mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
chore(coderd/database/dbauthz): migrate File, Group, APIKey, AuditLogs, and ConnectionLogs tests to mocked db (#19299)
Related to https://github.com/coder/internal/issues/869 --------- Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: Steven Masley <stevenmasley@gmail.com>
This commit is contained in:
Hugo Dutka
@@ -218,25 +218,16 @@ func (s *MethodTestSuite) TestAPIKey() {
|
|||||||
dbm.EXPECT().GetAPIKeyByID(gomock.Any(), key.ID).Return(key, nil).AnyTimes()
|
dbm.EXPECT().GetAPIKeyByID(gomock.Any(), key.ID).Return(key, nil).AnyTimes()
|
||||||
check.Args(key.ID).Asserts(key, policy.ActionRead).Returns(key)
|
check.Args(key.ID).Asserts(key, policy.ActionRead).Returns(key)
|
||||||
}))
|
}))
|
||||||
s.Run("GetAPIKeyByName", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("GetAPIKeyByName", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
key := testutil.Fake(s.T(), faker, database.APIKey{LoginType: database.LoginTypeToken, TokenName: "marge-cat"})
|
||||||
key, _ := dbgen.APIKey(s.T(), db, database.APIKey{
|
dbm.EXPECT().GetAPIKeyByName(gomock.Any(), database.GetAPIKeyByNameParams{TokenName: key.TokenName, UserID: key.UserID}).Return(key, nil).AnyTimes()
|
||||||
TokenName: "marge-cat",
|
check.Args(database.GetAPIKeyByNameParams{TokenName: key.TokenName, UserID: key.UserID}).Asserts(key, policy.ActionRead).Returns(key)
|
||||||
LoginType: database.LoginTypeToken,
|
|
||||||
})
|
|
||||||
check.Args(database.GetAPIKeyByNameParams{
|
|
||||||
TokenName: key.TokenName,
|
|
||||||
UserID: key.UserID,
|
|
||||||
}).Asserts(key, policy.ActionRead).Returns(key)
|
|
||||||
}))
|
}))
|
||||||
s.Run("GetAPIKeysByLoginType", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("GetAPIKeysByLoginType", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
a := testutil.Fake(s.T(), faker, database.APIKey{LoginType: database.LoginTypePassword})
|
||||||
a, _ := dbgen.APIKey(s.T(), db, database.APIKey{LoginType: database.LoginTypePassword})
|
b := testutil.Fake(s.T(), faker, database.APIKey{LoginType: database.LoginTypePassword})
|
||||||
b, _ := dbgen.APIKey(s.T(), db, database.APIKey{LoginType: database.LoginTypePassword})
|
dbm.EXPECT().GetAPIKeysByLoginType(gomock.Any(), database.LoginTypePassword).Return([]database.APIKey{a, b}, nil).AnyTimes()
|
||||||
_, _ = dbgen.APIKey(s.T(), db, database.APIKey{LoginType: database.LoginTypeGithub})
|
check.Args(database.LoginTypePassword).Asserts(a, policy.ActionRead, b, policy.ActionRead).Returns(slice.New(a, b))
|
||||||
check.Args(database.LoginTypePassword).
|
|
||||||
Asserts(a, policy.ActionRead, b, policy.ActionRead).
|
|
||||||
Returns(slice.New(a, b))
|
|
||||||
}))
|
}))
|
||||||
s.Run("GetAPIKeysByUserID", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
s.Run("GetAPIKeysByUserID", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
u1 := testutil.Fake(s.T(), faker, database.User{})
|
u1 := testutil.Fake(s.T(), faker, database.User{})
|
||||||
@@ -248,228 +239,139 @@ func (s *MethodTestSuite) TestAPIKey() {
|
|||||||
Asserts(keyA, policy.ActionRead, keyB, policy.ActionRead).
|
Asserts(keyA, policy.ActionRead, keyB, policy.ActionRead).
|
||||||
Returns(slice.New(keyA, keyB))
|
Returns(slice.New(keyA, keyB))
|
||||||
}))
|
}))
|
||||||
s.Run("GetAPIKeysLastUsedAfter", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("GetAPIKeysLastUsedAfter", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
now := time.Now()
|
||||||
a, _ := dbgen.APIKey(s.T(), db, database.APIKey{LastUsed: time.Now().Add(time.Hour)})
|
a := database.APIKey{LastUsed: now.Add(time.Hour)}
|
||||||
b, _ := dbgen.APIKey(s.T(), db, database.APIKey{LastUsed: time.Now().Add(time.Hour)})
|
b := database.APIKey{LastUsed: now.Add(time.Hour)}
|
||||||
_, _ = dbgen.APIKey(s.T(), db, database.APIKey{LastUsed: time.Now().Add(-time.Hour)})
|
dbm.EXPECT().GetAPIKeysLastUsedAfter(gomock.Any(), gomock.Any()).Return([]database.APIKey{a, b}, nil).AnyTimes()
|
||||||
check.Args(time.Now()).
|
check.Args(now).Asserts(a, policy.ActionRead, b, policy.ActionRead).Returns(slice.New(a, b))
|
||||||
Asserts(a, policy.ActionRead, b, policy.ActionRead).
