(t *testing.T)
| 315 | } |
| 316 | |
| 317 | func TestCache(t *testing.T) { |
| 318 | t.Parallel() |
| 319 | |
| 320 | t.Run("NoCache", func(t *testing.T) { |
| 321 | t.Parallel() |
| 322 | |
| 323 | ctx := context.Background() |
| 324 | rec := &coderdtest.RecordingAuthorizer{ |
| 325 | Wrapped: &coderdtest.FakeAuthorizer{}, |
| 326 | } |
| 327 | subj, obj, action := coderdtest.RandomRBACSubject(), coderdtest.RandomRBACObject(), coderdtest.RandomRBACAction() |
| 328 | |
| 329 | // Two identical calls |
| 330 | _ = rec.Authorize(ctx, subj, action, obj) |
| 331 | _ = rec.Authorize(ctx, subj, action, obj) |
| 332 | |
| 333 | // Yields two calls to the wrapped Authorizer |
| 334 | rec.AssertActor(t, subj, rec.Pair(action, obj), rec.Pair(action, obj)) |
| 335 | require.NoError(t, rec.AllAsserted(), "all assertions should have been made") |
| 336 | }) |
| 337 | |
| 338 | t.Run("Cache", func(t *testing.T) { |
| 339 | t.Parallel() |
| 340 | |
| 341 | ctx := context.Background() |
| 342 | rec := &coderdtest.RecordingAuthorizer{ |
| 343 | Wrapped: &coderdtest.FakeAuthorizer{}, |
| 344 | } |
| 345 | authz := rbac.Cacher(rec) |
| 346 | subj, obj, action := coderdtest.RandomRBACSubject(), coderdtest.RandomRBACObject(), coderdtest.RandomRBACAction() |
| 347 | |
| 348 | // Two identical calls |
| 349 | _ = authz.Authorize(ctx, subj, action, obj) |
| 350 | _ = authz.Authorize(ctx, subj, action, obj) |
| 351 | |
| 352 | // Yields only 1 call to the wrapped Authorizer for that subject |
| 353 | rec.AssertActor(t, subj, rec.Pair(action, obj)) |
| 354 | require.NoError(t, rec.AllAsserted(), "all assertions should have been made") |
| 355 | }) |
| 356 | |
| 357 | t.Run("DontCacheTransientErrors", func(t *testing.T) { |
| 358 | t.Parallel() |
| 359 | |
| 360 | var ( |
| 361 | ctx = testutil.Context(t, testutil.WaitShort) |
| 362 | authOut = make(chan error, 1) // buffered to not block |
| 363 | authorizeFunc = func(ctx context.Context, subject rbac.Subject, action policy.Action, object rbac.Object) error { |
| 364 | // Just return what you're told. |
| 365 | return testutil.TryReceive(ctx, t, authOut) |
| 366 | } |
| 367 | ma = &rbac.MockAuthorizer{AuthorizeFunc: authorizeFunc} |
| 368 | rec = &coderdtest.RecordingAuthorizer{Wrapped: ma} |
| 369 | authz = rbac.Cacher(rec) |
| 370 | subj, obj, action = coderdtest.RandomRBACSubject(), coderdtest.RandomRBACObject(), coderdtest.RandomRBACAction() |
| 371 | ) |
| 372 | |
| 373 | // First call will result in a transient error. This should not be cached. |
| 374 | testutil.RequireSend(ctx, t, authOut, context.Canceled) |
nothing calls this directly
no test coverage detected