mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
test: add tests for updating workspace acl (#19240)
This commit is contained in:
ケイラ
+105
-4
@@ -2678,8 +2678,7 @@ func TestWorkspaceUpdateAutostart(t *testing.T) {
|
||||
// ensure test invariant: new workspaces have no autostart schedule.
|
||||
require.Empty(t, workspace.AutostartSchedule, "expected newly-minted workspace to have no autostart schedule")
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
ctx := testutil.Context(t, testutil.WaitLong)
|
||||
|
||||
err := client.UpdateWorkspaceAutostart(ctx, workspace.ID, codersdk.UpdateWorkspaceAutostartRequest{
|
||||
Schedule: ptr.Ref("CRON_TZ=Europe/Dublin 30 9 * * 1-5"),
|
||||
@@ -2698,8 +2697,7 @@ func TestWorkspaceUpdateAutostart(t *testing.T) {
|
||||
}
|
||||
)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
ctx := testutil.Context(t, testutil.WaitLong)
|
||||
|
||||
err := client.UpdateWorkspaceAutostart(ctx, wsid, req)
|
||||
require.IsType(t, err, &codersdk.Error{}, "expected codersdk.Error")
|
||||
@@ -4813,3 +4811,106 @@ func TestMultipleAITasksDisallowed(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
require.Contains(t, pj.Error.String, "only one 'coder_ai_task' resource can be provisioned per template")
|
||||
}
|
||||
|
||||
func TestUpdateWorkspaceACL(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
t.Run("OK", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
dv := coderdtest.DeploymentValues(t)
|
||||
dv.Experiments = []string{string(codersdk.ExperimentWorkspaceSharing)}
|
||||
adminClient := coderdtest.New(t, &coderdtest.Options{
|
||||
IncludeProvisionerDaemon: true,
|
||||
DeploymentValues: dv,
|
||||
})
|
||||
adminUser := coderdtest.CreateFirstUser(t, adminClient)
|
||||
orgID := adminUser.OrganizationID
|
||||
client, _ := coderdtest.CreateAnotherUser(t, adminClient, orgID)
|
||||
_, friend := coderdtest.CreateAnotherUser(t, adminClient, orgID)
|
||||
|
||||
tv := coderdtest.CreateTemplateVersion(t, adminClient, orgID, nil)
|
||||
coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, tv.ID)
|
||||
template := coderdtest.CreateTemplate(t, adminClient, orgID, tv.ID)
|
||||
|
||||
ws := coderdtest.CreateWorkspace(t, client, template.ID)
|
||||
coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID)
|
||||
|
||||
ctx := testutil.Context(t, testutil.WaitMedium)
|
||||
err := client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{
|
||||
UserRoles: map[string]codersdk.WorkspaceRole{
|
||||
friend.ID.String(): codersdk.WorkspaceRoleAdmin,
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
})
|
||||
|
||||
t.Run("UnknownUserID", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
dv := coderdtest.DeploymentValues(t)
|
||||
dv.Experiments = []string{string(codersdk.ExperimentWorkspaceSharing)}
|
||||
adminClient := coderdtest.New(t, &coderdtest.Options{
|
||||
IncludeProvisionerDaemon: true,
|
||||
DeploymentValues: dv,
|
||||
})
|
||||
adminUser := coderdtest.CreateFirstUser(t, adminClient)
|
||||
orgID := adminUser.OrganizationID
|
||||
client, _ := coderdtest.CreateAnotherUser(t, adminClient, orgID)
|
||||
|
||||
tv := coderdtest.CreateTemplateVersion(t, adminClient, orgID, nil)
|
||||
coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, tv.ID)
|
||||
template := coderdtest.CreateTemplate(t, adminClient, orgID, tv.ID)
|
||||
|
||||
ws := coderdtest.CreateWorkspace(t, client, template.ID)
|
||||
coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID)
|
||||
|
||||
ctx := testutil.Context(t, testutil.WaitMedium)
|
||||
err := client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{
|
||||
UserRoles: map[string]codersdk.WorkspaceRole{
|
||||
uuid.NewString(): codersdk.WorkspaceRoleAdmin,
|
||||
},
|
||||
})
|
||||
require.Error(t, err)
|
||||
cerr, ok := codersdk.AsError(err)
|
||||
require.True(t, ok)
|
||||
require.Len(t, cerr.Validations, 1)
|
||||
require.Equal(t, cerr.Validations[0].Field, "user_roles")
|
||||
})
|
||||
|
||||
t.Run("DeletedUser", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
dv := coderdtest.DeploymentValues(t)
|
||||
dv.Experiments = []string{string(codersdk.ExperimentWorkspaceSharing)}
|
||||
adminClient := coderdtest.New(t, &coderdtest.Options{
|
||||
IncludeProvisionerDaemon: true,
|
||||
DeploymentValues: dv,