|
|
||||||
Returns(slice.New(a, b))
|
|
||||||
}))
|
}))
|
||||||
s.Run("InsertAPIKey", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("InsertAPIKey", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
u := dbgen.User(s.T(), db, database.User{})
|
u := testutil.Fake(s.T(), faker, database.User{})
|
||||||
|
arg := database.InsertAPIKeyParams{UserID: u.ID, LoginType: database.LoginTypePassword, Scope: database.APIKeyScopeAll, IPAddress: defaultIPAddress()}
|
||||||
check.Args(database.InsertAPIKeyParams{
|
ret := testutil.Fake(s.T(), faker, database.APIKey{UserID: u.ID, LoginType: database.LoginTypePassword})
|
||||||
UserID: u.ID,
|
dbm.EXPECT().InsertAPIKey(gomock.Any(), arg).Return(ret, nil).AnyTimes()
|
||||||
LoginType: database.LoginTypePassword,
|
check.Args(arg).Asserts(rbac.ResourceApiKey.WithOwner(u.ID.String()), policy.ActionCreate)
|
||||||
Scope: database.APIKeyScopeAll,
|
|
||||||
IPAddress: defaultIPAddress(),
|
|
||||||
}).Asserts(rbac.ResourceApiKey.WithOwner(u.ID.String()), policy.ActionCreate)
|
|
||||||
}))
|
}))
|
||||||
s.Run("UpdateAPIKeyByID", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("UpdateAPIKeyByID", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
u := dbgen.User(s.T(), db, database.User{})
|
u := testutil.Fake(s.T(), faker, database.User{})
|
||||||
a, _ := dbgen.APIKey(s.T(), db, database.APIKey{UserID: u.ID, IPAddress: defaultIPAddress()})
|
a := testutil.Fake(s.T(), faker, database.APIKey{UserID: u.ID, IPAddress: defaultIPAddress()})
|
||||||
check.Args(database.UpdateAPIKeyByIDParams{
|
arg := database.UpdateAPIKeyByIDParams{ID: a.ID, IPAddress: defaultIPAddress(), LastUsed: time.Now(), ExpiresAt: time.Now().Add(time.Hour)}
|
||||||
ID: a.ID,
|
dbm.EXPECT().GetAPIKeyByID(gomock.Any(), a.ID).Return(a, nil).AnyTimes()
|
||||||
IPAddress: defaultIPAddress(),
|
dbm.EXPECT().UpdateAPIKeyByID(gomock.Any(), arg).Return(nil).AnyTimes()
|
||||||
LastUsed: time.Now(),
|
check.Args(arg).Asserts(a, policy.ActionUpdate).Returns()
|
||||||
ExpiresAt: time.Now().Add(time.Hour),
|
|
||||||
}).Asserts(a, policy.ActionUpdate).Returns()
|
|
||||||
}))
|
}))
|
||||||
s.Run("DeleteApplicationConnectAPIKeysByUserID", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("DeleteApplicationConnectAPIKeysByUserID", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
a := testutil.Fake(s.T(), faker, database.APIKey{Scope: database.APIKeyScopeApplicationConnect})
|
||||||
a, _ := dbgen.APIKey(s.T(), db, database.APIKey{
|
dbm.EXPECT().DeleteApplicationConnectAPIKeysByUserID(gomock.Any(), a.UserID).Return(nil).AnyTimes()
|
||||||
Scope: database.APIKeyScopeApplicationConnect,
|
|
||||||
})
|
|
||||||
check.Args(a.UserID).Asserts(rbac.ResourceApiKey.WithOwner(a.UserID.String()), policy.ActionDelete).Returns()
|
check.Args(a.UserID).Asserts(rbac.ResourceApiKey.WithOwner(a.UserID.String()), policy.ActionDelete).Returns()
|
||||||
}))
|
}))
|
||||||
s.Run("DeleteExternalAuthLink", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("DeleteExternalAuthLink", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
a := dbgen.ExternalAuthLink(s.T(), db, database.ExternalAuthLink{})
|
a := testutil.Fake(s.T(), faker, database.ExternalAuthLink{})
|
||||||
check.Args(database.DeleteExternalAuthLinkParams{
|
dbm.EXPECT().GetExternalAuthLink(gomock.Any(), database.GetExternalAuthLinkParams{ProviderID: a.ProviderID, UserID: a.UserID}).Return(a, nil).AnyTimes()
|
||||||
ProviderID: a.ProviderID,
|
dbm.EXPECT().DeleteExternalAuthLink(gomock.Any(), database.DeleteExternalAuthLinkParams{ProviderID: a.ProviderID, UserID: a.UserID}).Return(nil).AnyTimes()
|
||||||
UserID: a.UserID,
|
check.Args(database.DeleteExternalAuthLinkParams{ProviderID: a.ProviderID, UserID: a.UserID}).Asserts(a, policy.ActionUpdatePersonal).Returns()
|
||||||
}).Asserts(rbac.ResourceUserObject(a.UserID), policy.ActionUpdatePersonal).Returns()
|
|
||||||
}))
|
}))
|
||||||
s.Run("GetExternalAuthLinksByUserID", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("GetExternalAuthLinksByUserID", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
a := dbgen.ExternalAuthLink(s.T(), db, database.ExternalAuthLink{})
|
a := testutil.Fake(s.T(), faker, database.ExternalAuthLink{})
|
||||||
b := dbgen.ExternalAuthLink(s.T(), db, database.ExternalAuthLink{
|
b := testutil.Fake(s.T(), faker, database.ExternalAuthLink{UserID: a.UserID})
|
||||||
UserID: a.UserID,
|
dbm.EXPECT().GetExternalAuthLinksByUserID(gomock.Any(), a.UserID).Return([]database.ExternalAuthLink{a, b}, nil).AnyTimes()
|
||||||
})
|
check.Args(a.UserID).Asserts(a, policy.ActionReadPersonal, b, policy.ActionReadPersonal)
|
||||||
check.Args(a.UserID).Asserts(
|
|
||||||
rbac.ResourceUserObject(a.UserID), policy.ActionReadPersonal,
|
|
||||||
rbac.ResourceUserObject(b.UserID), policy.ActionReadPersonal)
|
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *MethodTestSuite) TestAuditLogs() {
|
func (s *MethodTestSuite) TestAuditLogs() {
|
||||||
s.Run("InsertAuditLog", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("InsertAuditLog", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
check.Args(database.InsertAuditLogParams{
|
arg := database.InsertAuditLogParams{ResourceType: database.ResourceTypeOrganization, Action: database.AuditActionCreate, Diff: json.RawMessage("{}"), AdditionalFields: json.RawMessage("{}")}
|
||||||
ResourceType: database.ResourceTypeOrganization,
|
dbm.EXPECT().InsertAuditLog(gomock.Any(), arg).Return(database.AuditLog{}, nil).AnyTimes()
|
||||||
Action: database.AuditActionCreate,
|
check.Args(arg).Asserts(rbac.ResourceAuditLog, policy.ActionCreate)
|
||||||
Diff: json.RawMessage("{}"),
|
|
||||||
AdditionalFields: json.RawMessage("{}"),
|
|
||||||
}).Asserts(rbac.ResourceAuditLog, policy.ActionCreate)
|
|
||||||
}))
|
}))
|
||||||
s.Run("GetAuditLogsOffset", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("GetAuditLogsOffset", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
