MCPcopy Index your code
hub / github.com/coder/coder / TestCacheRBAC

Function TestCacheRBAC

coderd/files/cache_test.go:121–192  ·  view source on GitHub ↗

nolint:paralleltest,tparallel // Serially testing is easier

(t *testing.T)

Source from the content-addressed store, hash-verified

119
120// nolint:paralleltest,tparallel // Serially testing is easier
121func TestCacheRBAC(t *testing.T) {
122 t.Parallel()
123
124 db, cache, rec := cacheAuthzSetup(t)
125 ctx := testutil.Context(t, testutil.WaitMedium)
126
127 file := dbgen.File(t, db, database.File{})
128
129 nobodyID := uuid.New()
130 nobody := dbauthz.As(ctx, rbac.Subject{
131 ID: nobodyID.String(),
132 Roles: rbac.Roles{},
133 Scope: rbac.ScopeAll,
134 })
135
136 userID := uuid.New()
137 userReader := dbauthz.As(ctx, rbac.Subject{
138 ID: userID.String(),
139 Roles: rbac.Roles{
140 must(rbac.RoleByName(rbac.RoleTemplateAdmin())),
141 },
142 Scope: rbac.ScopeAll,
143 })
144
145 cacheReader := dbauthz.AsFileReader(ctx)
146
147 t.Run("NoRolesOpen", func(t *testing.T) {
148 // Ensure start is clean
149 require.Equal(t, 0, cache.Count())
150 rec.Reset()
151
152 _, err := cache.Acquire(nobody, db, file.ID)
153 require.Error(t, err)
154 require.True(t, rbac.IsUnauthorizedError(err))
155
156 // Ensure that the cache is empty
157 require.Equal(t, 0, cache.Count())
158
159 // Check the assertions
160 rec.AssertActorID(t, nobodyID.String(), rec.Pair(policy.ActionRead, file))
161 rec.AssertActorID(t, rbac.SubjectTypeFileReaderID, rec.Pair(policy.ActionRead, file))
162 })
163
164 t.Run("CacheHasFile", func(t *testing.T) {
165 rec.Reset()
166 require.Equal(t, 0, cache.Count())
167
168 // Read the file with a file reader to put it into the cache.
169 a, err := cache.Acquire(cacheReader, db, file.ID)
170 require.NoError(t, err)
171 require.Equal(t, 1, cache.Count())
172
173 // "nobody" should not be able to read the file.
174 _, err = cache.Acquire(nobody, db, file.ID)
175 require.Error(t, err)
176 require.True(t, rbac.IsUnauthorizedError(err))
177 require.Equal(t, 1, cache.Count())
178

Callers

nothing calls this directly

Calls 15

ContextFunction · 0.92
FileFunction · 0.92
AsFunction · 0.92
RoleByNameFunction · 0.92
RoleTemplateAdminFunction · 0.92
AsFileReaderFunction · 0.92
IsUnauthorizedErrorFunction · 0.92
cacheAuthzSetupFunction · 0.85
CountMethod · 0.80
AssertActorIDMethod · 0.80
PairMethod · 0.80
mustFunction · 0.70

Tested by

no test coverage detected