coder/coderd/rbac/builtin_test.go

package rbac_test

import (
	"fmt"
	"testing"

	"github.com/google/uuid"

	"github.com/stretchr/testify/require"

	"github.com/coder/coder/coderd/rbac"
)

func TestIsOrgRole(t *testing.T) {
	t.Parallel()
	randomUUID := uuid.New()

	testCases := []struct {
		RoleName string
		OrgRole  bool
		OrgID    string
	}{
		// Not org roles
		{RoleName: rbac.RoleAdmin()},
		{RoleName: rbac.RoleMember()},
		{RoleName: "auditor"},

		{
			RoleName: "a:bad:role",
			OrgRole:  false,
		},
		{
			RoleName: "",
			OrgRole:  false,
		},

		// Org roles
		{
			RoleName: rbac.RoleOrgAdmin(randomUUID),
			OrgRole:  true,
			OrgID:    randomUUID.String(),
		},
		{
			RoleName: rbac.RoleOrgMember(randomUUID),
			OrgRole:  true,
			OrgID:    randomUUID.String(),
		},
		{
			RoleName: "test:example",
			OrgRole:  true,
			OrgID:    "example",
		},
	}

	// nolint:paralleltest
	for _, c := range testCases {
		t.Run(c.RoleName, func(t *testing.T) {
			orgID, ok := rbac.IsOrgRole(c.RoleName)
			require.Equal(t, c.OrgRole, ok, "match expected org role")
			require.Equal(t, c.OrgID, orgID, "match expected org id")
		})
	}
}

func TestListRoles(t *testing.T) {
	t.Parallel()

	siteRoles := rbac.SiteRoles()
	siteRoleNames := make([]string, 0, len(siteRoles))
	for _, role := range siteRoles {
		siteRoleNames = append(siteRoleNames, role.Name)
	}

	// If this test is ever failing, just update the list to the roles
	// expected from the builtin set.
	require.ElementsMatch(t, []string{
		"admin",
		"member",
		"auditor",
	},
		siteRoleNames)

	orgID := uuid.New()
	orgRoles := rbac.OrganizationRoles(orgID)
	orgRoleNames := make([]string, 0, len(orgRoles))
	for _, role := range orgRoles {
		orgRoleNames = append(orgRoleNames, role.Name)
	}

	require.ElementsMatch(t, []string{
		fmt.Sprintf("organization-admin:%s", orgID.String()),
		fmt.Sprintf("organization-member:%s", orgID.String()),
	},
		orgRoleNames)
}

func TestChangeSet(t *testing.T) {
	t.Parallel()
	testCases := []struct {
		Name      string
		From      []string
		To        []string
		ExpAdd    []string
		ExpRemove []string
	}{
		{
			Name: "Empty",
		},
		{
			Name:      "Same",
			From:      []string{"a", "b", "c"},
			To:        []string{"a", "b", "c"},
			ExpAdd:    []string{},
			ExpRemove: []string{},
		},
		{
			Name:      "AllRemoved",
			From:      []string{"a", "b", "c"},
			ExpRemove: []string{"a", "b", "c"},
		},
		{
			Name:   "AllAdded",
			To:     []string{"a", "b", "c"},
			ExpAdd: []string{"a", "b", "c"},
		},
		{
			Name:      "AddAndRemove",
			From:      []string{"a", "b", "c"},
			To:        []string{"a", "b", "d", "e"},
			ExpAdd:    []string{"d", "e"},
			ExpRemove: []string{"c"},
		},
	}

	for _, c := range testCases {
		c := c
		t.Run(c.Name, func(t *testing.T) {
			t.Parallel()
			add, remove := rbac.ChangeRoleSet(c.From, c.To)
			require.ElementsMatch(t, c.ExpAdd, add, "expect added")
			require.ElementsMatch(t, c.ExpRemove, remove, "expect removed")
		})
	}
}
feat: Add user roles, but do not yet enforce them (#1200) * chore: Rework roles to be expandable by name alone 2022-04-29 14:04:19 +00:00			`package rbac_test`

			`import (`
feat: Implement list roles & enforce authorize examples (#1273) 2022-05-03 21:10:19 +00:00			`"fmt"`
feat: Add user roles, but do not yet enforce them (#1200) * chore: Rework roles to be expandable by name alone 2022-04-29 14:04:19 +00:00			`"testing"`

			`"github.com/google/uuid"`

			`"github.com/stretchr/testify/require"`

			`"github.com/coder/coder/coderd/rbac"`
			`)`

			`func TestIsOrgRole(t *testing.T) {`
			`t.Parallel()`
			`randomUUID := uuid.New()`

			`testCases := []struct {`
			`RoleName string`
			`OrgRole bool`
			`OrgID string`
			`}{`
			`// Not org roles`
			`{RoleName: rbac.RoleAdmin()},`
			`{RoleName: rbac.RoleMember()},`
			`{RoleName: "auditor"},`

