nolint:paralleltest,tparallel // Subtests share one coderdtest.New server and run sequentially.
(t *testing.T)
| 17 | |
| 18 | //nolint:paralleltest,tparallel // Subtests share one coderdtest.New server and run sequentially. |
| 19 | func TestUserSecretAudit(t *testing.T) { |
| 20 | t.Parallel() |
| 21 | |
| 22 | auditor := audit.NewMock() |
| 23 | client := coderdtest.New(t, &coderdtest.Options{Auditor: auditor}) |
| 24 | _ = coderdtest.CreateFirstUser(t, client) |
| 25 | ctx := testutil.Context(t, testutil.WaitMedium) |
| 26 | |
| 27 | genSecretName := func(t *testing.T) string { |
| 28 | // Use test name derived secret names so subtests cannot |
| 29 | // collide in the shared user's secret namespace. |
| 30 | return strings.ReplaceAll(t.Name(), "/", "-") |
| 31 | } |
| 32 | |
| 33 | t.Run("CreateEmitsLog", func(t *testing.T) { |
| 34 | auditor.ResetLogs() |
| 35 | |
| 36 | secret, err := client.CreateUserSecret(ctx, codersdk.Me, codersdk.CreateUserSecretRequest{ |
| 37 | Name: genSecretName(t), |
| 38 | Value: "ghp_xxxxxxxxxxxx", |
| 39 | }) |
| 40 | require.NoError(t, err) |
| 41 | |
| 42 | logs := auditor.AuditLogs() |
| 43 | require.Len(t, logs, 1) |
| 44 | assert.Equal(t, database.AuditActionCreate, logs[0].Action) |
| 45 | assert.Equal(t, secret.ID, logs[0].ResourceID) |
| 46 | assert.Equal(t, secret.Name, logs[0].ResourceTarget) |
| 47 | assert.EqualValues(t, http.StatusCreated, logs[0].StatusCode) |
| 48 | }) |
| 49 | |
| 50 | t.Run("UpdateEmitsLog", func(t *testing.T) { |
| 51 | auditor.ResetLogs() |
| 52 | |
| 53 | secret, err := client.CreateUserSecret(ctx, codersdk.Me, codersdk.CreateUserSecretRequest{ |
| 54 | Name: genSecretName(t), |
| 55 | Value: "old", |
| 56 | }) |
| 57 | require.NoError(t, err) |
| 58 | |
| 59 | newDescription := "rotated" |
| 60 | newValue := "new-value" |
| 61 | _, err = client.UpdateUserSecret(ctx, codersdk.Me, secret.Name, codersdk.UpdateUserSecretRequest{ |
| 62 | Description: &newDescription, |
| 63 | Value: &newValue, |
| 64 | }) |
| 65 | require.NoError(t, err) |
| 66 | |
| 67 | logs := auditor.AuditLogs() |
| 68 | require.Len(t, logs, 2) |
| 69 | assert.Equal(t, database.AuditActionCreate, logs[0].Action) |
| 70 | assert.Equal(t, database.AuditActionWrite, logs[1].Action) |
| 71 | assert.Equal(t, secret.ID, logs[1].ResourceID) |
| 72 | assert.Equal(t, secret.Name, logs[1].ResourceTarget) |
| 73 | assert.EqualValues(t, http.StatusOK, logs[1].StatusCode) |
| 74 | }) |
| 75 | |
| 76 | t.Run("DeleteEmitsLog", func(t *testing.T) { |
nothing calls this directly
no test coverage detected