|
||||
})
|
||||
adminUser := coderdtest.CreateFirstUser(t, adminClient)
|
||||
orgID := adminUser.OrganizationID
|
||||
client, _ := coderdtest.CreateAnotherUser(t, adminClient, orgID)
|
||||
_, mike := coderdtest.CreateAnotherUser(t, adminClient, orgID)
|
||||
|
||||
tv := coderdtest.CreateTemplateVersion(t, adminClient, orgID, nil)
|
||||
coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, tv.ID)
|
||||
template := coderdtest.CreateTemplate(t, adminClient, orgID, tv.ID)
|
||||
|
||||
ws := coderdtest.CreateWorkspace(t, client, template.ID)
|
||||
coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID)
|
||||
|
||||
ctx := testutil.Context(t, testutil.WaitMedium)
|
||||
err := adminClient.DeleteUser(ctx, mike.ID)
|
||||
require.NoError(t, err)
|
||||
err = client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{
|
||||
UserRoles: map[string]codersdk.WorkspaceRole{
|
||||
mike.ID.String(): codersdk.WorkspaceRoleAdmin,
|
||||
},
|
||||
})
|
||||
require.Error(t, err)
|
||||
cerr, ok := codersdk.AsError(err)
|
||||
require.True(t, ok)
|
||||
require.Len(t, cerr.Validations, 1)
|
||||
require.Equal(t, cerr.Validations[0].Field, "user_roles")
|
||||
})
|
||||
}
|
||||
|
||||
@@ -70,8 +70,7 @@ func TestTemplates(t *testing.T) {
|
||||
|
||||
_ = coderdtest.CreateWorkspace(t, otherClient, secondTemplate.ID)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
ctx := testutil.Context(t, testutil.WaitLong)
|
||||
|
||||
updated, err := client.UpdateTemplateMeta(ctx, template.ID, codersdk.UpdateTemplateMeta{
|
||||
DeprecationMessage: ptr.Ref("Stop using this template"),
|
||||
@@ -185,8 +184,7 @@ func TestTemplates(t *testing.T) {
|
||||
ws, err := client.Workspace(context.Background(), ws.ID)
|
||||
require.NoError(t, err)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
ctx := testutil.Context(t, testutil.WaitLong)
|
||||
|
||||
// OK
|
||||
var level codersdk.WorkspaceAgentPortShareLevel = codersdk.WorkspaceAgentPortShareLevelPublic
|
||||
@@ -704,8 +702,7 @@ func TestTemplates(t *testing.T) {
|
||||
coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID)
|
||||
require.True(t, template.RequireActiveVersion)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
ctx := testutil.Context(t, testutil.WaitLong)
|
||||
|
||||
// Update the field and assert it persists.
|
||||
updatedTemplate, err := anotherClient.UpdateTemplateMeta(ctx, template.ID, codersdk.UpdateTemplateMeta{
|
||||
@@ -761,9 +758,6 @@ func TestTemplates(t *testing.T) {
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
|
||||
_, err = owner.Template(ctx, template.ID)
|
||||
require.NoError(t, err)
|
||||
})
|
||||
@@ -932,8 +926,7 @@ func TestTemplateACL(t *testing.T) {
|
||||
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
|
||||
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
ctx := testutil.Context(t, testutil.WaitLong)
|
||||
|
||||
acl, err := anotherClient.TemplateACL(ctx, template.ID)
|
||||
require.NoError(t, err)
|
||||
@@ -955,8 +948,7 @@ func TestTemplateACL(t *testing.T) {
|
||||
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
|
||||
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
ctx := testutil.Context(t, testutil.WaitLong)
|
||||
|
||||
//nolint:gocritic // non-template-admin cannot update template acl
|
||||
acl, err := client.TemplateACL(ctx, template.ID)
|
||||
@@ -1004,8 +996,7 @@ func TestTemplateACL(t *testing.T) {
|
||||
version := coderdtest.CreateTemplateVersion(t, client, admin.OrganizationID, nil)
|
||||
template := coderdtest.CreateTemplate(t, client, admin.OrganizationID, version.ID)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
ctx := testutil.Context(t, testutil.WaitLong)
|
||||
|
||||
//nolint:gocritic // non-template-admin cannot get template acl
|
||||
acl, err := client.TemplateACL(ctx, template.ID)
|
||||
@@ -1267,8 +1258,7 @@ func TestUpdateTemplateACL(t *testing.T) {
|
||||
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
|
||||
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
ctx := testutil.Context(t, testutil.WaitLong)
|
||||
|
||||
err := anotherClient.UpdateTemplateACL(ctx, template.ID, codersdk.UpdateTemplateACL{
|
||||
UserPerms: map[string]codersdk.TemplateRole{
|
||||
@@ -1359,8 +1349,7 @@ func TestUpdateTemplateACL(t *testing.T) {
|
||||
},
|
