Skip to content

chore: enforcement of dbauthz tests was broken #11218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
Dec 15, 2023
Merged

chore: enforcement of dbauthz tests was broken #11218

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
ef12fbb
chore: enforcement of dbauthz tests was broken
Emyrk Dec 14, 2023
15e91ff
Add another skip
Emyrk Dec 14, 2023
a876975
dbauthz: allow asserting errors in tests
johnstcn Dec 15, 2023
f38be5d
add tailnet methods
johnstcn Dec 15, 2023
193d3b3
add dbcrypt methods
johnstcn Dec 15, 2023
2ddae13
fixup! chore: enforcement of dbauthz tests was broken
johnstcn Dec 15, 2023
c31b190
linting
Emyrk Dec 15, 2023
e930fb2
Add more dbauthz tests
Emyrk Dec 15, 2023
f6fe76f
GetTemplateInsights require an actor to call
Emyrk Dec 15, 2023
48857d2
Add more system functions;
Emyrk Dec 15, 2023
2e2f6be
Implement another chunk
Emyrk Dec 15, 2023
5d2f9b1
Another chunk of tests
Emyrk Dec 15, 2023
6481561
Another chunk
Emyrk Dec 15, 2023
55fbd8f
Update template tests
Emyrk Dec 15, 2023
b5ba222
Passing tests
Emyrk Dec 15, 2023
531c7f8
Lint
Emyrk Dec 15, 2023
440573a
lint
Emyrk Dec 15, 2023
af0b3f5
fmt
Emyrk Dec 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add more dbauthz tests 
Catch dbmem panic bug
  • Loading branch information
@Emyrk
Emyrk committed Dec 15, 2023
commit e930fb22a03175684faaa8e3bbd4fd8d6f5576fb
2 changes: 2 additions & 0 deletions coderd/database/dbauthz/dbauthz.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2266,10 +2266,12 @@ func (q *querier) InsertWorkspaceAgent(ctx context.Context, arg database.InsertW
}

func (q *querier) InsertWorkspaceAgentLogSources(ctx context.Context, arg database.InsertWorkspaceAgentLogSourcesParams) ([]database.WorkspaceAgentLogSource, error) {
// TODO: This is used by the agent, should we have an rbac check here?
return q.db.InsertWorkspaceAgentLogSources(ctx, arg)
}

func (q *querier) InsertWorkspaceAgentLogs(ctx context.Context, arg database.InsertWorkspaceAgentLogsParams) ([]database.WorkspaceAgentLog, error) {
// TODO: This is used by the agent, should we have an rbac check here?
return q.db.InsertWorkspaceAgentLogs(ctx, arg)
}

Expand Down
56 changes: 56 additions & 0 deletions coderd/database/dbauthz/dbauthz_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,19 @@ func (s *MethodTestSuite) TestAPIKey() {
ID: a.ID,
}).Asserts(a, rbac.ActionUpdate).Returns()
}))
s.Run("DeleteApplicationConnectAPIKeysByUserID", s.Subtest(func(db database.Store, check *expects) {
a, _ := dbgen.APIKey(s.T(), db, database.APIKey{
Scope: database.APIKeyScopeApplicationConnect,
})
check.Args(a.UserID).Asserts(rbac.ResourceAPIKey.WithOwner(a.UserID.String()), rbac.ActionDelete).Returns()
}))
s.Run("DeleteExternalAuthLink", s.Subtest(func(db database.Store, check *expects) {
a := dbgen.ExternalAuthLink(s.T(), db, database.ExternalAuthLink{})
check.Args(database.DeleteExternalAuthLinkParams{
ProviderID: a.ProviderID,
UserID: a.UserID,
}).Asserts(a, rbac.ActionDelete).Returns()
}))
}

func (s *MethodTestSuite) TestAuditLogs() {
Expand Down Expand Up @@ -1048,6 +1061,11 @@ func (s *MethodTestSuite) TestUser() {
rbac.ResourceRoleAssignment, rbac.ActionDelete,
).Returns(o)
}))
s.Run("AllUserIDs", s.Subtest(func(db database.Store, check *expects) {
a := dbgen.User(s.T(), db, database.User{})
b := dbgen.User(s.T(), db, database.User{})
check.Args().Asserts(rbac.ResourceSystem, rbac.ActionRead).Returns(slice.New(a.ID, b.ID))
}))
}

func (s *MethodTestSuite) TestWorkspace() {
Expand Down Expand Up @@ -1405,6 +1423,14 @@ func (s *MethodTestSuite) TestWorkspace() {
app := dbgen.WorkspaceApp(s.T(), db, database.WorkspaceApp{AgentID: agt.ID})
check.Args(app.ID).Asserts(ws, rbac.ActionRead).Returns(ws)
}))
s.Run("ActivityBumpWorkspace", s.Subtest(func(db database.Store, check *expects) {
ws := dbgen.Workspace(s.T(), db, database.Workspace{})
build := dbgen.WorkspaceBuild(s.T(), db, database.WorkspaceBuild{WorkspaceID: ws.ID, JobID: uuid.New()})
dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{ID: build.JobID, Type: database.ProvisionerJobTypeWorkspaceBuild})
check.Args(database.ActivityBumpWorkspaceParams{
WorkspaceID: ws.ID,
}).Asserts(ws, rbac.ActionUpdate).Returns()
}))
}

