MCPcopy Index your code
hub / github.com/coder/coder / TestUserSecretLimits

Function TestUserSecretLimits

coderd/usersecrets_test.go:481–661  ·  view source on GitHub ↗

TestUserSecretLimits exercises the per-user count and byte caps enforced by enforce_user_secrets_per_user_limits across both POST (creating a new secret) and PATCH (updating an existing one). Each subtest spins up its own server so it can burn the budget without affecting other tests. Each subtest

(t *testing.T)

Source from the content-addressed store, hash-verified

479// - A different user's budget is independent; the trigger groups
480// by user_id.
481func TestUserSecretLimits(t *testing.T) {
482 t.Parallel()
483
484 t.Run("CountLimit", func(t *testing.T) {
485 t.Parallel()
486 ctx := testutil.Context(t, testutil.WaitLong)
487
488 client := coderdtest.New(t, nil)
489 owner := coderdtest.CreateFirstUser(t, client)
490 otherClient, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID)
491
492 // Fill the count budget exactly to the cap.
493 var firstSecret codersdk.UserSecret
494 for i := 0; i < codersdk.MaxUserSecretsPerUserCount; i++ {
495 s, err := client.CreateUserSecret(ctx, codersdk.Me, codersdk.CreateUserSecretRequest{
496 Name: fmt.Sprintf("count-limit-%03d", i),
497 Value: "x",
498 })
499 require.NoError(t, err)
500 if i == 0 {
501 firstSecret = s
502 }
503 }
504
505 // POST: the 51st secret is rejected.
506 _, err := client.CreateUserSecret(ctx, codersdk.Me, codersdk.CreateUserSecretRequest{
507 Name: "one-too-many",
508 Value: "x",
509 })
510 requireSecretAPIError(t, err, http.StatusBadRequest, "at most")
511
512 // PATCH at the cap: changing the description must succeed.
513 // Without the FILTER clause the trigger would re-count
514 // firstSecret and reject this UPDATE.
515 newDescription := "renamed"
516 _, err = client.UpdateUserSecret(ctx, codersdk.Me, firstSecret.Name, codersdk.UpdateUserSecretRequest{
517 Description: &newDescription,
518 })
519 require.NoError(t, err)
520
521 // Other-user isolation: the second user's budget is independent.
522 _, err = otherClient.CreateUserSecret(ctx, codersdk.Me, codersdk.CreateUserSecretRequest{
523 Name: "other-user-secret",
524 Value: "x",
525 })
526 require.NoError(t, err)
527 })
528
529 t.Run("TotalBytesLimit", func(t *testing.T) {
530 t.Parallel()
531 ctx := testutil.Context(t, testutil.WaitLong)
532
533 client := coderdtest.New(t, nil)
534 owner := coderdtest.CreateFirstUser(t, client)
535 otherClient, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID)
536
537 // Pre-fill the total-bytes budget exactly to the cap using
538 // max-sized file-only secrets (which don't count against env

Callers

nothing calls this directly

Calls 8

ContextFunction · 0.92
NewFunction · 0.92
CreateFirstUserFunction · 0.92
CreateAnotherUserFunction · 0.92
requireSecretAPIErrorFunction · 0.85
UpdateUserSecretMethod · 0.80
RunMethod · 0.65
CreateUserSecretMethod · 0.65

Tested by

no test coverage detected