_ = dbgen.AuditLog(s.T(), db, database.AuditLog{})
|
arg := database.GetAuditLogsOffsetParams{LimitOpt: 10}
|
||||||
_ = dbgen.AuditLog(s.T(), db, database.AuditLog{})
|
dbm.EXPECT().GetAuditLogsOffset(gomock.Any(), arg).Return([]database.GetAuditLogsOffsetRow{}, nil).AnyTimes()
|
||||||
check.Args(database.GetAuditLogsOffsetParams{
|
dbm.EXPECT().GetAuthorizedAuditLogsOffset(gomock.Any(), arg, gomock.Any()).Return([]database.GetAuditLogsOffsetRow{}, nil).AnyTimes()
|
||||||
LimitOpt: 10,
|
check.Args(arg).Asserts(rbac.ResourceAuditLog, policy.ActionRead).WithNotAuthorized("nil")
|
||||||
}).Asserts(rbac.ResourceAuditLog, policy.ActionRead).WithNotAuthorized("nil")
|
|
||||||
}))
|
}))
|
||||||
s.Run("GetAuthorizedAuditLogsOffset", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("GetAuthorizedAuditLogsOffset", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
arg := database.GetAuditLogsOffsetParams{LimitOpt: 10}
|
||||||
_ = dbgen.AuditLog(s.T(), db, database.AuditLog{})
|
dbm.EXPECT().GetAuthorizedAuditLogsOffset(gomock.Any(), arg, gomock.Any()).Return([]database.GetAuditLogsOffsetRow{}, nil).AnyTimes()
|
||||||
_ = dbgen.AuditLog(s.T(), db, database.AuditLog{})
|
dbm.EXPECT().GetAuditLogsOffset(gomock.Any(), arg).Return([]database.GetAuditLogsOffsetRow{}, nil).AnyTimes()
|
||||||
check.Args(database.GetAuditLogsOffsetParams{
|
check.Args(arg, emptyPreparedAuthorized{}).Asserts(rbac.ResourceAuditLog, policy.ActionRead)
|
||||||
LimitOpt: 10,
|
|
||||||
}, emptyPreparedAuthorized{}).Asserts(rbac.ResourceAuditLog, policy.ActionRead)
|
|
||||||
}))
|
}))
|
||||||
s.Run("CountAuditLogs", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("CountAuditLogs", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
_ = dbgen.AuditLog(s.T(), db, database.AuditLog{})
|
dbm.EXPECT().CountAuditLogs(gomock.Any(), database.CountAuditLogsParams{}).Return(int64(0), nil).AnyTimes()
|
||||||
_ = dbgen.AuditLog(s.T(), db, database.AuditLog{})
|
dbm.EXPECT().CountAuthorizedAuditLogs(gomock.Any(), database.CountAuditLogsParams{}, gomock.Any()).Return(int64(0), nil).AnyTimes()
|
||||||
check.Args(database.CountAuditLogsParams{}).Asserts(rbac.ResourceAuditLog, policy.ActionRead).WithNotAuthorized("nil")
|
check.Args(database.CountAuditLogsParams{}).Asserts(rbac.ResourceAuditLog, policy.ActionRead).WithNotAuthorized("nil")
|
||||||
}))
|
}))
|
||||||
s.Run("CountAuthorizedAuditLogs", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("CountAuthorizedAuditLogs", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
_ = dbgen.AuditLog(s.T(), db, database.AuditLog{})
|
dbm.EXPECT().CountAuthorizedAuditLogs(gomock.Any(), database.CountAuditLogsParams{}, gomock.Any()).Return(int64(0), nil).AnyTimes()
|
||||||
_ = dbgen.AuditLog(s.T(), db, database.AuditLog{})
|
dbm.EXPECT().CountAuditLogs(gomock.Any(), database.CountAuditLogsParams{}).Return(int64(0), nil).AnyTimes()
|
||||||
check.Args(database.CountAuditLogsParams{}, emptyPreparedAuthorized{}).Asserts(rbac.ResourceAuditLog, policy.ActionRead)
|
check.Args(database.CountAuditLogsParams{}, emptyPreparedAuthorized{}).Asserts(rbac.ResourceAuditLog, policy.ActionRead)
|
||||||
}))
|
}))
|
||||||
s.Run("DeleteOldAuditLogConnectionEvents", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("DeleteOldAuditLogConnectionEvents", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
_ = dbgen.AuditLog(s.T(), db, database.AuditLog{})
|
dbm.EXPECT().DeleteOldAuditLogConnectionEvents(gomock.Any(), database.DeleteOldAuditLogConnectionEventsParams{}).Return(nil).AnyTimes()
|
||||||
check.Args(database.DeleteOldAuditLogConnectionEventsParams{}).Asserts(rbac.ResourceSystem, policy.ActionDelete)
|
check.Args(database.DeleteOldAuditLogConnectionEventsParams{}).Asserts(rbac.ResourceSystem, policy.ActionDelete)
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *MethodTestSuite) TestConnectionLogs() {
|
func (s *MethodTestSuite) TestConnectionLogs() {
|
||||||
createWorkspace := func(t *testing.T, db database.Store) database.WorkspaceTable {
|
s.Run("UpsertConnectionLog", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
u := dbgen.User(s.T(), db, database.User{})
|
ws := testutil.Fake(s.T(), faker, database.WorkspaceTable{})
|
||||||
o := dbgen.Organization(s.T(), db, database.Organization{})
|
arg := database.UpsertConnectionLogParams{Ip: defaultIPAddress(), Type: database.ConnectionTypeSsh, WorkspaceID: ws.ID, OrganizationID: ws.OrganizationID, ConnectionStatus: database.ConnectionStatusConnected, WorkspaceOwnerID: ws.OwnerID}
|
||||||
tpl := dbgen.Template(s.T(), db, database.Template{
|
dbm.EXPECT().UpsertConnectionLog(gomock.Any(), arg).Return(database.ConnectionLog{}, nil).AnyTimes()
|
||||||
OrganizationID: o.ID,
|
check.Args(arg).Asserts(rbac.ResourceConnectionLog, policy.ActionUpdate)
|
||||||
CreatedBy: u.ID,
|
|
||||||
})
|
|
||||||
return dbgen.Workspace(s.T(), db, database.WorkspaceTable{
|
|
||||||
ID: uuid.New(),
|
|
||||||
OwnerID: u.ID,
|
|
||||||
OrganizationID: o.ID,
|
|
||||||
AutomaticUpdates: database.AutomaticUpdatesNever,
|
|
||||||
TemplateID: tpl.ID,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
s.Run("UpsertConnectionLog", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
ws := createWorkspace(s.T(), db)
|
|
||||||
check.Args(database.UpsertConnectionLogParams{
|
|
||||||
Ip: defaultIPAddress(),
|
|
||||||
Type: database.ConnectionTypeSsh,
|
|
||||||
WorkspaceID: ws.ID,
|
|
||||||
OrganizationID: ws.OrganizationID,
|
|
||||||
ConnectionStatus: database.ConnectionStatusConnected,
|
|
||||||
WorkspaceOwnerID: ws.OwnerID,
|
|
||||||
}).Asserts(rbac.ResourceConnectionLog, policy.ActionUpdate)
|
|
||||||
}))
|
}))
|
||||||
s.Run("GetConnectionLogsOffset", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("GetConnectionLogsOffset", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
