Add more dbauthz tests

Emyrk · Emyrk · commit e930fb22a031 · 2023-12-15T11:27:02.000-06:00
Catch dbmem panic bug
diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go
@@ -2266,10 +2266,12 @@ func (q *querier) InsertWorkspaceAgent(ctx context.Context, arg database.InsertW
 }
 
 func (q *querier) InsertWorkspaceAgentLogSources(ctx context.Context, arg database.InsertWorkspaceAgentLogSourcesParams) ([]database.WorkspaceAgentLogSource, error) {
+	// TODO: This is used by the agent, should we have an rbac check here?
 	return q.db.InsertWorkspaceAgentLogSources(ctx, arg)
 }
 
 func (q *querier) InsertWorkspaceAgentLogs(ctx context.Context, arg database.InsertWorkspaceAgentLogsParams) ([]database.WorkspaceAgentLog, error) {
+	// TODO: This is used by the agent, should we have an rbac check here?
 	return q.db.InsertWorkspaceAgentLogs(ctx, arg)
 }
 
diff --git a/coderd/database/dbauthz/dbauthz_test.go b/coderd/database/dbauthz/dbauthz_test.go
@@ -225,6 +225,19 @@ func (s *MethodTestSuite) TestAPIKey() {
 			ID: a.ID,
 		}).Asserts(a, rbac.ActionUpdate).Returns()
 	}))
+	s.Run("DeleteApplicationConnectAPIKeysByUserID", s.Subtest(func(db database.Store, check *expects) {
+		a, _ := dbgen.APIKey(s.T(), db, database.APIKey{
+			Scope: database.APIKeyScopeApplicationConnect,
+		})
+		check.Args(a.UserID).Asserts(rbac.ResourceAPIKey.WithOwner(a.UserID.String()), rbac.ActionDelete).Returns()
+	}))
+	s.Run("DeleteExternalAuthLink", s.Subtest(func(db database.Store, check *expects) {
+		a := dbgen.ExternalAuthLink(s.T(), db, database.ExternalAuthLink{})
+		check.Args(database.DeleteExternalAuthLinkParams{
+			ProviderID: a.ProviderID,
+			UserID:     a.UserID,
+		}).Asserts(a, rbac.ActionDelete).Returns()
+	}))
 }
 
 func (s *MethodTestSuite) TestAuditLogs() {
@@ -1048,6 +1061,11 @@ func (s *MethodTestSuite) TestUser() {
 			rbac.ResourceRoleAssignment, rbac.ActionDelete,
 		).Returns(o)
 	}))
+	s.Run("AllUserIDs", s.Subtest(func(db database.Store, check *expects) {
+		a := dbgen.User(s.T(), db, database.User{})
+		b := dbgen.User(s.T(), db, database.User{})
+		check.Args().Asserts(rbac.ResourceSystem, rbac.ActionRead).Returns(slice.New(a.ID, b.ID))
+	}))
 }
 
 func (s *MethodTestSuite) TestWorkspace() {
@@ -1405,6 +1423,14 @@ func (s *MethodTestSuite) TestWorkspace() {
 		app := dbgen.WorkspaceApp(s.T(), db, database.WorkspaceApp{AgentID: agt.ID})
 		check.Args(app.ID).Asserts(ws, rbac.ActionRead).Returns(ws)
 	}))
+	s.Run("ActivityBumpWorkspace", s.Subtest(func(db database.Store, check *expects) {
+		ws := dbgen.Workspace(s.T(), db, database.Workspace{})
+		build := dbgen.WorkspaceBuild(s.T(), db, database.WorkspaceBuild{WorkspaceID: ws.ID, JobID: uuid.New()})
+		dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{ID: build.JobID, Type: database.ProvisionerJobTypeWorkspaceBuild})
+		check.Args(database.ActivityBumpWorkspaceParams{
+			WorkspaceID: ws.ID,
+		}).Asserts(ws, rbac.ActionUpdate).Returns()
+	}))
 }
 
 func (s *MethodTestSuite) TestExtraMethods() {
@@ -1417,6 +1443,15 @@ func (s *MethodTestSuite) TestExtraMethods() {
 		s.NoError(err, "insert provisioner daemon")
 		check.Args().Asserts(d, rbac.ActionRead)
 	}))
+	s.Run("DeleteOldProvisionerDaemons", s.Subtest(func(db database.Store, check *expects) {
+		_, err := db.UpsertProvisionerDaemon(context.Background(), database.UpsertProvisionerDaemonParams{
+			Tags: database.StringMap(map[string]string{
+				provisionersdk.TagScope: provisionersdk.ScopeOrganization,
+			}),
+		})
+		s.NoError(err, "insert provisioner daemon")
+		check.Args().Asserts(rbac.ResourceSystem, rbac.ActionDelete)
+	}))
 }
 
