2022-04-29 14:04:19 +00:00
|
|
|
package rbac_test
|
|
|
|
|
|
|
|
|
|
import (
|
2022-05-03 21:10:19 +00:00
|
|
|
"fmt"
|
2022-04-29 14:04:19 +00:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"github.com/google/uuid"
|
|
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
|
|
|
|
|
"github.com/coder/coder/coderd/rbac"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestIsOrgRole(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
|
|
|
|
randomUUID := uuid.New()
|
|
|
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
|
RoleName string
|
|
|
|
|
OrgRole bool
|
|
|
|
|
OrgID string
|
|
|
|
|
}{
|
|
|
|
|
// Not org roles
|
|
|
|
|
{RoleName: rbac.RoleAdmin()},
|
|
|
|
|
{RoleName: rbac.RoleMember()},
|
|
|
|
|
{RoleName: "auditor"},
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
RoleName: "a:bad:role",
|
|
|
|
|
OrgRole: false,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
RoleName: "",
|
|
|
|
|
OrgRole: false,
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
// Org roles
|
|
|
|
|
{
|
|
|
|
|
RoleName: rbac.RoleOrgAdmin(randomUUID),
|
|
|
|
|
OrgRole: true,
|
|
|
|
|
OrgID: randomUUID.String(),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
RoleName: rbac.RoleOrgMember(randomUUID),
|
|
|
|
|
OrgRole: true,
|
|
|
|
|
OrgID: randomUUID.String(),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
RoleName: "test:example",
|
|
|
|
|
OrgRole: true,
|
|
|
|
|
OrgID: "example",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nolint:paralleltest
|
|
|
|
|
for _, c := range testCases {
|
|
|
|
|
t.Run(c.RoleName, func(t *testing.T) {
|
|
|
|
|
orgID, ok := rbac.IsOrgRole(c.RoleName)
|
|
|
|
|
require.Equal(t, c.OrgRole, ok, "match expected org role")
|
|
|
|
|
require.Equal(t, c.OrgID, orgID, "match expected org id")
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-05-03 21:10:19 +00:00
|
|
|
|
|
|
|
|
func TestListRoles(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
|
|
// If this test is ever failing, just update the list to the roles
|
|
|
|
|
// expected from the builtin set.
|
|
|
|
|
require.ElementsMatch(t, []string{
|
|
|
|
|
"admin",
|
|
|
|
|
"member",
|
|
|
|
|
"auditor",
|
|
|
|
|
},
|
|
|
|
|
rbac.SiteRoles())
|
|
|
|
|
|
|
|
|
|
orgID := uuid.New()
|
|
|
|
|
require.ElementsMatch(t, []string{
|
|
|
|
|
fmt.Sprintf("organization-admin:%s", orgID.String()),
|
|
|
|
|
fmt.Sprintf("organization-member:%s", orgID.String()),
|
|
|
|
|
},
|
|
|
|
|
rbac.OrganizationRoles(orgID))
|
|
|
|
|
}
|
