@@ -20,6 +20,7 @@ import (
2020 "github.com/coder/coder/v2/coderd/database"
2121 "github.com/coder/coder/v2/coderd/database/dbauthz"
2222 "github.com/coder/coder/v2/coderd/rbac"
23+ "github.com/coder/coder/v2/coderd/rbac/policy"
2324 "github.com/coder/coder/v2/coderd/rbac/regosql"
2425 "github.com/coder/coder/v2/codersdk"
2526 "github.com/coder/coder/v2/cryptorand"
@@ -84,7 +85,7 @@ func (a RBACAsserter) AllCalls() []AuthCall {
8485// AssertChecked will assert a given rbac check was performed. It does not care
8586// about order of checks, or any other checks. This is useful when you do not
8687// care about asserting every check that was performed.
87- func (a RBACAsserter ) AssertChecked (t * testing.T , action rbac .Action , objects ... interface {}) {
88+ func (a RBACAsserter ) AssertChecked (t * testing.T , action policy .Action , objects ... interface {}) {
8889 converted := a .convertObjects (t , objects ... )
8990 pairs := make ([]ActionObjectPair , 0 , len (converted ))
9091 for _ , obj := range converted {
@@ -95,7 +96,7 @@ func (a RBACAsserter) AssertChecked(t *testing.T, action rbac.Action, objects ..
9596
9697// AssertInOrder must be called in the correct order of authz checks. If the objects
9798// or actions are not in the correct order, the test will fail.
98- func (a RBACAsserter ) AssertInOrder (t * testing.T , action rbac .Action , objects ... interface {}) {
99+ func (a RBACAsserter ) AssertInOrder (t * testing.T , action policy .Action , objects ... interface {}) {
99100 converted := a .convertObjects (t , objects ... )
100101 pairs := make ([]ActionObjectPair , 0 , len (converted ))
101102 for _ , obj := range converted {
@@ -155,13 +156,13 @@ type RecordingAuthorizer struct {
155156}
156157
157158type ActionObjectPair struct {
158- Action rbac .Action
159+ Action policy .Action
159160 Object rbac.Object
160161}
161162
162163// Pair is on the RecordingAuthorizer to be easy to find and keep the pkg
163164// interface smaller.
164- func (* RecordingAuthorizer ) Pair (action rbac .Action , object rbac.Objecter ) ActionObjectPair {
165+ func (* RecordingAuthorizer ) Pair (action policy .Action , object rbac.Objecter ) ActionObjectPair {
165166 return ActionObjectPair {
166167 Action : action ,
167168 Object : object .RBACObject (),
@@ -248,7 +249,7 @@ func (r *RecordingAuthorizer) AssertActor(t *testing.T, actor rbac.Subject, did
248249}
249250
250251// recordAuthorize is the internal method that records the Authorize() call.
251- func (r * RecordingAuthorizer ) recordAuthorize (subject rbac.Subject , action rbac .Action , object rbac.Object ) {
252+ func (r * RecordingAuthorizer ) recordAuthorize (subject rbac.Subject , action policy .Action , object rbac.Object ) {
252253 r .Lock ()
253254 defer r .Unlock ()
254255
@@ -283,15 +284,15 @@ func caller(skip int) string {
283284 return str
284285}
285286
286- func (r * RecordingAuthorizer ) Authorize (ctx context.Context , subject rbac.Subject , action rbac .Action , object rbac.Object ) error {
287+ func (r * RecordingAuthorizer ) Authorize (ctx context.Context , subject rbac.Subject , action policy .Action , object rbac.Object ) error {
287288 r .recordAuthorize (subject , action , object )
288289 if r .Wrapped == nil {
289290 panic ("Developer error: RecordingAuthorizer.Wrapped is nil" )
290291 }
291292 return r .Wrapped .Authorize (ctx , subject , action , object )
292293}
293294
294- func (r * RecordingAuthorizer ) Prepare (ctx context.Context , subject rbac.Subject , action rbac .Action , objectType string ) (rbac.PreparedAuthorized , error ) {
295+ func (r * RecordingAuthorizer ) Prepare (ctx context.Context , subject rbac.Subject , action policy .Action , objectType string ) (rbac.PreparedAuthorized , error ) {
295296 r .RLock ()
296297 defer r .RUnlock ()
297298 if r .Wrapped == nil {
@@ -325,7 +326,7 @@ type PreparedRecorder struct {
325326 rec * RecordingAuthorizer
326327 prepped rbac.PreparedAuthorized
327328 subject rbac.Subject
328- action rbac .Action
329+ action policy .Action
329330
330331 rw sync.Mutex
331332 usingSQL bool
@@ -357,11 +358,11 @@ type FakeAuthorizer struct {
357358
358359var _ rbac.Authorizer = (* FakeAuthorizer )(nil )
359360
360- func (d * FakeAuthorizer ) Authorize (_ context.Context , _ rbac.Subject , _ rbac .Action , _ rbac.Object ) error {
361+ func (d * FakeAuthorizer ) Authorize (_ context.Context , _ rbac.Subject , _ policy .Action , _ rbac.Object ) error {
361362 return d .AlwaysReturn
362363}
363364
364- func (d * FakeAuthorizer ) Prepare (_ context.Context , subject rbac.Subject , action rbac .Action , _ string ) (rbac.PreparedAuthorized , error ) {
365+ func (d * FakeAuthorizer ) Prepare (_ context.Context , subject rbac.Subject , action policy .Action , _ string ) (rbac.PreparedAuthorized , error ) {
365366 return & fakePreparedAuthorizer {
366367 Original : d ,
367368 Subject : subject ,
@@ -377,7 +378,7 @@ type fakePreparedAuthorizer struct {
377378 sync.RWMutex
378379 Original * FakeAuthorizer
379380 Subject rbac.Subject
380- Action rbac .Action
381+ Action policy .Action
381382}
382383
383384func (f * fakePreparedAuthorizer ) Authorize (ctx context.Context , object rbac.Object ) error {
@@ -392,7 +393,7 @@ func (*fakePreparedAuthorizer) CompileToSQL(_ context.Context, _ regosql.Convert
392393
393394// Random rbac helper funcs
394395
395- func RandomRBACAction () rbac .Action {
396+ func RandomRBACAction () policy .Action {
396397 all := rbac .AllActions ()
397398 return all [must (cryptorand .Intn (len (all )))]
398399}
@@ -403,10 +404,10 @@ func RandomRBACObject() rbac.Object {
403404 Owner : uuid .NewString (),
404405 OrgID : uuid .NewString (),
405406 Type : randomRBACType (),
406- ACLUserList : map [string ][]rbac .Action {
407+ ACLUserList : map [string ][]policy .Action {
407408 namesgenerator .GetRandomName (1 ): {RandomRBACAction ()},
408409 },
409- ACLGroupList : map [string ][]rbac .Action {
410+ ACLGroupList : map [string ][]policy .Action {
410411 namesgenerator .GetRandomName (1 ): {RandomRBACAction ()},
411412 },
412413 }
0 commit comments