synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: convert dbauthz tests to also run with Postgres (#15862)

Browse Source 
Another PR to address https://github.com/coder/coder/issues/15109.

- adds the DisableForeignKeysAndTriggers utility, which simplifies
converting tests from in-mem to postgres
- converts the dbauthz test suite to pass on both the in-mem db and
Postgres
This commit is contained in:
Hugo Dutka
2025-01-08 16:22:51 +01:00
committed by GitHub
parent 13cfaae619
commit 106b1cd3bc
13 changed files with 1680 additions and 337 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
coderd/coderdtest/authorize.go
View File

@ -358,6 +358,7 @@ func (s *PreparedRecorder) CompileToSQL(ctx context.Context, cfg regosql.Convert
// Meaning 'FakeAuthorizer' by default will never return "unauthorized".
type FakeAuthorizer struct {
ConditionalReturn func(context.Context, rbac.Subject, policy.Action, rbac.Object) error
sqlFilter string
}
var _ rbac.Authorizer = (*FakeAuthorizer)(nil)
@ -370,6 +371,12 @@ func (d *FakeAuthorizer) AlwaysReturn(err error) *FakeAuthorizer {
return d
}
// OverrideSQLFilter sets the SQL filter that will always be returned by CompileToSQL.
func (d *FakeAuthorizer) OverrideSQLFilter(filter string) *FakeAuthorizer {
d.sqlFilter = filter
return d
}
func (d *FakeAuthorizer) Authorize(ctx context.Context, subject rbac.Subject, action policy.Action, object rbac.Object) error {
if d.ConditionalReturn != nil {
return d.ConditionalReturn(ctx, subject, action, object)
@ -400,10 +407,12 @@ func (f *fakePreparedAuthorizer) Authorize(ctx context.Context, object rbac.Obje
return f.Original.Authorize(ctx, f.Subject, f.Action, object)
}
// CompileToSQL returns a compiled version of the authorizer that will work for
// in memory databases. This fake version will not work against a SQL database.
func (*fakePreparedAuthorizer) CompileToSQL(_ context.Context, _ regosql.ConvertConfig) (string, error) {
return "not a valid sql string", nil
func (f *fakePreparedAuthorizer) CompileToSQL(_ context.Context, _ regosql.ConvertConfig) (string, error) {
if f.Original.sqlFilter != "" {
return f.Original.sqlFilter, nil
}
// By default, allow all SQL queries.
return "TRUE", nil
}
// Random rbac helper funcs