|
6 | 6 | "net/http" |
7 | 7 | "strings" |
8 | 8 | "testing" |
| 9 | + "time" |
9 | 10 |
|
10 | 11 | "github.com/go-chi/chi/v5" |
11 | 12 | "github.com/stretchr/testify/assert" |
@@ -45,9 +46,29 @@ func TestAuthorizeAllEndpoints(t *testing.T) { |
45 | 46 | IncludeProvisionerD: true, |
46 | 47 | }) |
47 | 48 | admin := coderdtest.CreateFirstUser(t, client) |
48 | | - organization, err := client.Organization(context.Background(), admin.OrganizationID) |
| 49 | + // The provisioner will call to coderd and register itself. This is async, |
| 50 | + // so we wait for it to occur. |
| 51 | + require.Eventually(t, func() bool { |
| 52 | + provisionerds, err := client.ProvisionerDaemons(ctx) |
| 53 | + require.NoError(t, err) |
| 54 | + return len(provisionerds) > 0 |
| 55 | + }, time.Second*10, time.Second) |
| 56 | + |
| 57 | + provisionerds, err := client.ProvisionerDaemons(ctx) |
| 58 | + require.NoError(t, err, "fetch provisioners") |
| 59 | + require.Len(t, provisionerds, 1) |
| 60 | + |
| 61 | + organization, err := client.Organization(ctx, admin.OrganizationID) |
49 | 62 | require.NoError(t, err, "fetch org") |
50 | 63 |
|
| 64 | + organizationParam, err := client.CreateParameter(ctx, codersdk.ParameterOrganization, organization.ID, codersdk.CreateParameterRequest{ |
| 65 | + Name: "test-param", |
| 66 | + SourceValue: "hello world", |
| 67 | + SourceScheme: codersdk.ParameterSourceSchemeData, |
| 68 | + DestinationScheme: codersdk.ParameterDestinationSchemeProvisionerVariable, |
| 69 | + }) |
| 70 | + require.NoError(t, err, "create org param") |
| 71 | + |
51 | 72 | // Setup some data in the database. |
52 | 73 | version := coderdtest.CreateTemplateVersion(t, client, admin.OrganizationID, &echo.Responses{ |
53 | 74 | Parse: echo.ParseComplete, |
@@ -118,18 +139,10 @@ func TestAuthorizeAllEndpoints(t *testing.T) { |
118 | 139 | "GET:/api/v2/workspaceagents/{workspaceagent}/turn": {NoAuthorize: true}, |
119 | 140 |
|
120 | 141 | // TODO: @emyrk these need to be fixed by adding authorize calls |
121 | | - "GET:/api/v2/organizations/{organization}/provisionerdaemons": {NoAuthorize: true}, |
122 | | - "GET:/api/v2/organizations/{organization}/templates/{templatename}": {NoAuthorize: true}, |
123 | | - "POST:/api/v2/organizations/{organization}/templateversions": {NoAuthorize: true}, |
124 | | - "POST:/api/v2/organizations/{organization}/workspaces": {NoAuthorize: true}, |
125 | | - |
126 | | - "POST:/api/v2/parameters/{scope}/{id}": {NoAuthorize: true}, |
127 | | - "GET:/api/v2/parameters/{scope}/{id}": {NoAuthorize: true}, |
128 | | - "DELETE:/api/v2/parameters/{scope}/{id}/{name}": {NoAuthorize: true}, |
129 | | - |
130 | | - "POST:/api/v2/users/{user}/organizations": {NoAuthorize: true}, |
131 | | - |
132 | | - "GET:/api/v2/workspaces/{workspace}/watch": {NoAuthorize: true}, |
| 142 | + "POST:/api/v2/organizations/{organization}/workspaces": {NoAuthorize: true}, |
| 143 | + "POST:/api/v2/users/{user}/organizations": {NoAuthorize: true}, |
| 144 | + "GET:/api/v2/workspaces/{workspace}/watch": {NoAuthorize: true}, |
| 145 | + "POST:/api/v2/organizations/{organization}/templateversions": {NoAuthorize: true}, |
133 | 146 |
|
134 | 147 | // These endpoints have more assertions. This is good, add more endpoints to assert if you can! |
135 | 148 | "GET:/api/v2/organizations/{organization}": {AssertObject: rbac.ResourceOrganization.InOrg(admin.OrganizationID)}, |
@@ -251,6 +264,27 @@ func TestAuthorizeAllEndpoints(t *testing.T) { |
251 | 264 | AssertAction: rbac.ActionRead, |
252 | 265 | AssertObject: rbac.ResourceTemplate.InOrg(template.OrganizationID).WithID(template.ID.String()), |
253 | 266 | }, |
| 267 | + "GET:/api/v2/provisionerdaemons": { |
| 268 | + StatusCode: http.StatusOK, |
| 269 | + AssertObject: rbac.ResourceProvisionerDaemon.WithID(provisionerds[0].ID.String()), |
| 270 | + }, |
| 271 | + |
| 272 | + "POST:/api/v2/parameters/{scope}/{id}": { |
| 273 | + AssertAction: rbac.ActionUpdate, |
| 274 | + AssertObject: rbac.ResourceOrganization.WithID(organization.ID.String()), |
| 275 | + }, |
| 276 | + "GET:/api/v2/parameters/{scope}/{id}": { |
| 277 | + AssertAction: rbac.ActionRead, |
| 278 | + AssertObject: rbac.ResourceOrganization.WithID(organization.ID.String()), |
| 279 | + }, |
| 280 | + "DELETE:/api/v2/parameters/{scope}/{id}/{name}": { |
| 281 | + AssertAction: rbac.ActionUpdate, |
| 282 | + AssertObject: rbac.ResourceOrganization.WithID(organization.ID.String()), |
| 283 | + }, |
| 284 | + "GET:/api/v2/organizations/{organization}/templates/{templatename}": { |
| 285 | + AssertAction: rbac.ActionRead, |
| 286 | + AssertObject: rbac.ResourceTemplate.InOrg(template.OrganizationID).WithID(template.ID.String()), |
| 287 | + }, |
254 | 288 |
|
255 | 289 | // These endpoints need payloads to get to the auth part. Payloads will be required |
256 | 290 | "PUT:/api/v2/users/{user}/roles": {StatusCode: http.StatusBadRequest, NoAuthorize: true}, |
@@ -292,6 +326,10 @@ func TestAuthorizeAllEndpoints(t *testing.T) { |
292 | 326 | route = strings.ReplaceAll(route, "{hash}", file.Hash) |
293 | 327 | route = strings.ReplaceAll(route, "{workspaceresource}", workspaceResources[0].ID.String()) |
294 | 328 | route = strings.ReplaceAll(route, "{templateversion}", version.ID.String()) |
| 329 | + route = strings.ReplaceAll(route, "{templatename}", template.Name) |
| 330 | + // Only checking org scoped params here |
| 331 | + route = strings.ReplaceAll(route, "{scope}", string(organizationParam.Scope)) |
| 332 | + route = strings.ReplaceAll(route, "{id}", organizationParam.ScopeID.String()) |
295 | 333 |
|
296 | 334 | resp, err := client.Request(context.Background(), method, route, nil) |
297 | 335 | require.NoError(t, err, "do req") |
|
0 commit comments