Skip to content

chore: refactor user -> rbac.subject into a function #13624

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jun 21, 2024
Merged

chore: refactor user -> rbac.subject into a function #13624

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
743c19e
test: implement test to assert deleted custom roles are omitted
Emyrk Jun 21, 2024
b8fa251
Add comments and more assertions
Emyrk Jun 21, 2024
0213df9
fixup test
Emyrk Jun 21, 2024
9466f74
chore: refactor user subject logic to be in 1 place
Emyrk Jun 21, 2024
cb7d004
add unit test for deleted role
Emyrk Jun 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fixup test
  • Loading branch information
@Emyrk
Emyrk committed Jun 21, 2024
commit 0213df9460d8566e2e399cd89c521a737fe2e619
48 changes: 27 additions & 21 deletions coderd/httpmw/apikey_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -713,21 +713,27 @@ func TestAPIKey(t *testing.T) {
db = dbmem.New()
org = dbgen.Organization(t, db, database.Organization{})
customRole = dbgen.CustomRole(t, db, database.CustomRole{
Name: "custom-role",

Name: "custom-role",
OrgPermissions: []database.CustomRolePermission{},
OrganizationID: uuid.NullUUID{
UUID: org.ID,
Valid: true,
},
})
user = dbgen.User(t, db, database.User{
RBACRoles: []string{
rbac.ScopedRoleOrgAdmin(org.ID).String(),
customRole.RoleIdentifier().String(),
RBACRoles: []string{},
})
_ = dbgen.OrganizationMember(t, db, database.OrganizationMember{
UserID: user.ID,
OrganizationID: org.ID,
CreatedAt: time.Time{},
UpdatedAt: time.Time{},
Roles: []string{
rbac.RoleOrgAdmin(),
customRole.Name,
},
})
sentAPIKey, token = dbgen.APIKey(t, db, database.APIKey{
_, token = dbgen.APIKey(t, db, database.APIKey{
UserID: user.ID,
ExpiresAt: dbtime.Now().AddDate(0, 0, 1),
})
Expand Down Expand Up @@ -763,11 +769,6 @@ func TestAPIKey(t *testing.T) {
res := rw.Result()
defer res.Body.Close()
require.Equal(t, http.StatusOK, res.StatusCode)

gotAPIKey, err := db.GetAPIKeyByID(r.Context(), sentAPIKey.ID)
require.NoError(t, err)

require.Equal(t, sentAPIKey.ExpiresAt, gotAPIKey.ExpiresAt)
})

// There is no sql foreign key constraint to require all assigned roles
Expand All @@ -780,13 +781,24 @@ func TestAPIKey(t *testing.T) {
org = dbgen.Organization(t, db, database.Organization{})
user = dbgen.User(t, db, database.User{
RBACRoles: []string{
rbac.ScopedRoleOrgAdmin(org.ID).String(),
rbac.RoleIdentifier{Name: roleNotExistsName, OrganizationID: org.ID}.String(),
// Also provide an org not exists
// Also provide an org not exists. In practice this makes no sense
// to store org roles in the user table, but there is no org to
// store it in. So just throw this here for even more unexpected
// behavior handling!
rbac.RoleIdentifier{Name: roleNotExistsName, OrganizationID: uuid.New()}.String(),
},
})
sentAPIKey, token = dbgen.APIKey(t, db, database.APIKey{
_ = dbgen.OrganizationMember(t, db, database.OrganizationMember{
UserID: user.ID,
OrganizationID: org.ID,
CreatedAt: time.Time{},
UpdatedAt: time.Time{},
Roles: []string{
rbac.RoleOrgAdmin(),
roleNotExistsName,
},
})
_, token = dbgen.APIKey(t, db, database.APIKey{
UserID: user.ID,
ExpiresAt: dbtime.Now().AddDate(0, 0, 1),
})
Expand Down Expand Up @@ -822,11 +834,5 @@ func TestAPIKey(t *testing.T) {
res := rw.Result()
defer res.Body.Close()
require.Equal(t, http.StatusOK, res.StatusCode)

gotAPIKey, err := db.GetAPIKeyByID(r.Context(), sentAPIKey.ID)
require.NoError(t, err)

require.Equal(t, sentAPIKey.ExpiresAt, gotAPIKey.ExpiresAt)
})

}
Loading