chore(scripts/rules.go): broaden scope of testingWithOwnerUser linter (#10548)

* Updated testingWithOwnerUser ruleguard rule to detect: a) Passing client from coderdenttest.New() to clitest.SetupConfig() similar to what already exists for AGPL code b) Usage of any method of the owner client from coderdenttest.New() - all usages of the owner client must be justified with a `//nolint:gocritic` comment. * Fixed resulting linter complaints. * Added new coderdtest helpers CreateGroup and UpdateTemplateMeta. * Modified check_enterprise_import.sh to ignore scripts/rules.go.
2025-07-06 15:41:45 +00:00 · 2023-11-08 14:54:48 +00:00
parent 057b43a935
commit 26740cf00d
27 changed files with 473 additions and 331 deletions
--- a/enterprise/coderd/workspaces_test.go
+++ b/enterprise/coderd/workspaces_test.go
@ -16,6 +16,7 @@ import (
 	"github.com/coder/coder/v2/coderd/autobuild"
 	"github.com/coder/coder/v2/coderd/coderdtest"
 	"github.com/coder/coder/v2/coderd/database"
+	"github.com/coder/coder/v2/coderd/rbac"
 	agplschedule "github.com/coder/coder/v2/coderd/schedule"
 	"github.com/coder/coder/v2/coderd/schedule/cron"
 	"github.com/coder/coder/v2/coderd/util/ptr"
@ -50,6 +51,7 @@ func TestCreateWorkspace(t *testing.T) {
 				codersdk.FeatureTemplateRBAC: 1,
 			},
 		}})
+		templateAdminClient, _ := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleTemplateAdmin())

 		version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
 		template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
@ -57,13 +59,13 @@ func TestCreateWorkspace(t *testing.T) {
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 		defer cancel()

-		acl, err := client.TemplateACL(ctx, template.ID)
+		acl, err := templateAdminClient.TemplateACL(ctx, template.ID)
 		require.NoError(t, err)

 		require.Len(t, acl.Groups, 1)
 		require.Len(t, acl.Users, 0)

-		err = client.UpdateTemplateACL(ctx, template.ID, codersdk.UpdateTemplateACL{
+		err = templateAdminClient.UpdateTemplateACL(ctx, template.ID, codersdk.UpdateTemplateACL{
 			GroupPerms: map[string]codersdk.TemplateRole{
 				acl.Groups[0].ID.String(): codersdk.TemplateRoleDeleted,
 			},
@ -504,6 +506,7 @@ func TestWorkspaceAutobuild(t *testing.T) {
 		_ = coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID)

 		// Assert that the workspace is actually deleted.
+		//nolint:gocritic // ensuring workspace is deleted and not just invisible to us due to RBAC
 		_, err := client.Workspace(testutil.Context(t, testutil.WaitShort), ws.ID)
 		require.Error(t, err)
 		cerr, ok := codersdk.AsError(err)
@ -531,6 +534,7 @@ func TestWorkspaceAutobuild(t *testing.T) {
 				Features: license.Features{codersdk.FeatureAdvancedTemplateScheduling: 1},
 			},
 		})
+		anotherClient, _ := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleTemplateAdmin())
 		version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{
 			Parse:          echo.ParseComplete,
 			ProvisionPlan:  echo.PlanComplete,
@ -540,12 +544,12 @@ func TestWorkspaceAutobuild(t *testing.T) {
 			ctr.TimeTilDormantAutoDeleteMillis = ptr.Ref[int64](dormantTTL.Milliseconds())
 		})
 		coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID)
-		ws := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
-		build := coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID)
+		ws := coderdtest.CreateWorkspace(t, anotherClient, user.OrganizationID, template.ID)
+		build := coderdtest.AwaitWorkspaceBuildJobCompleted(t, anotherClient, ws.LatestBuild.ID)
 		require.Equal(t, codersdk.WorkspaceStatusRunning, build.Status)

 		ctx := testutil.Context(t, testutil.WaitMedium)
-		err := client.UpdateWorkspaceDormancy(ctx, ws.ID, codersdk.UpdateWorkspaceDormancy{
+		err := anotherClient.UpdateWorkspaceDormancy(ctx, ws.ID, codersdk.UpdateWorkspaceDormancy{
 			Dormant: true,
 		})
 		require.NoError(t, err)
@ -559,7 +563,7 @@ func TestWorkspaceAutobuild(t *testing.T) {
 		// Expect no transitions since not enough time has elapsed.
 		require.Len(t, stats.Transitions, 0)

-		_, err = client.UpdateTemplateMeta(ctx, template.ID, codersdk.UpdateTemplateMeta{
+		_, err = anotherClient.UpdateTemplateMeta(ctx, template.ID, codersdk.UpdateTemplateMeta{
 			TimeTilDormantAutoDeleteMillis: dormantTTL.Milliseconds(),
 		})
 		require.NoError(t, err)
@ -671,6 +675,7 @@ func TestWorkspaceAutobuild(t *testing.T) {
 				Features: license.Features{codersdk.FeatureAdvancedTemplateScheduling: 1},
 			},
 		})
+		templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleTemplateAdmin())

