MCPcopy Index your code
hub / github.com/coder/coder / TestUserSecretAuditDiffRedaction

Function TestUserSecretAuditDiffRedaction

enterprise/coderd/usersecrets_audit_test.go:24–132  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

22)
23
24func TestUserSecretAuditDiffRedaction(t *testing.T) {
25 // Ensure secret values never appear in plaintext in audit diffs. The
26 // enterprise auditor needs to be used because it writes actual diffs.
27 // We read straight from the audit_logs table to exercise the full
28 // insert, filter, dbauthz read path.
29 t.Parallel()
30
31 db, ps := dbtestutil.NewDB(t)
32 auditor := entaudit.NewAuditor(
33 db,
34 entaudit.DefaultFilter,
35 backends.NewPostgres(db, true),
36 )
37
38 ownerClient, owner := coderdenttest.New(t, &coderdenttest.Options{
39 AuditLogging: true,
40 Options: &coderdtest.Options{
41 Database: db,
42 Pubsub: ps,
43 Auditor: auditor,
44 },
45 LicenseOptions: &coderdenttest.LicenseOptions{
46 Features: license.Features{
47 codersdk.FeatureAuditLog: 1,
48 },
49 },
50 })
51 memberClient, _ := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID)
52 ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitMedium)
53 defer cancel()
54
55 initialDescription := "initial"
56 initialValue := "initial-secret-value"
57 secret, err := memberClient.CreateUserSecret(ctx, codersdk.Me, codersdk.CreateUserSecretRequest{
58 Name: "createDiff-target",
59 Description: initialDescription,
60 Value: initialValue,
61 })
62 require.NoError(t, err)
63
64 newDescription := "after"
65 newValue := "new-secret-value"
66 _, err = memberClient.UpdateUserSecret(ctx, codersdk.Me, secret.Name, codersdk.UpdateUserSecretRequest{
67 Description: &newDescription,
68 Value: &newValue,
69 })
70 require.NoError(t, err)
71
72 // Read straight from the database. AsSystemRestricted is necessary because
73 // the test does not authenticate as an admin when querying the store directly.
74 rows, err := db.GetAuditLogsOffset(
75 dbauthz.AsSystemRestricted(ctx),
76 database.GetAuditLogsOffsetParams{
77 ResourceType: string(database.ResourceTypeUserSecret),
78 LimitOpt: 10,
79 },
80 )
81 require.NoError(t, err)

Callers

nothing calls this directly

Calls 11

NewDBFunction · 0.92
NewPostgresFunction · 0.92
NewFunction · 0.92
CreateAnotherUserFunction · 0.92
AsSystemRestrictedFunction · 0.92
UpdateUserSecretMethod · 0.80
CreateUserSecretMethod · 0.65
GetAuditLogsOffsetMethod · 0.65
EqualMethod · 0.45
UnmarshalMethod · 0.45
ContainsMethod · 0.45

Tested by

no test coverage detected