mirror of
https://github.com/coder/coder.git
synced 2025-07-03 16:13:58 +00:00
fix(coderd): ensure correct RBAC when enqueueing notifications (#15478)
- Assert rbac in fake notifications enqueuer - Move fake notifications enqueuer to separate notificationstest package - Update dbauthz rbac policy to allow provisionerd and autostart to create and read notification messages - Update tests as required
This commit is contained in:
Cian Johnston
GitHub
@ -19,6 +19,7 @@ import (
|
||||
"github.com/coder/coder/v2/coderd/database"
|
||||
"github.com/coder/coder/v2/coderd/database/dbauthz"
|
||||
"github.com/coder/coder/v2/coderd/notifications"
|
||||
"github.com/coder/coder/v2/coderd/notifications/notificationstest"
|
||||
"github.com/coder/coder/v2/coderd/schedule"
|
||||
"github.com/coder/coder/v2/coderd/schedule/cron"
|
||||
"github.com/coder/coder/v2/coderd/util/ptr"
|
||||
@ -116,7 +117,7 @@ func TestExecutorAutostartTemplateUpdated(t *testing.T) {
|
||||
tickCh = make(chan time.Time)
|
||||
statsCh = make(chan autobuild.Stats)
|
||||
logger = slogtest.Make(t, &slogtest.Options{IgnoreErrors: !tc.expectStart}).Leveled(slog.LevelDebug)
|
||||
enqueuer = testutil.FakeNotificationsEnqueuer{}
|
||||
enqueuer = notificationstest.FakeEnqueuer{}
|
||||
client = coderdtest.New(t, &coderdtest.Options{
|
||||
AutobuildTicker: tickCh,
|
||||
IncludeProvisionerDaemon: true,
|
||||
@ -202,17 +203,18 @@ func TestExecutorAutostartTemplateUpdated(t *testing.T) {
|
||||
}
|
||||
|
||||
if tc.expectNotification {
|
||||
require.Len(t, enqueuer.Sent, 1)
|
||||
require.Equal(t, enqueuer.Sent[0].UserID, workspace.OwnerID)
|
||||
require.Contains(t, enqueuer.Sent[0].Targets, workspace.TemplateID)
|
||||
require.Contains(t, enqueuer.Sent[0].Targets, workspace.ID)
|
||||
require.Contains(t, enqueuer.Sent[0].Targets, workspace.OrganizationID)
|
||||
require.Contains(t, enqueuer.Sent[0].Targets, workspace.OwnerID)
|
||||
require.Equal(t, newVersion.Name, enqueuer.Sent[0].Labels["template_version_name"])
|
||||
require.Equal(t, "autobuild", enqueuer.Sent[0].Labels["initiator"])
|
||||
require.Equal(t, "autostart", enqueuer.Sent[0].Labels["reason"])
|
||||
sent := enqueuer.Sent()
|
||||
require.Len(t, sent, 1)
|
||||
require.Equal(t, sent[0].UserID, workspace.OwnerID)
|
||||
require.Contains(t, sent[0].Targets, workspace.TemplateID)
|
||||
require.Contains(t, sent[0].Targets, workspace.ID)
|
||||
require.Contains(t, sent[0].Targets, workspace.OrganizationID)
|
||||
require.Contains(t, sent[0].Targets, workspace.OwnerID)
|
||||
require.Equal(t, newVersion.Name, sent[0].Labels["template_version_name"])
|
||||
require.Equal(t, "autobuild", sent[0].Labels["initiator"])
|
||||
require.Equal(t, "autostart", sent[0].Labels["reason"])
|
||||
} else {
|
||||
require.Len(t, enqueuer.Sent, 0)
|
||||
require.Empty(t, enqueuer.Sent())
|
||||
}
|
||||
})
|
||||
}
|
||||
@ -1073,7 +1075,7 @@ func TestNotifications(t *testing.T) {
|
||||
var (
|
||||
ticker = make(chan time.Time)
|
||||
statCh = make(chan autobuild.Stats)
|
||||
notifyEnq = testutil.FakeNotificationsEnqueuer{}
|
||||
notifyEnq = notificationstest.FakeEnqueuer{}
|
||||
timeTilDormant = time.Minute
|
||||
client = coderdtest.New(t, &coderdtest.Options{
|
||||
AutobuildTicker: ticker,
|
||||
@ -1107,6 +1109,7 @@ func TestNotifications(t *testing.T) {
|
||||
_ = coderdtest.AwaitWorkspaceBuildJobCompleted(t, userClient, workspace.LatestBuild.ID)
|
||||
|
||||
// Wait for workspace to become dormant
|
||||
notifyEnq.Clear()
|
||||
ticker <- workspace.LastUsedAt.Add(timeTilDormant * 3)
|
||||
_ = testutil.RequireRecvCtx(testutil.Context(t, testutil.WaitShort), t, statCh)
|
||||
|
||||
@ -1115,14 +1118,14 @@ func TestNotifications(t *testing.T) {
|
||||
require.NotNil(t, workspace.DormantAt)
|
||||
|
||||
// Check that a notification was enqueued
|
||||
require.Len(t, notifyEnq.Sent, 2)
|
||||
// notifyEnq.Sent[0] is an event for created user account
|
||||
require.Equal(t, notifyEnq.Sent[1].UserID, workspace.OwnerID)
|
||||
require.Equal(t, notifyEnq.Sent[1].TemplateID, notifications.TemplateWorkspaceDormant)
|
||||
require.Contains(t, notifyEnq.Sent[1].Targets, template.ID)
|
||||
require.Contains(t, notifyEnq.Sent[1].Targets, workspace.ID)
|
||||
require.Contains(t, notifyEnq.Sent[1].Targets, workspace.OrganizationID)
|
||||
require.Contains(t, notifyEnq.Sent[1].Targets, workspace.OwnerID)
|
||||
sent := notifyEnq.Sent()
|
||||
require.Len(t, sent, 1)
|
||||
require.Equal(t, sent[0].UserID, workspace.OwnerID)
|
||||
require.Equal(t, sent[0].TemplateID, notifications.TemplateWorkspaceDormant)
|
||||
require.Contains(t, sent[0].Targets, template.ID)
|
||||
require.Contains(t, sent[0].Targets, workspace.ID)
|
||||
require.Contains(t, sent[0].Targets, workspace.OrganizationID)
|
||||
require.Contains(t, sent[0].Targets, workspace.OwnerID)
|
||||
})
|
||||
}
|
||||
|
||||
@ -1168,7 +1171,7 @@ func mustSchedule(t *testing.T, s string) *cron.Schedule {
|
||||
}
|
||||
|
||||
func mustWorkspaceParameters(t *testing.T, client *codersdk.Client, workspaceID uuid.UUID) {
|
||||
ctx := context.Background()
|
||||
ctx := testutil.Context(t, testutil.WaitShort)
|
||||
buildParameters, err := client.WorkspaceBuildParameters(ctx, workspaceID)
|
||||
require.NoError(t, err)
|
||||
require.NotEmpty(t, buildParameters)
|
||||
|
||||
Reference in New Issue
Block a user