func (s *MethodTestSuite) TestExtraMethods() {
Expand All @@ -1417,6 +1443,15 @@ func (s *MethodTestSuite) TestExtraMethods() {
s.NoError(err, "insert provisioner daemon")
check.Args().Asserts(d, rbac.ActionRead)
}))
s.Run("DeleteOldProvisionerDaemons", s.Subtest(func(db database.Store, check *expects) {
_, err := db.UpsertProvisionerDaemon(context.Background(), database.UpsertProvisionerDaemonParams{
Tags: database.StringMap(map[string]string{
provisionersdk.TagScope: provisionersdk.ScopeOrganization,
}),
})
s.NoError(err, "insert provisioner daemon")
check.Args().Asserts(rbac.ResourceSystem, rbac.ActionDelete)
}))
}

// All functions in this method test suite are not implemented in dbmem, but
Expand Down Expand Up @@ -1877,4 +1912,25 @@ func (s *MethodTestSuite) TestSystemFunctions() {
Transition: database.WorkspaceTransitionStart,
}).Asserts(rbac.ResourceSystem, rbac.ActionCreate)
}))
s.Run("DeleteOldWorkspaceAgentLogs", s.Subtest(func(db database.Store, check *expects) {
check.Args().Asserts(rbac.ResourceSystem, rbac.ActionDelete)
}))
s.Run("InsertWorkspaceAgentStats", s.Subtest(func(db database.Store, check *expects) {
check.Args(database.InsertWorkspaceAgentStatsParams{}).Asserts(rbac.ResourceSystem, rbac.ActionCreate).Errors(matchAnyError)
}))
s.Run("InsertWorkspaceAppStats", s.Subtest(func(db database.Store, check *expects) {
check.Args(database.InsertWorkspaceAppStatsParams{}).Asserts(rbac.ResourceSystem, rbac.ActionCreate)
}))
s.Run("InsertWorkspaceAgentScripts", s.Subtest(func(db database.Store, check *expects) {
check.Args(database.InsertWorkspaceAgentScriptsParams{}).Asserts(rbac.ResourceSystem, rbac.ActionCreate)
}))
s.Run("InsertWorkspaceAgentMetadata", s.Subtest(func(db database.Store, check *expects) {
check.Args(database.InsertWorkspaceAgentMetadataParams{}).Asserts(rbac.ResourceSystem, rbac.ActionCreate)
}))
s.Run("InsertWorkspaceAgentLogs", s.Subtest(func(db database.Store, check *expects) {
check.Args(database.InsertWorkspaceAgentLogsParams{}).Asserts()
}))
s.Run("InsertWorkspaceAgentLogSources", s.Subtest(func(db database.Store, check *expects) {
check.Args(database.InsertWorkspaceAgentLogSourcesParams{}).Asserts()
}))
}
12 changes: 11 additions & 1 deletion coderd/database/dbauthz/setup_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package dbauthz_test

import (
"context"
"errors"
"fmt"
"reflect"
"sort"
Expand All @@ -27,6 +28,10 @@ import (
"github.com/coder/coder/v2/coderd/util/slice"
)

var (
matchAnyError = errors.New("match any error")
)

var skipMethods = map[string]string{
"InTx": "Not relevant",
"Ping": "Not relevant",
Expand Down Expand Up @@ -174,7 +179,12 @@ func (s *MethodTestSuite) Subtest(testCaseF func(db database.Store, check *expec
if testCase.err == nil {
s.NoError(err, "method %q returned an error", methodName)
} else {
s.EqualError(err, testCase.err.Error(), "method %q returned an unexpected error", methodName)
if errors.Is(testCase.err, matchAnyError) {
// This means we do not care exactly what the error is.
s.Error(err, "method %q returned an error", methodName)
} else {
s.EqualError(err, testCase.err.Error(), "method %q returned an unexpected error", methodName)
}
}

// Some tests may not care about the outputs, so we only assert if
Expand Down
2 changes: 1 addition & 1 deletion coderd/database/dbmem/dbmem.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -880,7 +880,7 @@ func (q *FakeQuerier) AllUserIDs(_ context.Context) ([]uuid.UUID, error) {
defer q.mutex.RUnlock()
userIDs := make([]uuid.UUID, 0, len(q.users))
for idx := range q.users {
userIDs[idx] = q.users[idx].ID
userIDs = append(userIDs, q.users[idx].ID)
}
return userIDs, nil
}
Expand Down