ws := createWorkspace(s.T(), db)
|
arg := database.GetConnectionLogsOffsetParams{LimitOpt: 10}
|
||||||
_ = dbgen.ConnectionLog(s.T(), db, database.UpsertConnectionLogParams{
|
dbm.EXPECT().GetConnectionLogsOffset(gomock.Any(), arg).Return([]database.GetConnectionLogsOffsetRow{}, nil).AnyTimes()
|
||||||
Ip: defaultIPAddress(),
|
dbm.EXPECT().GetAuthorizedConnectionLogsOffset(gomock.Any(), arg, gomock.Any()).Return([]database.GetConnectionLogsOffsetRow{}, nil).AnyTimes()
|
||||||
Type: database.ConnectionTypeSsh,
|
check.Args(arg).Asserts(rbac.ResourceConnectionLog, policy.ActionRead).WithNotAuthorized("nil")
|
||||||
WorkspaceID: ws.ID,
|
|
||||||
OrganizationID: ws.OrganizationID,
|
|
||||||
WorkspaceOwnerID: ws.OwnerID,
|
|
||||||
})
|
|
||||||
_ = dbgen.ConnectionLog(s.T(), db, database.UpsertConnectionLogParams{
|
|
||||||
Ip: defaultIPAddress(),
|
|
||||||
Type: database.ConnectionTypeSsh,
|
|
||||||
WorkspaceID: ws.ID,
|
|
||||||
OrganizationID: ws.OrganizationID,
|
|
||||||
WorkspaceOwnerID: ws.OwnerID,
|
|
||||||
})
|
|
||||||
check.Args(database.GetConnectionLogsOffsetParams{
|
|
||||||
LimitOpt: 10,
|
|
||||||
}).Asserts(rbac.ResourceConnectionLog, policy.ActionRead).WithNotAuthorized("nil")
|
|
||||||
}))
|
}))
|
||||||
s.Run("GetAuthorizedConnectionLogsOffset", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("GetAuthorizedConnectionLogsOffset", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
ws := createWorkspace(s.T(), db)
|
arg := database.GetConnectionLogsOffsetParams{LimitOpt: 10}
|
||||||
_ = dbgen.ConnectionLog(s.T(), db, database.UpsertConnectionLogParams{
|
dbm.EXPECT().GetAuthorizedConnectionLogsOffset(gomock.Any(), arg, gomock.Any()).Return([]database.GetConnectionLogsOffsetRow{}, nil).AnyTimes()
|
||||||
Ip: defaultIPAddress(),
|
dbm.EXPECT().GetConnectionLogsOffset(gomock.Any(), arg).Return([]database.GetConnectionLogsOffsetRow{}, nil).AnyTimes()
|
||||||
Type: database.ConnectionTypeSsh,
|
check.Args(arg, emptyPreparedAuthorized{}).Asserts(rbac.ResourceConnectionLog, policy.ActionRead)
|
||||||
WorkspaceID: ws.ID,
|
|
||||||
OrganizationID: ws.OrganizationID,
|
|
||||||
WorkspaceOwnerID: ws.OwnerID,
|
|
||||||
})
|
|
||||||
_ = dbgen.ConnectionLog(s.T(), db, database.UpsertConnectionLogParams{
|
|
||||||
Ip: defaultIPAddress(),
|
|
||||||
Type: database.ConnectionTypeSsh,
|
|
||||||
WorkspaceID: ws.ID,
|
|
||||||
OrganizationID: ws.OrganizationID,
|
|
||||||
WorkspaceOwnerID: ws.OwnerID,
|
|
||||||
})
|
|
||||||
check.Args(database.GetConnectionLogsOffsetParams{
|
|
||||||
LimitOpt: 10,
|
|
||||||
}, emptyPreparedAuthorized{}).Asserts(rbac.ResourceConnectionLog, policy.ActionRead)
|
|
||||||
}))
|
}))
|
||||||
s.Run("CountConnectionLogs", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("CountConnectionLogs", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
ws := createWorkspace(s.T(), db)
|
dbm.EXPECT().CountConnectionLogs(gomock.Any(), database.CountConnectionLogsParams{}).Return(int64(0), nil).AnyTimes()
|
||||||
_ = dbgen.ConnectionLog(s.T(), db, database.UpsertConnectionLogParams{
|
dbm.EXPECT().CountAuthorizedConnectionLogs(gomock.Any(), database.CountConnectionLogsParams{}, gomock.Any()).Return(int64(0), nil).AnyTimes()
|
||||||
Type: database.ConnectionTypeSsh,
|
check.Args(database.CountConnectionLogsParams{}).Asserts(rbac.ResourceConnectionLog, policy.ActionRead).WithNotAuthorized("nil")
|
||||||
WorkspaceID: ws.ID,
|
|
||||||
OrganizationID: ws.OrganizationID,
|
|
||||||
WorkspaceOwnerID: ws.OwnerID,
|
|
||||||
})
|
|
||||||
_ = dbgen.ConnectionLog(s.T(), db, database.UpsertConnectionLogParams{
|
|
||||||
Type: database.ConnectionTypeSsh,
|
|
||||||
WorkspaceID: ws.ID,
|
|
||||||
OrganizationID: ws.OrganizationID,
|
|
||||||
WorkspaceOwnerID: ws.OwnerID,
|
|
||||||
})
|
|
||||||
check.Args(database.CountConnectionLogsParams{}).Asserts(
|
|
||||||
rbac.ResourceConnectionLog, policy.ActionRead,
|
|
||||||
).WithNotAuthorized("nil")
|
|
||||||
}))
|
}))
|
||||||
s.Run("CountAuthorizedConnectionLogs", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("CountAuthorizedConnectionLogs", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
ws := createWorkspace(s.T(), db)
|
dbm.EXPECT().CountAuthorizedConnectionLogs(gomock.Any(), database.CountConnectionLogsParams{}, gomock.Any()).Return(int64(0), nil).AnyTimes()
|
||||||
_ = dbgen.ConnectionLog(s.T(), db, database.UpsertConnectionLogParams{
|
dbm.EXPECT().CountConnectionLogs(gomock.Any(), database.CountConnectionLogsParams{}).Return(int64(0), nil).AnyTimes()
|
||||||
Type: database.ConnectionTypeSsh,
|
check.Args(database.CountConnectionLogsParams{}, emptyPreparedAuthorized{}).Asserts(rbac.ResourceConnectionLog, policy.ActionRead)
|
||||||
WorkspaceID: ws.ID,
|
|
||||||
OrganizationID: ws.OrganizationID,
|
|
||||||
WorkspaceOwnerID: ws.OwnerID,
|
|
||||||
})
|
|
||||||
_ = dbgen.ConnectionLog(s.T(), db, database.UpsertConnectionLogParams{
|
|
||||||
Type: database.ConnectionTypeSsh,
|
|
||||||
WorkspaceID: ws.ID,
|
|
||||||
OrganizationID: ws.OrganizationID,
|
|
||||||
WorkspaceOwnerID: ws.OwnerID,
|
|
||||||
})
|
|
||||||
check.Args(database.CountConnectionLogsParams{}, emptyPreparedAuthorized{}).Asserts(
|
|
||||||
rbac.ResourceConnectionLog, policy.ActionRead,
|
|
||||||
)
|
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *MethodTestSuite) TestFile() {
|
func (s *MethodTestSuite) TestFile() {
|
||||||
s.Run("GetFileByHashAndCreator", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("GetFileByHashAndCreator", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
f := dbgen.File(s.T(), db, database.File{})
|
f := testutil.Fake(s.T(), faker, database.File{})
|
||||||
|
dbm.EXPECT().GetFileByHashAndCreator(gomock.Any(), gomock.Any()).Return(f, nil).AnyTimes()
|
||||||
|
// dbauthz may attempt to check template access on NotAuthorized; ensure mock handles it.