			`{`
			`RoleName: "a:bad:role",`
			`OrgRole: false,`
			`},`
			`{`
			`RoleName: "",`
			`OrgRole: false,`
			`},`

			`// Org roles`
			`{`
			`RoleName: rbac.RoleOrgAdmin(randomUUID),`
			`OrgRole: true,`
			`OrgID: randomUUID.String(),`
			`},`
			`{`
			`RoleName: rbac.RoleOrgMember(randomUUID),`
			`OrgRole: true,`
			`OrgID: randomUUID.String(),`
			`},`
			`{`
			`RoleName: "test:example",`
			`OrgRole: true,`
			`OrgID: "example",`
			`},`
			`}`

			`// nolint:paralleltest`
			`for _, c := range testCases {`
			`t.Run(c.RoleName, func(t *testing.T) {`
			`orgID, ok := rbac.IsOrgRole(c.RoleName)`
			`require.Equal(t, c.OrgRole, ok, "match expected org role")`
			`require.Equal(t, c.OrgID, orgID, "match expected org id")`
			`})`
			`}`
			`}`
feat: Implement list roles & enforce authorize examples (#1273) 2022-05-03 21:10:19 +00:00
			`func TestListRoles(t *testing.T) {`
			`t.Parallel()`

refactor: Return the display_name and name in the roles endpoint (#1328) 2022-05-06 19:18:00 +00:00			`siteRoles := rbac.SiteRoles()`
			`siteRoleNames := make([]string, 0, len(siteRoles))`
			`for _, role := range siteRoles {`
			`siteRoleNames = append(siteRoleNames, role.Name)`
			`}`

feat: Implement list roles & enforce authorize examples (#1273) 2022-05-03 21:10:19 +00:00			`// If this test is ever failing, just update the list to the roles`
			`// expected from the builtin set.`
			`require.ElementsMatch(t, []string{`
			`"admin",`
			`"member",`
			`"auditor",`
			`},`
refactor: Return the display_name and name in the roles endpoint (#1328) 2022-05-06 19:18:00 +00:00			`siteRoleNames)`
feat: Implement list roles & enforce authorize examples (#1273) 2022-05-03 21:10:19 +00:00
			`orgID := uuid.New()`
refactor: Return the display_name and name in the roles endpoint (#1328) 2022-05-06 19:18:00 +00:00			`orgRoles := rbac.OrganizationRoles(orgID)`
			`orgRoleNames := make([]string, 0, len(orgRoles))`
			`for _, role := range orgRoles {`
			`orgRoleNames = append(orgRoleNames, role.Name)`
			`}`

feat: Implement list roles & enforce authorize examples (#1273) 2022-05-03 21:10:19 +00:00			`require.ElementsMatch(t, []string{`
			`fmt.Sprintf("organization-admin:%s", orgID.String()),`
			`fmt.Sprintf("organization-member:%s", orgID.String()),`
			`},`
refactor: Return the display_name and name in the roles endpoint (#1328) 2022-05-06 19:18:00 +00:00			`orgRoleNames)`
feat: Implement list roles & enforce authorize examples (#1273) 2022-05-03 21:10:19 +00:00			`}`
feat: Add rbac to templateversion+orgmember endpoints (#1713) 2022-05-25 16:00:59 +00:00
			`func TestChangeSet(t *testing.T) {`
			`t.Parallel()`
			`testCases := []struct {`
			`Name string`
			`From []string`
			`To []string`
			`ExpAdd []string`
			`ExpRemove []string`
			`}{`
			`{`
			`Name: "Empty",`
			`},`
			`{`
			`Name: "Same",`
			`From: []string{"a", "b", "c"},`
			`To: []string{"a", "b", "c"},`
			`ExpAdd: []string{},`
			`ExpRemove: []string{},`
			`},`
			`{`
			`Name: "AllRemoved",`
			`From: []string{"a", "b", "c"},`
			`ExpRemove: []string{"a", "b", "c"},`
			`},`
			`{`
			`Name: "AllAdded",`
			`To: []string{"a", "b", "c"},`
			`ExpAdd: []string{"a", "b", "c"},`
			`},`
			`{`
			`Name: "AddAndRemove",`
			`From: []string{"a", "b", "c"},`
			`To: []string{"a", "b", "d", "e"},`
			`ExpAdd: []string{"d", "e"},`
			`ExpRemove: []string{"c"},`
			`},`
			`}`

			`for _, c := range testCases {`
			`c := c`
			`t.Run(c.Name, func(t *testing.T) {`
			`t.Parallel()`
			`add, remove := rbac.ChangeRoleSet(c.From, c.To)`
			`require.ElementsMatch(t, c.ExpAdd, add, "expect added")`
			`require.ElementsMatch(t, c.ExpRemove, remove, "expect removed")`
			`})`
			`}`
			`}`