 		// Create a template version that passes to get a functioning workspace.
 		version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{
@ -682,8 +687,8 @@ func TestWorkspaceAutobuild(t *testing.T) {

 		template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)

-		ws := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
-		coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, ws.LatestBuild.ID)
+		ws := coderdtest.CreateWorkspace(t, templateAdmin, user.OrganizationID, template.ID)
+		coderdtest.AwaitWorkspaceBuildJobCompleted(t, templateAdmin, ws.LatestBuild.ID)

 		// Create a new version that will fail when we try to delete a workspace.
 		version = coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{
@ -696,7 +701,7 @@ func TestWorkspaceAutobuild(t *testing.T) {
 		coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID)

 		// Try to delete the workspace. This simulates a "failed" autodelete.
-		build, err := client.CreateWorkspaceBuild(ctx, ws.ID, codersdk.CreateWorkspaceBuildRequest{
+		build, err := templateAdmin.CreateWorkspaceBuild(ctx, ws.ID, codersdk.CreateWorkspaceBuildRequest{
 			Transition:        codersdk.WorkspaceTransitionDelete,
 			TemplateVersionID: version.ID,
 		})
@ -706,13 +711,13 @@ func TestWorkspaceAutobuild(t *testing.T) {
 		require.NotEmpty(t, build.Job.Error)

 		// Update our workspace to be dormant so that it qualifies for auto-deletion.
-		err = client.UpdateWorkspaceDormancy(ctx, ws.ID, codersdk.UpdateWorkspaceDormancy{
+		err = templateAdmin.UpdateWorkspaceDormancy(ctx, ws.ID, codersdk.UpdateWorkspaceDormancy{
 			Dormant: true,
 		})
 		require.NoError(t, err)

 		// Enable auto-deletion for the template.
-		_, err = client.UpdateTemplateMeta(ctx, template.ID, codersdk.UpdateTemplateMeta{
+		_, err = templateAdmin.UpdateTemplateMeta(ctx, template.ID, codersdk.UpdateTemplateMeta{
 			TimeTilDormantAutoDeleteMillis: transitionTTL.Milliseconds(),
 		})
 		require.NoError(t, err)
@ -901,6 +906,7 @@ func TestWorkspacesFiltering(t *testing.T) {
 				Features: license.Features{codersdk.FeatureAdvancedTemplateScheduling: 1},
 			},
 		})
+		templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleTemplateAdmin())

 		// Create a template version that passes to get a functioning workspace.
 		version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{
@ -912,22 +918,22 @@ func TestWorkspacesFiltering(t *testing.T) {

 		template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)

-		dormantWS1 := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
-		coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, dormantWS1.LatestBuild.ID)
+		dormantWS1 := coderdtest.CreateWorkspace(t, templateAdmin, user.OrganizationID, template.ID)
+		coderdtest.AwaitWorkspaceBuildJobCompleted(t, templateAdmin, dormantWS1.LatestBuild.ID)

-		dormantWS2 := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
-		coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, dormantWS2.LatestBuild.ID)
+		dormantWS2 := coderdtest.CreateWorkspace(t, templateAdmin, user.OrganizationID, template.ID)
+		coderdtest.AwaitWorkspaceBuildJobCompleted(t, templateAdmin, dormantWS2.LatestBuild.ID)

-		activeWS := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
-		coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, activeWS.LatestBuild.ID)
+		activeWS := coderdtest.CreateWorkspace(t, templateAdmin, user.OrganizationID, template.ID)
+		coderdtest.AwaitWorkspaceBuildJobCompleted(t, templateAdmin, activeWS.LatestBuild.ID)

-		err := client.UpdateWorkspaceDormancy(ctx, dormantWS1.ID, codersdk.UpdateWorkspaceDormancy{Dormant: true})
+		err := templateAdmin.UpdateWorkspaceDormancy(ctx, dormantWS1.ID, codersdk.UpdateWorkspaceDormancy{Dormant: true})
 		require.NoError(t, err)

-		err = client.UpdateWorkspaceDormancy(ctx, dormantWS2.ID, codersdk.UpdateWorkspaceDormancy{Dormant: true})
+		err = templateAdmin.UpdateWorkspaceDormancy(ctx, dormantWS2.ID, codersdk.UpdateWorkspaceDormancy{Dormant: true})
 		require.NoError(t, err)

-		resp, err := client.Workspaces(ctx, codersdk.WorkspaceFilter{
+		resp, err := templateAdmin.Workspaces(ctx, codersdk.WorkspaceFilter{
 			FilterQuery: "is-dormant:true",
 		})
 		require.NoError(t, err)
@ -968,6 +974,7 @@ func TestWorkspacesWithoutTemplatePerms(t *testing.T) {
 	defer cancel()

 	// Remove everyone access
+	//nolint:gocritic // creating a separate user just for this is overkill
 	err := client.UpdateTemplateACL(ctx, template.ID, codersdk.UpdateTemplateACL{
 		GroupPerms: map[string]codersdk.TemplateRole{
 			first.OrganizationID.String(): codersdk.TemplateRoleDeleted,