synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-13 21:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(coderd): ensure correct RBAC when enqueueing notifications (#15478)

Browse Source 
- Assert rbac in fake notifications enqueuer
- Move fake notifications enqueuer to separate notificationstest package
- Update dbauthz rbac policy to allow provisionerd and autostart to create and read notification messages
- Update tests as required
This commit is contained in:
Cian Johnston
2024-11-12 12:40:46 +00:00
committed by GitHub
parent bb5c3a2dd8
commit 30e6fbd35c
18 changed files with 323 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
enterprise/coderd/scim_test.go
View File

@ -16,6 +16,7 @@ import (
"github.com/coder/coder/v2/coderd/coderdtest"
"github.com/coder/coder/v2/coderd/coderdtest/oidctest"
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/notifications/notificationstest"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/cryptorand"
"github.com/coder/coder/v2/enterprise/coderd"
@ -122,7 +123,7 @@ func TestScim(t *testing.T) {
// given
scimAPIKey := []byte("hi")
mockAudit := audit.NewMock()
notifyEnq := &testutil.FakeNotificationsEnqueuer{}
notifyEnq := &notificationstest.FakeEnqueuer{}
client, _ := coderdenttest.New(t, &coderdenttest.Options{
Options: &coderdtest.Options{
Auditor: mockAudit,
@ -172,7 +173,7 @@ func TestScim(t *testing.T) {
assert.Len(t, userRes.Users[0].OrganizationIDs, 1)
// Expect zero notifications (SkipNotifications = true)
require.Empty(t, notifyEnq.Sent)
require.Empty(t, notifyEnq.Sent())
})
t.Run("OK_Bearer", func(t *testing.T) {
@ -184,7 +185,7 @@ func TestScim(t *testing.T) {
// given
scimAPIKey := []byte("hi")
mockAudit := audit.NewMock()
notifyEnq := &testutil.FakeNotificationsEnqueuer{}
notifyEnq := &notificationstest.FakeEnqueuer{}
client, _ := coderdenttest.New(t, &coderdenttest.Options{
Options: &coderdtest.Options{
Auditor: mockAudit,
@ -228,7 +229,7 @@ func TestScim(t *testing.T) {
assert.Len(t, userRes.Users[0].OrganizationIDs, 1)
// Expect zero notifications (SkipNotifications = true)
require.Empty(t, notifyEnq.Sent)
require.Empty(t, notifyEnq.Sent())
})
t.Run("OKNoDefault", func(t *testing.T) {
@ -240,7 +241,7 @@ func TestScim(t *testing.T) {
// given
scimAPIKey := []byte("hi")
mockAudit := audit.NewMock()
notifyEnq := &testutil.FakeNotificationsEnqueuer{}
notifyEnq := &notificationstest.FakeEnqueuer{}
dv := coderdtest.DeploymentValues(t)
dv.OIDC.OrganizationAssignDefault = false
client, _ := coderdenttest.New(t, &coderdenttest.Options{
@ -287,7 +288,7 @@ func TestScim(t *testing.T) {
assert.Len(t, userRes.Users[0].OrganizationIDs, 0)
// Expect zero notifications (SkipNotifications = true)
require.Empty(t, notifyEnq.Sent)
require.Empty(t, notifyEnq.Sent())
})
t.Run("Duplicate", func(t *testing.T) {