(t *testing.T)
| 2338 | } |
| 2339 | |
| 2340 | func TestUpdateSystemUser(t *testing.T) { |
| 2341 | t.Parallel() |
| 2342 | |
| 2343 | // TODO (sasswart): We've disabled the protection that prevents updates to system users |
| 2344 | // while we reassess the mechanism to do so. Rather than skip the test, we've just inverted |
| 2345 | // the assertions to ensure that the behavior is as desired. |
| 2346 | // Once we've re-enabeld the system user protection, we'll revert the assertions. |
| 2347 | |
| 2348 | ctx := testutil.Context(t, testutil.WaitLong) |
| 2349 | |
| 2350 | // Given: a system user introduced by migration coderd/database/migrations/00030*_system_user.up.sql |
| 2351 | db, _ := dbtestutil.NewDB(t) |
| 2352 | users, err := db.GetUsers(ctx, database.GetUsersParams{ |
| 2353 | IncludeSystem: true, |
| 2354 | }) |
| 2355 | require.NoError(t, err) |
| 2356 | var systemUser database.GetUsersRow |
| 2357 | for _, u := range users { |
| 2358 | if u.IsSystem { |
| 2359 | systemUser = u |
| 2360 | } |
| 2361 | } |
| 2362 | require.NotNil(t, systemUser) |
| 2363 | |
| 2364 | // When: attempting to update a system user's name. |
| 2365 | _, err = db.UpdateUserProfile(ctx, database.UpdateUserProfileParams{ |
| 2366 | ID: systemUser.ID, |
| 2367 | Email: systemUser.Email, |
| 2368 | Username: systemUser.Username, |
| 2369 | AvatarURL: systemUser.AvatarURL, |
| 2370 | Name: "not prebuilds", |
| 2371 | }) |
| 2372 | // Then: the attempt is rejected by a postgres trigger. |
| 2373 | // require.ErrorContains(t, err, "Cannot modify or delete system users") |
| 2374 | require.NoError(t, err) |
| 2375 | |
| 2376 | // When: attempting to delete a system user. |
| 2377 | err = db.UpdateUserDeletedByID(ctx, systemUser.ID) |
| 2378 | // Then: the attempt is rejected by a postgres trigger. |
| 2379 | // require.ErrorContains(t, err, "Cannot modify or delete system users") |
| 2380 | require.NoError(t, err) |
| 2381 | |
| 2382 | // When: attempting to update a user's roles. |
| 2383 | _, err = db.UpdateUserRoles(ctx, database.UpdateUserRolesParams{ |
| 2384 | ID: systemUser.ID, |
| 2385 | GrantedRoles: []string{rbac.RoleAuditor().String()}, |
| 2386 | }) |
| 2387 | // Then: the attempt is rejected by a postgres trigger. |
| 2388 | // require.ErrorContains(t, err, "Cannot modify or delete system users") |
| 2389 | require.NoError(t, err) |
| 2390 | } |
| 2391 | |
| 2392 | func TestInsertUserServiceAccountConstraints(t *testing.T) { |
| 2393 | t.Parallel() |
nothing calls this directly
no test coverage detected