Skip to content

Commit d0477c6

Browse files
mafredrimafredri
committed
fix tests
1 parent 765c93a commit d0477c6

File tree

2 files changed

+24
-28
lines changed

2 files changed

+24
-28
lines changed

coderd/provisionerjobs.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@ import (
2020
"github.com/coder/coder/v2/coderd/database/pubsub"
2121
"github.com/coder/coder/v2/coderd/httpapi"
2222
"github.com/coder/coder/v2/coderd/httpmw"
23+
"github.com/coder/coder/v2/coderd/rbac"
24+
"github.com/coder/coder/v2/coderd/rbac/policy"
2325
"github.com/coder/coder/v2/coderd/util/slice"
2426
"github.com/coder/coder/v2/codersdk"
2527
"github.com/coder/coder/v2/codersdk/wsjson"
@@ -41,6 +43,12 @@ func (api *API) provisionerJobs(rw http.ResponseWriter, r *http.Request) {
4143
ctx := r.Context()
4244
org := httpmw.OrganizationParam(r)
4345

46+
// For now, only owners and template admins can access provisioner jobs.
47+
if !api.Authorize(r, policy.ActionRead, rbac.ResourceProvisionerJobs.InOrg(org.ID)) {
48+
httpapi.ResourceNotFound(rw)
49+
return
50+
}
51+
4452
qp := r.URL.Query()
4553
p := httpapi.NewQueryParamParser()
4654
limit := p.PositiveInt32(qp, 0, "limit")

coderd/provisionerjobs_test.go

Lines changed: 16 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ import (
1313
"github.com/coder/coder/v2/coderd/database"
1414
"github.com/coder/coder/v2/coderd/database/dbgen"
1515
"github.com/coder/coder/v2/coderd/database/dbtestutil"
16+
"github.com/coder/coder/v2/coderd/rbac"
1617
"github.com/coder/coder/v2/codersdk"
1718
"github.com/coder/coder/v2/provisioner/echo"
1819
"github.com/coder/coder/v2/provisionersdk/proto"
@@ -22,37 +23,16 @@ import (
2223
func TestProvisionerJobs(t *testing.T) {
2324
t.Parallel()
2425

25-
// encode := func(v interface{}) []byte {
26-
// b, err := json.Marshal(v)
27-
// require.NoError(t, err)
28-
// return b
29-
// }
30-
31-
// db, ps := dbtestutil.NewDB(t,
32-
// dbtestutil.WithDumpOnFailure(),
33-
// //nolint:gocritic // Use UTC for consistent timestamp length in golden files.
34-
// dbtestutil.WithTimezone("UTC"),
35-
// )
36-
// client, _, coderdAPI := coderdtest.NewWithAPI(t, &coderdtest.Options{
37-
// IncludeProvisionerDaemon: true,
38-
// Database: db,
39-
// Pubsub: ps,
40-
// })
41-
// owner := coderdtest.CreateFirstUser(t, client)
42-
// _, memberUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID)
43-
4426
db, ps := dbtestutil.NewDB(t, dbtestutil.WithDumpOnFailure())
4527
client := coderdtest.New(t, &coderdtest.Options{
4628
IncludeProvisionerDaemon: true,
4729
Database: db,
4830
Pubsub: ps,
4931
})
5032
owner := coderdtest.CreateFirstUser(t, client)
33+
templateAdminClient, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.ScopedRoleOrgTemplateAdmin(owner.OrganizationID))
5134
memberClient, member := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID)
5235

53-
// client, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{IncludeProvisionerDaemon: true})
54-
// user := coderdtest.CreateFirstUser(t, client)
55-
5636
version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil)
5737
coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID)
5838
template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID)
@@ -83,33 +63,41 @@ func TestProvisionerJobs(t *testing.T) {
8363
t.Run("All", func(t *testing.T) {
8464
t.Parallel()
8565
ctx := testutil.Context(t, testutil.WaitMedium)
86-
jobs, err := memberClient.OrganizationProvisionerJobs(ctx, owner.OrganizationID, nil)
66+
jobs, err := templateAdminClient.OrganizationProvisionerJobs(ctx, owner.OrganizationID, nil)
8767
require.NoError(t, err)
8868
require.Len(t, jobs, 3)
8969
})
9070

9171
t.Run("Pending", func(t *testing.T) {
9272
t.Parallel()
9373
ctx := testutil.Context(t, testutil.WaitMedium)
94-
jobs, err := memberClient.OrganizationProvisionerJobs(ctx, owner.OrganizationID, &codersdk.OrganizationProvisionerJobsOptions{
74+
jobs, err := templateAdminClient.OrganizationProvisionerJobs(ctx, owner.OrganizationID, &codersdk.OrganizationProvisionerJobsOptions{
9575
Status: []codersdk.ProvisionerJobStatus{codersdk.ProvisionerJobPending},
9676
})
97-
for _, job := range jobs {
98-
t.Logf("job: %#v", job)
99-
}
10077
require.NoError(t, err)
10178
require.Len(t, jobs, 1)
10279
})
10380

10481
t.Run("Limit", func(t *testing.T) {
10582
t.Parallel()
10683
ctx := testutil.Context(t, testutil.WaitMedium)
107-
jobs, err := memberClient.OrganizationProvisionerJobs(ctx, owner.OrganizationID, &codersdk.OrganizationProvisionerJobsOptions{
84+
jobs, err := templateAdminClient.OrganizationProvisionerJobs(ctx, owner.OrganizationID, &codersdk.OrganizationProvisionerJobsOptions{
10885
Limit: 1,
10986
})
11087
require.NoError(t, err)
11188
require.Len(t, jobs, 1)
11289
})
90+
91+
// For now, this is not allowed even though the member has created a
92+
// workspace. Once member-level permissions for jobs are supported
93+
// by RBAC, this test should be updated.
94+
t.Run("MemberDenied", func(t *testing.T) {
95+
t.Parallel()
96+
ctx := testutil.Context(t, testutil.WaitMedium)
97+
jobs, err := memberClient.OrganizationProvisionerJobs(ctx, owner.OrganizationID, nil)
98+
require.Error(t, err)
99+
require.Len(t, jobs, 0)
100+
})
113101
}
114102

115103
func TestProvisionerJobLogs(t *testing.T) {

0 commit comments

Comments
 (0)