(t *testing.T)
| 515 | } |
| 516 | |
| 517 | func TestAPIKey_PrebuildsNotAllowed(t *testing.T) { |
| 518 | t.Parallel() |
| 519 | |
| 520 | db, pubsub := dbtestutil.NewDB(t) |
| 521 | dc := coderdtest.DeploymentValues(t) |
| 522 | dc.Sessions.DefaultTokenDuration = serpent.Duration(time.Hour * 12) |
| 523 | client := coderdtest.New(t, &coderdtest.Options{ |
| 524 | Database: db, |
| 525 | Pubsub: pubsub, |
| 526 | DeploymentValues: dc, |
| 527 | }) |
| 528 | |
| 529 | setupCtx := testutil.Context(t, testutil.WaitLong) |
| 530 | |
| 531 | // Given: an existing api token for the prebuilds user |
| 532 | _, prebuildsToken := dbgen.APIKey(t, db, database.APIKey{ |
| 533 | UserID: database.PrebuildsSystemUserID, |
| 534 | }) |
| 535 | client.SetSessionToken(prebuildsToken) |
| 536 | |
| 537 | // When: the prebuilds user tries to create an API key |
| 538 | _, err := client.CreateAPIKey(setupCtx, database.PrebuildsSystemUserID.String()) |
| 539 | // Then: denied. |
| 540 | require.ErrorContains(t, err, httpapi.ResourceForbiddenResponse.Message) |
| 541 | |
| 542 | // When: the prebuilds user tries to create a token |
| 543 | _, err = client.CreateToken(setupCtx, database.PrebuildsSystemUserID.String(), codersdk.CreateTokenRequest{}) |
| 544 | // Then: also denied. |
| 545 | require.ErrorContains(t, err, httpapi.ResourceForbiddenResponse.Message) |
| 546 | } |
| 547 | |
| 548 | //nolint:tparallel,paralleltest // Subtests share the same coderdtest instance and auditor. |
| 549 | func TestExpireAPIKey(t *testing.T) { |
nothing calls this directly
no test coverage detected