||||
}
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
ctx := testutil.Context(t, testutil.WaitLong)
|
||||
|
||||
err := anotherClient.UpdateTemplateACL(ctx, template.ID, req)
|
||||
require.NoError(t, err)
|
||||
@@ -1679,8 +1668,7 @@ func TestUpdateTemplateACL(t *testing.T) {
|
||||
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
|
||||
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
ctx := testutil.Context(t, testutil.WaitLong)
|
||||
|
||||
acl, err := anotherClient.TemplateACL(ctx, template.ID)
|
||||
require.NoError(t, err)
|
||||
@@ -1769,8 +1757,7 @@ func TestUpdateTemplateACL(t *testing.T) {
|
||||
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
|
||||
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
ctx := testutil.Context(t, testutil.WaitLong)
|
||||
|
||||
acl, err := anotherClient.TemplateACL(ctx, template.ID)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -3523,3 +3523,84 @@ func must[T any](value T, err error) T {
|
||||
}
|
||||
return value
|
||||
}
|
||||
|
||||
func TestUpdateWorkspaceACL(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
t.Run("OKWithGroup", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
dv := coderdtest.DeploymentValues(t)
|
||||
dv.Experiments = []string{string(codersdk.ExperimentWorkspaceSharing)}
|
||||
adminClient, adminUser := coderdenttest.New(t, &coderdenttest.Options{
|
||||
Options: &coderdtest.Options{
|
||||
IncludeProvisionerDaemon: true,
|
||||
DeploymentValues: dv,
|
||||
},
|
||||
LicenseOptions: &coderdenttest.LicenseOptions{
|
||||
Features: license.Features{
|
||||
codersdk.FeatureTemplateRBAC: 1,
|
||||
},
|
||||
},
|
||||
})
|
||||
orgID := adminUser.OrganizationID
|
||||
client, _ := coderdtest.CreateAnotherUser(t, adminClient, orgID)
|
||||
_, friend := coderdtest.CreateAnotherUser(t, adminClient, orgID)
|
||||
group := coderdtest.CreateGroup(t, adminClient, orgID, "bloob")
|
||||
|
||||
tv := coderdtest.CreateTemplateVersion(t, adminClient, orgID, nil)
|
||||
coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, tv.ID)
|
||||
template := coderdtest.CreateTemplate(t, adminClient, orgID, tv.ID)
|
||||
|
||||
ws := coderdtest.CreateWorkspace(t, client, template.ID)
|
||||
coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID)
|
||||
|
||||
ctx := testutil.Context(t, testutil.WaitMedium)
|
||||
err := client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{
|
||||
UserRoles: map[string]codersdk.WorkspaceRole{
|
||||
friend.ID.String(): codersdk.WorkspaceRoleAdmin,
|
||||
},
|
||||
GroupRoles: map[string]codersdk.WorkspaceRole{
|
||||
group.ID.String(): codersdk.WorkspaceRoleAdmin,
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
})
|
||||
|
||||
t.Run("UnknownIDs", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
dv := coderdtest.DeploymentValues(t)
|
||||
dv.Experiments = []string{string(codersdk.ExperimentWorkspaceSharing)}
|
||||
adminClient := coderdtest.New(t, &coderdtest.Options{
|
||||
IncludeProvisionerDaemon: true,
|
||||
DeploymentValues: dv,
|
||||
})
|
||||
adminUser := coderdtest.CreateFirstUser(t, adminClient)
|
||||
orgID := adminUser.OrganizationID
|
||||
client, _ := coderdtest.CreateAnotherUser(t, adminClient, orgID)
|
||||
|
||||
tv := coderdtest.CreateTemplateVersion(t, adminClient, orgID, nil)
|
||||
coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, tv.ID)
|
||||
template := coderdtest.CreateTemplate(t, adminClient, orgID, tv.ID)
|
||||
|
||||
ws := coderdtest.CreateWorkspace(t, client, template.ID)
|
||||
coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID)
|
||||
|
||||
ctx := testutil.Context(t, testutil.WaitMedium)
|
||||
err := client.UpdateWorkspaceACL(ctx, ws.ID, codersdk.UpdateWorkspaceACL{
|
||||
UserRoles: map[string]codersdk.WorkspaceRole{
|
||||
uuid.NewString(): codersdk.WorkspaceRoleAdmin,
|
||||
},
|
||||
GroupRoles: map[string]codersdk.WorkspaceRole{
|
||||
uuid.NewString(): codersdk.WorkspaceRoleAdmin,
|
||||
},
|
||||
})
|
||||
require.Error(t, err)
|
||||
cerr, ok := codersdk.AsError(err)
|
||||
require.True(t, ok)
|
||||
require.Len(t, cerr.Validations, 2)
|
||||
require.Equal(t, cerr.Validations[0].Field, "group_roles")
|
||||
require.Equal(t, cerr.Validations[1].Field, "user_roles")
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user