Skip to content

fix(cli): add check for DisableOwnerWorkspaceExec in scaletest #14417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 26, 2024
Merged

fix(cli): add check for DisableOwnerWorkspaceExec in scaletest #14417

merged 3 commits into from
Aug 26, 2024

Conversation

johnstcn
Copy link
Member

@johnstcn johnstcn commented Aug 23, 2024
edited
Loading

  • Adds --use-host-login to coder exp scaletest workspace-traffic
  • Modifies getScaletestWorkspaces to conditionally filter workspaces if CODER_DISABLE_OWNER_WORKSPACE_ACCESS is set
  • Adds a warning if CODER_DISABLE_OWNER_WORKSPACE_ACCESS is set and scaletest workspaces are filtered out due to ownership mismatch.
  • Modifies coderdtest.New to detect cross-test bleed of CODER_DISABLE_OWNER_WORKSPACE_ACCESS and fast-fail.

@johnstcn johnstcn self-assigned this Aug 23, 2024
@johnstcn johnstcn changed the title fix(cli): scaletest: check for DisableOwnerWorkspaceExec fix(cli): scaletest: add check for DisableOwnerWorkspaceExec in scaletest Aug 23, 2024
johnstcn added a commit that referenced this pull request Aug 23, 2024
@johnstcn
revert change to coderdtest, see #14417 for correct fix
5f9dbfe
@johnstcn johnstcn mentioned this pull request Aug 23, 2024
Closed
Emyrk
Emyrk reviewed Aug 23, 2024
View reviewed changes
cli/exptest/exptest_scaletest_test.go
Comment on lines +22 to +33
func TestScaleTestWorkspaceTraffic_UseHostLogin(t *testing.T) {
ctx, cancelFunc := context.WithTimeout(context.Background(), testutil.WaitMedium)
defer cancelFunc()

log := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true})
client := coderdtest.New(t, &coderdtest.Options{
Logger: &log,
IncludeProvisionerDaemon: true,
DeploymentValues: coderdtest.DeploymentValues(t, func(dv *codersdk.DeploymentValues) {
dv.DisableOwnerWorkspaceExec = true
}),
})
Copy link
Member

@Emyrk Emyrk Aug 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this test not run in go tests?

I ask because these roles are global, and it is an unfortunate consequence atm. (maybe custom roles can solve this without being global in the future).

You can see how I reset the global state here when using this option:

coder/coderd/rbac/roles_test.go

Lines 63 to 66 in e6ed3c3

rbac.ReloadBuiltinRoles(&rbac.RoleOptions{
NoOwnerWorkspaceExec: true,
})
t.Cleanup(func() { rbac.ReloadBuiltinRoles(nil) })

and of course, no t.Parallel()

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As far as I can tell, each package is its own test binary. So the global variable would only affect tests run in the same package.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a require.FailNow() and validated that the test does indeed get run.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI is passing, so the global-ness is not impacting the rest 🤔

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, Cian is right, you can think of each package as being built as its own test binary (basically that's what actually happens too), so global scope changes are constrained to that package. This is one of the test parallelism mechanisms in Go too (run different packages concurrently) and works irrespective of t.Parallel().

Emyrk
Emyrk reviewed Aug 23, 2024
View reviewed changes
coderd/coderdtest/coderdtest.go Outdated
Comment on lines 278 to 282
if err := options.Authorizer.Authorize(context.Background(), ownerSubj, policy.ActionSSH, rbac.ResourceWorkspace); err != nil {
if rbac.IsUnauthorizedError(err) {
t.Fatal("DisableOwnerWorkspaceExec was set in some other test. Please move this test to its own package so that it does not impact other tests!")
}
require.NoError(t, err)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great check 👍

Emyrk
Emyrk approved these changes Aug 23, 2024
View reviewed changes
Copy link
Member

@Emyrk Emyrk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving since the coderdtest now asserts the global is correct and CI is passing.

mafredri
mafredri approved these changes Aug 26, 2024
View reviewed changes
@johnstcn johnstcn changed the title fix(cli): scaletest: add check for DisableOwnerWorkspaceExec in scaletest fix(cli): add check for DisableOwnerWorkspaceExec in scaletest Aug 26, 2024
@johnstcn johnstcn merged commit 6914862 into main Aug 26, 2024
30 checks passed
@johnstcn johnstcn deleted the cj/scaletest/no-owner-exec branch August 26, 2024 11:02
@github-actions github-actions bot locked and limited conversation to collaborators Aug 26, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mafredri mafredri mafredri approved these changes

@Emyrk Emyrk Emyrk approved these changes

@dannykopping dannykopping Awaiting requested review from dannykopping

Assignees

@johnstcn johnstcn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@johnstcn @mafredri @Emyrk