|
||||||
|
dbm.EXPECT().GetFileTemplates(gomock.Any(), f.ID).Return([]database.GetFileTemplatesRow{}, nil).AnyTimes()
|
||||||
check.Args(database.GetFileByHashAndCreatorParams{
|
check.Args(database.GetFileByHashAndCreatorParams{
|
||||||
Hash: f.Hash,
|
Hash: f.Hash,
|
||||||
CreatedBy: f.CreatedBy,
|
CreatedBy: f.CreatedBy,
|
||||||
}).Asserts(f, policy.ActionRead).Returns(f)
|
}).Asserts(f, policy.ActionRead).Returns(f)
|
||||||
}))
|
}))
|
||||||
s.Run("GetFileByID", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("GetFileByID", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
f := dbgen.File(s.T(), db, database.File{})
|
f := testutil.Fake(s.T(), faker, database.File{})
|
||||||
|
dbm.EXPECT().GetFileByID(gomock.Any(), f.ID).Return(f, nil).AnyTimes()
|
||||||
|
dbm.EXPECT().GetFileTemplates(gomock.Any(), f.ID).Return([]database.GetFileTemplatesRow{}, nil).AnyTimes()
|
||||||
check.Args(f.ID).Asserts(f, policy.ActionRead).Returns(f)
|
check.Args(f.ID).Asserts(f, policy.ActionRead).Returns(f)
|
||||||
}))
|
}))
|
||||||
s.Run("GetFileIDByTemplateVersionID", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("GetFileIDByTemplateVersionID", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
o := dbgen.Organization(s.T(), db, database.Organization{})
|
tvID := uuid.New()
|
||||||
u := dbgen.User(s.T(), db, database.User{})
|
fileID := uuid.New()
|
||||||
_ = dbgen.OrganizationMember(s.T(), db, database.OrganizationMember{OrganizationID: o.ID, UserID: u.ID})
|
dbm.EXPECT().GetFileIDByTemplateVersionID(gomock.Any(), tvID).Return(fileID, nil).AnyTimes()
|
||||||
f := dbgen.File(s.T(), db, database.File{CreatedBy: u.ID})
|
check.Args(tvID).Asserts(rbac.ResourceFile.WithID(fileID), policy.ActionRead).Returns(fileID)
|
||||||
j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{StorageMethod: database.ProvisionerStorageMethodFile, FileID: f.ID})
|
|
||||||
tv := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{OrganizationID: o.ID, JobID: j.ID, CreatedBy: u.ID})
|
|
||||||
check.Args(tv.ID).Asserts(rbac.ResourceFile.WithID(f.ID), policy.ActionRead).Returns(f.ID)
|
|
||||||
}))
|
}))
|
||||||
s.Run("InsertFile", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("InsertFile", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
u := dbgen.User(s.T(), db, database.User{})
|
u := testutil.Fake(s.T(), faker, database.User{})
|
||||||
|
ret := testutil.Fake(s.T(), faker, database.File{CreatedBy: u.ID})
|
||||||
|
dbm.EXPECT().InsertFile(gomock.Any(), gomock.Any()).Return(ret, nil).AnyTimes()
|
||||||
check.Args(database.InsertFileParams{
|
check.Args(database.InsertFileParams{
|
||||||
CreatedBy: u.ID,
|
CreatedBy: u.ID,
|
||||||
}).Asserts(rbac.ResourceFile.WithOwner(u.ID.String()), policy.ActionCreate)
|
}).Asserts(rbac.ResourceFile.WithOwner(u.ID.String()), policy.ActionCreate)
|
||||||
@@ -477,158 +379,150 @@ func (s *MethodTestSuite) TestFile() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *MethodTestSuite) TestGroup() {
|
func (s *MethodTestSuite) TestGroup() {
|
||||||
s.Run("DeleteGroupByID", s.Subtest(func(db database.Store, check *expects) {
|
s.Run("DeleteGroupByID", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
g := testutil.Fake(s.T(), faker, database.Group{})
|
||||||
g := dbgen.Group(s.T(), db, database.Group{})
|
dbm.EXPECT().GetGroupByID(gomock.Any(), g.ID).Return(g, nil).AnyTimes()
|
||||||
|
dbm.EXPECT().DeleteGroupByID(gomock.Any(), g.ID).Return(nil).AnyTimes()
|
||||||
check.Args(g.ID).Asserts(g, policy.ActionDelete).Returns()
|
check.Args(g.ID).Asserts(g, policy.ActionDelete).Returns()
|
||||||
}))
|
}))
|
||||||
s.Run("DeleteGroupMemberFromGroup", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
s.Run("DeleteGroupMemberFromGroup", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
g := dbgen.Group(s.T(), db, database.Group{})
|
g := testutil.Fake(s.T(), faker, database.Group{})
|
||||||
u := dbgen.User(s.T(), db, database.User{})
|
u := testutil.Fake(s.T(), faker, database.User{})
|
||||||
m := dbgen.GroupMember(s.T(), db, database.GroupMemberTable{
|
m := testutil.Fake(s.T(), faker, database.GroupMember{GroupID: g.ID, UserID: u.ID})
|
||||||
GroupID: g.ID,
|
dbm.EXPECT().GetGroupByID(gomock.Any(), g.ID).Return(g, nil).AnyTimes()
|
||||||
UserID: u.ID,
|
dbm.EXPECT().DeleteGroupMemberFromGroup(gomock.Any(), database.DeleteGroupMemberFromGroupParams{UserID: m.UserID, GroupID: g.ID}).Return(nil).AnyTimes()
