}": workspace.LatestBuild.ID.String(),
128+
"{workspacename}": workspace.Name,
129+
"{workspacebuildname}": workspace.LatestBuild.Name,
130+
"{workspaceagent}": workspaceResources[0].Agents[0].ID.String(),
131+
"{buildnumber}": strconv.FormatInt(int64(workspace.LatestBuild.BuildNumber), 10),
132+
"{template}": template.ID.String(),
133+
"{hash}": file.Hash,
134+
"{workspaceresource}": workspaceResources[0].ID.String(),
135+
"{workspaceapp}": workspaceResources[0].Agents[0].Apps[0].Name,
136+
"{templateversion}": version.ID.String(),
137+
"{jobID}": templateVersionDryRun.ID.String(),
138+
"{templatename}": template.Name,
139+
"{workspacename_and_agent}": workspace.Name + "." + workspaceResources[0].Agents[0].Name,
139140
// Only checking template scoped params here
140141
"parameters/{scope}/{id}": fmt.Sprintf("parameters/%s/%s",
141142
string(templateParam.Scope), templateParam.ScopeID.String()),
@@ -179,15 +180,6 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
179180
"POST:/api/v2/csp/reports": {NoAuthorize: true},
180181
"GET:/api/v2/entitlements": {NoAuthorize: true},
181182

182-
"GET:/%40{user}/{workspacename_and_agent}/apps/{workspaceapp}/*": {
183-
AssertAction: rbac.ActionCreate,
184-
AssertObject: workspaceExecObj,
185-
},
186-
"GET:/@{user}/{workspacename_and_agent}/apps/{workspaceapp}/*": {
187-
AssertAction: rbac.ActionCreate,
188-
AssertObject: workspaceExecObj,
189-
},
190-
191183
// Has it's own auth
192184
"GET:/api/v2/users/oauth2/github/callback": {NoAuthorize: true},
193185
"GET:/api/v2/users/oidc/callback": {NoAuthorize: true},
@@ -400,6 +392,29 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
400392
"POST:/api/v2/workspaces/{workspace}/builds": {StatusCode: http.StatusBadRequest, NoAuthorize: true},
401393
"POST:/api/v2/organizations/{organization}/templateversions": {StatusCode: http.StatusBadRequest, NoAuthorize: true},
402394
}
395+
396+
// Routes like proxy routes support all HTTP methods. A helper func to expand
397+
// 1 url to all http methods.
398+
assertAllHTTPMethods := func(url string, check RouteCheck) {
399+
methods := []string{http.MethodGet, http.MethodHead, http.MethodPost,
400+
http.MethodPut, http.MethodPatch, http.MethodDelete,
401+
http.MethodConnect, http.MethodOptions, http.MethodTrace}
402+
403+
for _, method := range methods {
404+
route := method + ":" + url
405+
assertRoute[route] = check
406+
}
407+
}
408+
409+
assertAllHTTPMethods("/%40{user}/{workspacename_and_agent}/apps/{workspaceapp}/*", RouteCheck{
410+
AssertAction: rbac.ActionCreate,
411+
AssertObject: workspaceExecObj,
412+
})
413+
assertAllHTTPMethods("/@{user}/{workspacename_and_agent}/apps/{workspaceapp}/*", RouteCheck{
414+
AssertAction: rbac.ActionCreate,
415+
AssertObject: workspaceExecObj,
416+
})
417+
403418
return skipRoutes, assertRoute
404419
}
405420

@@ -447,6 +462,7 @@ func (a *AuthTester) Test(ctx context.Context, assertRoute map[string]RouteCheck
447462
a.t.Run(name, func(t *testing.T) {
448463
a.authorizer.reset()
449464
routeKey := strings.TrimRight(name, "/")
465+
450466
routeAssertions, ok := assertRoute[routeKey]
451467
if !ok {
452468
// By default, all omitted routes check for just "authorize" called

0 commit comments

Comments
 (0)