 // All functions in this method test suite are not implemented in dbmem, but
@@ -1877,4 +1912,25 @@ func (s *MethodTestSuite) TestSystemFunctions() {
 			Transition: database.WorkspaceTransitionStart,
 		}).Asserts(rbac.ResourceSystem, rbac.ActionCreate)
 	}))
+	s.Run("DeleteOldWorkspaceAgentLogs", s.Subtest(func(db database.Store, check *expects) {
+		check.Args().Asserts(rbac.ResourceSystem, rbac.ActionDelete)
+	}))
+	s.Run("InsertWorkspaceAgentStats", s.Subtest(func(db database.Store, check *expects) {
+		check.Args(database.InsertWorkspaceAgentStatsParams{}).Asserts(rbac.ResourceSystem, rbac.ActionCreate).Errors(matchAnyError)
+	}))
+	s.Run("InsertWorkspaceAppStats", s.Subtest(func(db database.Store, check *expects) {
+		check.Args(database.InsertWorkspaceAppStatsParams{}).Asserts(rbac.ResourceSystem, rbac.ActionCreate)
+	}))
+	s.Run("InsertWorkspaceAgentScripts", s.Subtest(func(db database.Store, check *expects) {
+		check.Args(database.InsertWorkspaceAgentScriptsParams{}).Asserts(rbac.ResourceSystem, rbac.ActionCreate)
+	}))
+	s.Run("InsertWorkspaceAgentMetadata", s.Subtest(func(db database.Store, check *expects) {
+		check.Args(database.InsertWorkspaceAgentMetadataParams{}).Asserts(rbac.ResourceSystem, rbac.ActionCreate)
+	}))
+	s.Run("InsertWorkspaceAgentLogs", s.Subtest(func(db database.Store, check *expects) {
+		check.Args(database.InsertWorkspaceAgentLogsParams{}).Asserts()
+	}))
+	s.Run("InsertWorkspaceAgentLogSources", s.Subtest(func(db database.Store, check *expects) {
+		check.Args(database.InsertWorkspaceAgentLogSourcesParams{}).Asserts()
+	}))
 }
diff --git a/coderd/database/dbauthz/setup_test.go b/coderd/database/dbauthz/setup_test.go
@@ -2,6 +2,7 @@ package dbauthz_test
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"reflect"
 	"sort"
@@ -27,6 +28,10 @@ import (
 	"github.com/coder/coder/v2/coderd/util/slice"
 )
 
+var (
+	matchAnyError = errors.New("match any error")
+)
+
 var skipMethods = map[string]string{
 	"InTx":           "Not relevant",
 	"Ping":           "Not relevant",
@@ -174,7 +179,12 @@ func (s *MethodTestSuite) Subtest(testCaseF func(db database.Store, check *expec
 			if testCase.err == nil {
 				s.NoError(err, "method %q returned an error", methodName)
 			} else {
-				s.EqualError(err, testCase.err.Error(), "method %q returned an unexpected error", methodName)
+				if errors.Is(testCase.err, matchAnyError) {
+					// This means we do not care exactly what the error is.
+					s.Error(err, "method %q returned an error", methodName)
+				} else {
+					s.EqualError(err, testCase.err.Error(), "method %q returned an unexpected error", methodName)
+				}
 			}
 
 			// Some tests may not care about the outputs, so we only assert if
diff --git a/coderd/database/dbmem/dbmem.go b/coderd/database/dbmem/dbmem.go
@@ -880,7 +880,7 @@ func (q *FakeQuerier) AllUserIDs(_ context.Context) ([]uuid.UUID, error) {
 	defer q.mutex.RUnlock()
 	userIDs := make([]uuid.UUID, 0, len(q.users))
 	for idx := range q.users {
-		userIDs[idx] = q.users[idx].ID
+		userIDs = append(userIDs, q.users[idx].ID)
 	}
 	return userIDs, nil
 }

Original file line number	Diff line number	Diff line change
`@@ -2266,10 +2266,12 @@ func (q *querier) InsertWorkspaceAgent(ctx context.Context, arg database.InsertW`
`2266`	`2266`	`}`
`2267`	`2267`
`2268`	`2268`	`func (q *querier) InsertWorkspaceAgentLogSources(ctx context.Context, arg database.InsertWorkspaceAgentLogSourcesParams) ([]database.WorkspaceAgentLogSource, error) {`
	`2269`	`+ // TODO: This is used by the agent, should we have an rbac check here?`
`2269`	`2270`	`return q.db.InsertWorkspaceAgentLogSources(ctx, arg)`
`2270`	`2271`	`}`
`2271`	`2272`
`2272`	`2273`	`func (q *querier) InsertWorkspaceAgentLogs(ctx context.Context, arg database.InsertWorkspaceAgentLogsParams) ([]database.WorkspaceAgentLog, error) {`
	`2274`	`+ // TODO: This is used by the agent, should we have an rbac check here?`
`2273`	`2275`	`return q.db.InsertWorkspaceAgentLogs(ctx, arg)`
`2274`	`2276`	`}`
`2275`	`2277`
Original file line number	Diff line number	Diff line change
`@@ -880,7 +880,7 @@ func (q *FakeQuerier) AllUserIDs(_ context.Context) ([]uuid.UUID, error) {`
`880`	`880`	`defer q.mutex.RUnlock()`
`881`	`881`	`userIDs := make([]uuid.UUID, 0, len(q.users))`
`882`	`882`	`for idx := range q.users {`
`883`		`- userIDs[idx] = q.users[idx].ID`
	`883`	`+ userIDs = append(userIDs, q.users[idx].ID)`
`884`	`884`	`}`
`885`	`885`	`return userIDs, nil`
`886`	`886`	`}`