|
||||||
})
|
check.Args(database.DeleteGroupMemberFromGroupParams{UserID: m.UserID, GroupID: g.ID}).Asserts(g, policy.ActionUpdate).Returns()
|
||||||
check.Args(database.DeleteGroupMemberFromGroupParams{
|
|
||||||
UserID: m.UserID,
|
|
||||||
GroupID: g.ID,
|
|
||||||
}).Asserts(g, policy.ActionUpdate).Returns()
|
|
||||||
}))
|
}))
|
||||||
s.Run("GetGroupByID", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
s.Run("GetGroupByID", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
g := dbgen.Group(s.T(), db, database.Group{})
|
g := testutil.Fake(s.T(), faker, database.Group{})
|
||||||
|
dbm.EXPECT().GetGroupByID(gomock.Any(), g.ID).Return(g, nil).AnyTimes()
|
||||||
check.Args(g.ID).Asserts(g, policy.ActionRead).Returns(g)
|
check.Args(g.ID).Asserts(g, policy.ActionRead).Returns(g)
|
||||||
}))
|
}))
|
||||||
s.Run("GetGroupByOrgAndName", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
s.Run("GetGroupByOrgAndName", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
g := dbgen.Group(s.T(), db, database.Group{})
|
g := testutil.Fake(s.T(), faker, database.Group{})
|
||||||
check.Args(database.GetGroupByOrgAndNameParams{
|
dbm.EXPECT().GetGroupByOrgAndName(gomock.Any(), database.GetGroupByOrgAndNameParams{OrganizationID: g.OrganizationID, Name: g.Name}).Return(g, nil).AnyTimes()
|
||||||
OrganizationID: g.OrganizationID,
|
check.Args(database.GetGroupByOrgAndNameParams{OrganizationID: g.OrganizationID, Name: g.Name}).Asserts(g, policy.ActionRead).Returns(g)
|
||||||
Name: g.Name,
|
|
||||||
}).Asserts(g, policy.ActionRead).Returns(g)
|
|
||||||
}))
|
}))
|
||||||
s.Run("GetGroupMembersByGroupID", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
s.Run("GetGroupMembersByGroupID", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
g := dbgen.Group(s.T(), db, database.Group{})
|
g := testutil.Fake(s.T(), faker, database.Group{})
|
||||||
u := dbgen.User(s.T(), db, database.User{})
|
u := testutil.Fake(s.T(), faker, database.User{})
|
||||||
gm := dbgen.GroupMember(s.T(), db, database.GroupMemberTable{GroupID: g.ID, UserID: u.ID})
|
gm := testutil.Fake(s.T(), faker, database.GroupMember{GroupID: g.ID, UserID: u.ID})
|
||||||
check.Args(database.GetGroupMembersByGroupIDParams{
|
arg := database.GetGroupMembersByGroupIDParams{GroupID: g.ID, IncludeSystem: false}
|
||||||
GroupID: g.ID,
|
dbm.EXPECT().GetGroupMembersByGroupID(gomock.Any(), arg).Return([]database.GroupMember{gm}, nil).AnyTimes()
|
||||||
IncludeSystem: false,
|
check.Args(arg).Asserts(gm, policy.ActionRead)
|
||||||
}).Asserts(gm, policy.ActionRead)
|
|
||||||
}))
|
}))
|
||||||
s.Run("GetGroupMembersCountByGroupID", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
s.Run("GetGroupMembersCountByGroupID", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
g := dbgen.Group(s.T(), db, database.Group{})
|
g := testutil.Fake(s.T(), faker, database.Group{})
|
||||||
check.Args(database.GetGroupMembersCountByGroupIDParams{
|
arg := database.GetGroupMembersCountByGroupIDParams{GroupID: g.ID, IncludeSystem: false}
|
||||||
GroupID: g.ID,
|
dbm.EXPECT().GetGroupByID(gomock.Any(), g.ID).Return(g, nil).AnyTimes()
|
||||||
IncludeSystem: false,
|
dbm.EXPECT().GetGroupMembersCountByGroupID(gomock.Any(), arg).Return(int64(0), nil).AnyTimes()
|
||||||
}).Asserts(g, policy.ActionRead)
|
check.Args(arg).Asserts(g, policy.ActionRead)
|
||||||
}))
|
}))
|
||||||
s.Run("GetGroupMembers", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
s.Run("GetGroupMembers", s.Mocked(func(dbm *dbmock.MockStore, _ *gofakeit.Faker, check *expects) {
|
||||||
g := dbgen.Group(s.T(), db, database.Group{})
|
dbm.EXPECT().GetGroupMembers(gomock.Any(), false).Return([]database.GroupMember{}, nil).AnyTimes()
|
||||||
u := dbgen.User(s.T(), db, database.User{})
|
|
||||||
dbgen.GroupMember(s.T(), db, database.GroupMemberTable{GroupID: g.ID, UserID: u.ID})
|
|
||||||
check.Args(false).Asserts(rbac.ResourceSystem, policy.ActionRead)
|
check.Args(false).Asserts(rbac.ResourceSystem, policy.ActionRead)
|
||||||
}))
|
}))
|
||||||
s.Run("System/GetGroups", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
s.Run("System/GetGroups", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
_ = dbgen.Group(s.T(), db, database.Group{})
|
o := testutil.Fake(s.T(), faker, database.Organization{})
|
||||||
check.Args(database.GetGroupsParams{}).
