chore: refactor user -> rbac.subject into a function (#13624)

* chore: refactor user subject logic to be in 1 place * test: implement test to assert deleted custom roles are omitted * add unit test for deleted role
2025-07-03 16:13:58 +00:00 · 2024-06-21 06:30:02 -10:00
parent 3ef12ac284
commit 0e933f0537
7 changed files with 328 additions and 94 deletions
--- a/coderd/rbac/authz.go
+++ b/coderd/rbac/authz.go
@ -75,6 +75,17 @@ type Subject struct {
 	cachedASTValue ast.Value
 }

+// RegoValueOk is only used for unit testing. There is no easy way
+// to get the error for the unexported method, and this is intentional.
+// Failed rego values can default to the backup json marshal method,
+// so errors are not fatal. Unit tests should be aware when the custom
+// rego marshaller fails.
+func (s Subject) RegoValueOk() error {
+	tmp := s
+	_, err := tmp.regoValue()
+	return err
+}
+
 // WithCachedASTValue can be called if the subject is static. This will compute
 // the ast value once and cache it for future calls.
 func (s Subject) WithCachedASTValue() Subject {