MCPcopy Index your code
hub / github.com/coder/coder / TestUserSecretAudit

Function TestUserSecretAudit

coderd/usersecrets_audit_test.go:19–178  ·  view source on GitHub ↗

nolint:paralleltest,tparallel // Subtests share one coderdtest.New server and run sequentially.

(t *testing.T)

Source from the content-addressed store, hash-verified

17
18//nolint:paralleltest,tparallel // Subtests share one coderdtest.New server and run sequentially.
19func TestUserSecretAudit(t *testing.T) {
20 t.Parallel()
21
22 auditor := audit.NewMock()
23 client := coderdtest.New(t, &coderdtest.Options{Auditor: auditor})
24 _ = coderdtest.CreateFirstUser(t, client)
25 ctx := testutil.Context(t, testutil.WaitMedium)
26
27 genSecretName := func(t *testing.T) string {
28 // Use test name derived secret names so subtests cannot
29 // collide in the shared user's secret namespace.
30 return strings.ReplaceAll(t.Name(), "/", "-")
31 }
32
33 t.Run("CreateEmitsLog", func(t *testing.T) {
34 auditor.ResetLogs()
35
36 secret, err := client.CreateUserSecret(ctx, codersdk.Me, codersdk.CreateUserSecretRequest{
37 Name: genSecretName(t),
38 Value: "ghp_xxxxxxxxxxxx",
39 })
40 require.NoError(t, err)
41
42 logs := auditor.AuditLogs()
43 require.Len(t, logs, 1)
44 assert.Equal(t, database.AuditActionCreate, logs[0].Action)
45 assert.Equal(t, secret.ID, logs[0].ResourceID)
46 assert.Equal(t, secret.Name, logs[0].ResourceTarget)
47 assert.EqualValues(t, http.StatusCreated, logs[0].StatusCode)
48 })
49
50 t.Run("UpdateEmitsLog", func(t *testing.T) {
51 auditor.ResetLogs()
52
53 secret, err := client.CreateUserSecret(ctx, codersdk.Me, codersdk.CreateUserSecretRequest{
54 Name: genSecretName(t),
55 Value: "old",
56 })
57 require.NoError(t, err)
58
59 newDescription := "rotated"
60 newValue := "new-value"
61 _, err = client.UpdateUserSecret(ctx, codersdk.Me, secret.Name, codersdk.UpdateUserSecretRequest{
62 Description: &newDescription,
63 Value: &newValue,
64 })
65 require.NoError(t, err)
66
67 logs := auditor.AuditLogs()
68 require.Len(t, logs, 2)
69 assert.Equal(t, database.AuditActionCreate, logs[0].Action)
70 assert.Equal(t, database.AuditActionWrite, logs[1].Action)
71 assert.Equal(t, secret.ID, logs[1].ResourceID)
72 assert.Equal(t, secret.Name, logs[1].ResourceTarget)
73 assert.EqualValues(t, http.StatusOK, logs[1].StatusCode)
74 })
75
76 t.Run("DeleteEmitsLog", func(t *testing.T) {

Callers

nothing calls this directly

Calls 15

StatusCodeMethod · 0.95
NewMockFunction · 0.92
NewFunction · 0.92
CreateFirstUserFunction · 0.92
ContextFunction · 0.92
ResetLogsMethod · 0.80
UpdateUserSecretMethod · 0.80
DeleteUserSecretMethod · 0.80
UserSecretsMethod · 0.80
UserSecretByNameMethod · 0.80
NameMethod · 0.65
RunMethod · 0.65

Tested by

no test coverage detected