|
g := testutil.Fake(s.T(), faker, database.Group{OrganizationID: o.ID})
|
||||||
Asserts(rbac.ResourceSystem, policy.ActionRead)
|
row := database.GetGroupsRow{Group: g, OrganizationName: o.Name, OrganizationDisplayName: o.DisplayName}
|
||||||
|
dbm.EXPECT().GetGroups(gomock.Any(), database.GetGroupsParams{}).Return([]database.GetGroupsRow{row}, nil).AnyTimes()
|
||||||
|
check.Args(database.GetGroupsParams{}).Asserts(rbac.ResourceSystem, policy.ActionRead)
|
||||||
}))
|
}))
|
||||||
s.Run("GetGroups", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
o := dbgen.Organization(s.T(), db, database.Organization{})
|
s.Run("GetGroups", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
g := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
|
o := testutil.Fake(s.T(), faker, database.Organization{})
|
||||||
u := dbgen.User(s.T(), db, database.User{})
|
g := testutil.Fake(s.T(), faker, database.Group{OrganizationID: o.ID})
|
||||||
gm := dbgen.GroupMember(s.T(), db, database.GroupMemberTable{GroupID: g.ID, UserID: u.ID})
|
u := testutil.Fake(s.T(), faker, database.User{})
|
||||||
check.Args(database.GetGroupsParams{
|
gm := testutil.Fake(s.T(), faker, database.GroupMember{GroupID: g.ID, UserID: u.ID})
|
||||||
OrganizationID: g.OrganizationID,
|
params := database.GetGroupsParams{OrganizationID: g.OrganizationID, HasMemberID: gm.UserID}
|
||||||
HasMemberID: gm.UserID,
|
row := database.GetGroupsRow{Group: g, OrganizationName: o.Name, OrganizationDisplayName: o.DisplayName}
|
||||||
}).Asserts(rbac.ResourceSystem, policy.ActionRead, g, policy.ActionRead).
|
dbm.EXPECT().GetGroups(gomock.Any(), params).Return([]database.GetGroupsRow{row}, nil).AnyTimes()
|
||||||
// Fail the system resource skip
|
check.Args(params).Asserts(rbac.ResourceSystem, policy.ActionRead, g, policy.ActionRead).FailSystemObjectChecks()
|
||||||
FailSystemObjectChecks()
|
|
||||||
}))
|
}))
|
||||||
s.Run("InsertAllUsersGroup", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
o := dbgen.Organization(s.T(), db, database.Organization{})
|
s.Run("InsertAllUsersGroup", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
|
o := testutil.Fake(s.T(), faker, database.Organization{})
|
||||||
|
ret := testutil.Fake(s.T(), faker, database.Group{OrganizationID: o.ID})
|
||||||
|
dbm.EXPECT().InsertAllUsersGroup(gomock.Any(), o.ID).Return(ret, nil).AnyTimes()
|
||||||
check.Args(o.ID).Asserts(rbac.ResourceGroup.InOrg(o.ID), policy.ActionCreate)
|
check.Args(o.ID).Asserts(rbac.ResourceGroup.InOrg(o.ID), policy.ActionCreate)
|
||||||
}))
|
}))
|
||||||
s.Run("InsertGroup", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
o := dbgen.Organization(s.T(), db, database.Organization{})
|
s.Run("InsertGroup", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
check.Args(database.InsertGroupParams{
|
o := testutil.Fake(s.T(), faker, database.Organization{})
|
||||||
OrganizationID: o.ID,
|
arg := database.InsertGroupParams{OrganizationID: o.ID, Name: "test"}
|
||||||
Name: "test",
|
ret := testutil.Fake(s.T(), faker, database.Group{OrganizationID: o.ID, Name: arg.Name})
|
||||||
}).Asserts(rbac.ResourceGroup.InOrg(o.ID), policy.ActionCreate)
|
dbm.EXPECT().InsertGroup(gomock.Any(), arg).Return(ret, nil).AnyTimes()
|
||||||
|
check.Args(arg).Asserts(rbac.ResourceGroup.InOrg(o.ID), policy.ActionCreate)
|
||||||
}))
|
}))
|
||||||
s.Run("InsertGroupMember", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
s.Run("InsertGroupMember", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
g := dbgen.Group(s.T(), db, database.Group{})
|
g := testutil.Fake(s.T(), faker, database.Group{})
|
||||||
check.Args(database.InsertGroupMemberParams{
|
arg := database.InsertGroupMemberParams{UserID: uuid.New(), GroupID: g.ID}
|
||||||
UserID: uuid.New(),
|
dbm.EXPECT().GetGroupByID(gomock.Any(), g.ID).Return(g, nil).AnyTimes()
|
||||||
GroupID: g.ID,
|
dbm.EXPECT().InsertGroupMember(gomock.Any(), arg).Return(nil).AnyTimes()
|
||||||
}).Asserts(g, policy.ActionUpdate).Returns()
|
check.Args(arg).Asserts(g, policy.ActionUpdate).Returns()
|
||||||
}))
|
}))
|
||||||
s.Run("InsertUserGroupsByName", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
o := dbgen.Organization(s.T(), db, database.Organization{})
|
s.Run("InsertUserGroupsByName", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
u1 := dbgen.User(s.T(), db, database.User{})
|
o := testutil.Fake(s.T(), faker, database.Organization{})
|
||||||
g1 := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
|
u1 := testutil.Fake(s.T(), faker, database.User{})
|
||||||
g2 := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
|
g1 := testutil.Fake(s.T(), faker, database.Group{OrganizationID: o.ID})
|
||||||
check.Args(database.InsertUserGroupsByNameParams{
|
g2 := testutil.Fake(s.T(), faker, database.Group{OrganizationID: o.ID})
|
||||||
OrganizationID: o.ID,
|
arg := database.InsertUserGroupsByNameParams{OrganizationID: o.ID, UserID: u1.ID, GroupNames: slice.New(g1.Name, g2.Name)}
|
||||||
UserID: u1.ID,
|
dbm.EXPECT().InsertUserGroupsByName(gomock.Any(), arg).Return(nil).AnyTimes()
|
||||||
GroupNames: slice.New(g1.Name, g2.Name),
|
check.Args(arg).Asserts(rbac.ResourceGroup.InOrg(o.ID), policy.ActionUpdate).Returns()
|
||||||
}).Asserts(rbac.ResourceGroup.InOrg(o.ID), policy.ActionUpdate).Returns()
|
|
||||||
}))
|
}))
|
||||||
s.Run("InsertUserGroupsByID", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
