Skip to content

Commit cf14a92

Browse files
johnstcnjohnstcn
committed
chore(scripts/rules.go): broaden scope of testingWithOwnerUser linter
1 parent 43a8674 commit cf14a92

File tree

1 file changed

+27
-0
lines changed

1 file changed

+27
-0
lines changed

scripts/rules.go

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,10 @@ func dbauthzAuthorizationContext(m dsl.Matcher) {
5252
func testingWithOwnerUser(m dsl.Matcher) {
5353
m.Import("testing")
5454
m.Import("github.com/coder/coder/v2/cli/clitest")
55+
m.Import("github.com/coder/coder/v2/enterprise/coderd/coderenttest")
5556

57+
// For the AGPL code, we just check for SetupConfig being called with a
58+
// client authenticated as the Owner user.
5659
m.Match(`
5760
$_ := coderdtest.CreateFirstUser($t, $client)
5861
$*_
@@ -63,6 +66,30 @@ func testingWithOwnerUser(m dsl.Matcher) {
6366
m.File().Name.Matches(`_test\.go$`)).
6467
At(m["SetupConfig"]).
6568
Report(`The CLI will be operating as the owner user, which has unrestricted permissions. Consider creating a different user.`)
69+
70+
// For the enterprise code, we check for any method called on the client.
71+
// While we want to be a bit stricter here, some methods are known to require
72+
// the owner user, so we exclude them.
73+
m.Match(`
74+
$client, $_ := coderdenttest.New($t, $*_)
75+
$*_
76+
$_, $_ := $client.$Method($*_)
77+
`).Where(m["t"].Type.Implements("testing.TB") &&
78+
m.File().Name.Matches(`_test\.go$`) &&
79+
!m["Method"].Text.Matches(`^(UpdateAppearance|AddLicense|InsertLicense|DeleteLicense|CreateWorkspaceProxy|Replicas|Regions)$`)).
80+
At(m["Method"]).
81+
Report(`The CLI will be operating as the owner user, which has unrestricted permissions. Consider creating a different user.`)
82+
83+
// Sadly, we need to match both one- and two-valued assignments separately.
84+
m.Match(`
85+
$client, $_ := coderdenttest.New($t, $*_)
86+
$*_
87+
$_ := $client.$Method($*_)
88+
`).Where(m["t"].Type.Implements("testing.TB") &&
89+
m.File().Name.Matches(`_test\.go$`) &&
90+
!m["Method"].Text.Matches(`^(UpdateAppearance|AddLicense|InsertLicense|DeleteLicense|CreateWorkspaceProxy|Replicas|Regions)$`)).
91+
At(m["Method"]).
92+
Report(`The CLI will be operating as the owner user, which has unrestricted permissions. Consider creating a different user.`)
6693
}
6794

6895
// Use xerrors everywhere! It provides additional stacktrace info!

0 commit comments

Comments
 (0)