o := dbgen.Organization(s.T(), db, database.Organization{})
|
s.Run("InsertUserGroupsByID", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
u1 := dbgen.User(s.T(), db, database.User{})
|
o := testutil.Fake(s.T(), faker, database.Organization{})
|
||||||
g1 := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
|
u1 := testutil.Fake(s.T(), faker, database.User{})
|
||||||
g2 := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
|
g1 := testutil.Fake(s.T(), faker, database.Group{OrganizationID: o.ID})
|
||||||
g3 := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
|
g2 := testutil.Fake(s.T(), faker, database.Group{OrganizationID: o.ID})
|
||||||
_ = dbgen.GroupMember(s.T(), db, database.GroupMemberTable{GroupID: g1.ID, UserID: u1.ID})
|
g3 := testutil.Fake(s.T(), faker, database.Group{OrganizationID: o.ID})
|
||||||
returns := slice.New(g2.ID, g3.ID)
|
returns := slice.New(g2.ID, g3.ID)
|
||||||
if !dbtestutil.WillUsePostgres() {
|
arg := database.InsertUserGroupsByIDParams{UserID: u1.ID, GroupIds: slice.New(g1.ID, g2.ID, g3.ID)}
|
||||||
returns = slice.New(g1.ID, g2.ID, g3.ID)
|
dbm.EXPECT().InsertUserGroupsByID(gomock.Any(), arg).Return(returns, nil).AnyTimes()
|
||||||
}
|
check.Args(arg).Asserts(rbac.ResourceSystem, policy.ActionUpdate).Returns(returns)
|
||||||
check.Args(database.InsertUserGroupsByIDParams{
|
|
||||||
UserID: u1.ID,
|
|
||||||
GroupIds: slice.New(g1.ID, g2.ID, g3.ID),
|
|
||||||
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate).Returns(returns)
|
|
||||||
}))
|
}))
|
||||||
s.Run("RemoveUserFromAllGroups", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
o := dbgen.Organization(s.T(), db, database.Organization{})
|
s.Run("RemoveUserFromAllGroups", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
u1 := dbgen.User(s.T(), db, database.User{})
|
u1 := testutil.Fake(s.T(), faker, database.User{})
|
||||||
g1 := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
|
dbm.EXPECT().RemoveUserFromAllGroups(gomock.Any(), u1.ID).Return(nil).AnyTimes()
|
||||||
g2 := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
|
|
||||||
_ = dbgen.GroupMember(s.T(), db, database.GroupMemberTable{GroupID: g1.ID, UserID: u1.ID})
|
|
||||||
_ = dbgen.GroupMember(s.T(), db, database.GroupMemberTable{GroupID: g2.ID, UserID: u1.ID})
|
|
||||||
check.Args(u1.ID).Asserts(rbac.ResourceSystem, policy.ActionUpdate).Returns()
|
check.Args(u1.ID).Asserts(rbac.ResourceSystem, policy.ActionUpdate).Returns()
|
||||||
}))
|
}))
|
||||||
s.Run("RemoveUserFromGroups", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
o := dbgen.Organization(s.T(), db, database.Organization{})
|
s.Run("RemoveUserFromGroups", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
u1 := dbgen.User(s.T(), db, database.User{})
|
o := testutil.Fake(s.T(), faker, database.Organization{})
|
||||||
g1 := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
|
u1 := testutil.Fake(s.T(), faker, database.User{})
|
||||||
g2 := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
|
g1 := testutil.Fake(s.T(), faker, database.Group{OrganizationID: o.ID})
|
||||||
_ = dbgen.GroupMember(s.T(), db, database.GroupMemberTable{GroupID: g1.ID, UserID: u1.ID})
|
g2 := testutil.Fake(s.T(), faker, database.Group{OrganizationID: o.ID})
|
||||||
_ = dbgen.GroupMember(s.T(), db, database.GroupMemberTable{GroupID: g2.ID, UserID: u1.ID})
|
arg := database.RemoveUserFromGroupsParams{UserID: u1.ID, GroupIds: []uuid.UUID{g1.ID, g2.ID}}
|
||||||
check.Args(database.RemoveUserFromGroupsParams{
|
dbm.EXPECT().RemoveUserFromGroups(gomock.Any(), arg).Return(slice.New(g1.ID, g2.ID), nil).AnyTimes()
|
||||||
UserID: u1.ID,
|
check.Args(arg).Asserts(rbac.ResourceSystem, policy.ActionUpdate).Returns(slice.New(g1.ID, g2.ID))
|
||||||
GroupIds: []uuid.UUID{g1.ID, g2.ID},
|
|
||||||
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate).Returns(slice.New(g1.ID, g2.ID))
|
|
||||||
}))
|
}))
|
||||||
s.Run("UpdateGroupByID", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
|
s.Run("UpdateGroupByID", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
g := dbgen.Group(s.T(), db, database.Group{})
|
g := testutil.Fake(s.T(), faker, database.Group{})
|
||||||
check.Args(database.UpdateGroupByIDParams{
|
arg := database.UpdateGroupByIDParams{ID: g.ID}
|
||||||
ID: g.ID,
|
dbm.EXPECT().GetGroupByID(gomock.Any(), g.ID).Return(g, nil).AnyTimes()
|
||||||
}).Asserts(g, policy.ActionUpdate)
|
dbm.EXPECT().UpdateGroupByID(gomock.Any(), arg).Return(g, nil).AnyTimes()
|
||||||
|
check.Args(arg).Asserts(g, policy.ActionUpdate)
|
||||||
}))
|
}))
|
||||||
s.Run("ValidateGroupIDs", s.Subtest(func(db database.Store, check *expects) {
|
|
||||||
o := dbgen.Organization(s.T(), db, database.Organization{})
|
s.Run("ValidateGroupIDs", s.Mocked(func(dbm *dbmock.MockStore, faker *gofakeit.Faker, check *expects) {
|
||||||
g := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
|
o := testutil.Fake(s.T(), faker, database.Organization{})
|
||||||
check.Args([]uuid.UUID{g.ID}).Asserts(rbac.ResourceSystem, policy.ActionRead)
|
g := testutil.Fake(s.T(), faker, database.Group{OrganizationID: o.ID})
|
||||||
|
ids := []uuid.UUID{g.ID}
|
||||||
|
dbm.EXPECT().ValidateGroupIDs(gomock.Any(), ids).Return(database.ValidateGroupIDsRow{}, nil).AnyTimes()
|
||||||
|
check.Args(ids).Asserts(rbac.ResourceSystem, policy.ActionRead)
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user