diff --git a/cli/agent_test.go b/cli/agent_test.go index 4b362ac42c..dd2266ec14 100644 --- a/cli/agent_test.go +++ b/cli/agent_test.go @@ -176,8 +176,9 @@ func TestWorkspaceAgent(t *testing.T) { GoogleTokenValidator: validator, IncludeProvisionerDaemon: true, }) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionApply: []*proto.Response{{ Type: &proto.Response_Apply{ @@ -195,14 +196,14 @@ func TestWorkspaceAgent(t *testing.T) { }, }}, }) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, cfg := clitest.New(t, "agent", "--auth", "google-instance-identity", "--agent-url", client.URL.String()) ptytest.New(t).Attach(inv) - clitest.SetupConfig(t, client, cfg) + clitest.SetupConfig(t, member, cfg) clitest.Start(t, inv.WithContext( //nolint:revive,staticcheck diff --git a/cli/configssh_test.go b/cli/configssh_test.go index cada503bad..a39afe606f 100644 --- a/cli/configssh_test.go +++ b/cli/configssh_test.go @@ -75,9 +75,10 @@ func TestConfigSSH(t *testing.T) { }, }, }) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) authToken := uuid.NewString() - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: []*proto.Response{{ Type: &proto.Response_Plan{ @@ -96,8 +97,8 @@ func TestConfigSSH(t *testing.T) { ProvisionApply: echo.ProvisionApplyWithAgent(authToken), }) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) _ = agenttest.New(t, client.URL, authToken) resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID) @@ -145,7 +146,7 @@ func TestConfigSSH(t *testing.T) { "--ssh-option", "Port "+strconv.Itoa(tcpAddr.Port), "--ssh-config-file", sshConfigFile, "--skip-proxy-command") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t) inv.Stdin = pty.Input() inv.Stdout = pty.Output() @@ -710,19 +711,20 @@ func TestConfigSSH_Hostnames(t *testing.T) { } client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) // authToken := uuid.NewString() - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echo.WithResources(resources)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) sshConfigFile := sshConfigFileName(t) inv, root := clitest.New(t, "config-ssh", "--ssh-config-file", sshConfigFile) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t) inv.Stdin = pty.Input() diff --git a/cli/create_test.go b/cli/create_test.go index 8966e7713f..993ae9e57b 100644 --- a/cli/create_test.go +++ b/cli/create_test.go @@ -28,10 +28,11 @@ func TestCreate(t *testing.T) { t.Run("Create", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, completeWithAgent()) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, completeWithAgent()) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) args := []string{ "create", "my-workspace", @@ -41,7 +42,7 @@ func TestCreate(t *testing.T) { "--automatic-updates", "always", } inv, root := clitest.New(t, args...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -65,7 +66,7 @@ func TestCreate(t *testing.T) { } <-doneChan - ws, err := client.WorkspaceByOwnerAndName(context.Background(), "testuser", "my-workspace", codersdk.WorkspaceOptions{}) + ws, err := member.WorkspaceByOwnerAndName(context.Background(), codersdk.Me, "my-workspace", codersdk.WorkspaceOptions{}) if assert.NoError(t, err, "expected workspace to be created") { assert.Equal(t, ws.TemplateName, template.Name) if assert.NotNil(t, ws.AutostartSchedule) { @@ -95,6 +96,7 @@ func TestCreate(t *testing.T) { } inv, root := clitest.New(t, args...) + //nolint:gocritic // Creating a workspace for another user requires owner permissions. clitest.SetupConfig(t, client, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) @@ -134,10 +136,11 @@ func TestCreate(t *testing.T) { t.Run("InheritStopAfterFromTemplate", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, completeWithAgent()) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, completeWithAgent()) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { var defaultTTLMillis int64 = 2 * 60 * 60 * 1000 // 2 hours ctr.DefaultTTLMillis = &defaultTTLMillis }) @@ -147,7 +150,7 @@ func TestCreate(t *testing.T) { "--template", template.Name, } inv, root := clitest.New(t, args...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t).Attach(inv) waiter := clitest.StartWithWaiter(t, inv) matches := []struct { @@ -166,7 +169,7 @@ func TestCreate(t *testing.T) { } waiter.RequireSuccess() - ws, err := client.WorkspaceByOwnerAndName(context.Background(), "testuser", "my-workspace", codersdk.WorkspaceOptions{}) + ws, err := member.WorkspaceByOwnerAndName(context.Background(), codersdk.Me, "my-workspace", codersdk.WorkspaceOptions{}) require.NoError(t, err, "expected workspace to be created") assert.Equal(t, ws.TemplateName, template.Name) assert.Equal(t, *ws.TTLMillis, template.DefaultTTLMillis) @@ -197,12 +200,13 @@ func TestCreate(t *testing.T) { t.Run("FromNothing", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "create", "") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -222,7 +226,7 @@ func TestCreate(t *testing.T) { } <-doneChan - ws, err := client.WorkspaceByOwnerAndName(inv.Context(), "testuser", "my-workspace", codersdk.WorkspaceOptions{}) + ws, err := member.WorkspaceByOwnerAndName(inv.Context(), codersdk.Me, "my-workspace", codersdk.WorkspaceOptions{}) if assert.NoError(t, err, "expected workspace to be created") { assert.Equal(t, ws.TemplateName, template.Name) assert.Nil(t, ws.AutostartSchedule, "expected workspace autostart schedule to be nil") @@ -275,14 +279,15 @@ func TestCreateWithRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -314,11 +319,12 @@ func TestCreateWithRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) tempDir := t.TempDir() removeTmpDirUntilSuccessAfterTest(t, tempDir) @@ -328,7 +334,7 @@ func TestCreateWithRichParameters(t *testing.T) { secondParameterName + ": " + secondParameterValue + "\n" + immutableParameterName + ": " + immutableParameterValue) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name, "--rich-parameter-file", parameterFile.Name()) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) @@ -354,17 +360,18 @@ func TestCreateWithRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name, "--parameter", fmt.Sprintf("%s=%s", firstParameterName, firstParameterValue), "--parameter", fmt.Sprintf("%s=%s", secondParameterName, secondParameterValue), "--parameter", fmt.Sprintf("%s=%s", immutableParameterName, immutableParameterValue)) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -422,14 +429,15 @@ func TestCreateValidateRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(stringRichParameters)) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(stringRichParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -459,14 +467,15 @@ func TestCreateValidateRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(numberRichParameters)) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(numberRichParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -496,14 +505,15 @@ func TestCreateValidateRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(boolRichParameters)) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(boolRichParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -533,13 +543,14 @@ func TestCreateValidateRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(listOfStringsRichParameters)) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(listOfStringsRichParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t).Attach(inv) clitest.Start(t, inv) @@ -562,10 +573,11 @@ func TestCreateValidateRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(listOfStringsRichParameters)) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(listOfStringsRichParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) tempDir := t.TempDir() removeTmpDirUntilSuccessAfterTest(t, tempDir) @@ -575,7 +587,7 @@ func TestCreateValidateRichParameters(t *testing.T) { - eee - fff`) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name, "--rich-parameter-file", parameterFile.Name()) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t).Attach(inv) clitest.Start(t, inv) @@ -620,18 +632,19 @@ func TestCreateWithGitAuth(t *testing.T) { }}, IncludeProvisionerDaemon: true, }) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t).Attach(inv) clitest.Start(t, inv) pty.ExpectMatch("You must authenticate with GitHub to create a workspace") - resp := coderdtest.RequestExternalAuthCallback(t, "github", client) + resp := coderdtest.RequestExternalAuthCallback(t, "github", member) _ = resp.Body.Close() require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode) pty.ExpectMatch("Confirm create?") diff --git a/cli/delete_test.go b/cli/delete_test.go index a2eab6a091..a44cd6e5b2 100644 --- a/cli/delete_test.go +++ b/cli/delete_test.go @@ -23,14 +23,15 @@ func TestDelete(t *testing.T) { t.Run("WithParameter", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "delete", workspace.Name, "-y") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -48,14 +49,15 @@ func TestDelete(t *testing.T) { t.Run("Orphan", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, client, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "delete", workspace.Name, "-y", "--orphan") + //nolint:gocritic // Deleting orphaned workspaces requires an admin. clitest.SetupConfig(t, client, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) @@ -80,13 +82,13 @@ func TestDelete(t *testing.T) { t.Run("OrphanDeletedUser", func(t *testing.T) { t.Parallel() client, _, api := coderdtest.NewWithAPI(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - deleteMeClient, deleteMeUser := coderdtest.CreateAnotherUser(t, client, user.OrganizationID) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + deleteMeClient, deleteMeUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, deleteMeClient, user.OrganizationID, template.ID) + workspace := coderdtest.CreateWorkspace(t, deleteMeClient, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, deleteMeClient, workspace.LatestBuild.ID) // The API checks if the user has any workspaces, so we cannot delete a user @@ -101,6 +103,7 @@ func TestDelete(t *testing.T) { inv, root := clitest.New(t, "delete", fmt.Sprintf("%s/%s", deleteMeUser.ID, workspace.Name), "-y", "--orphan") + //nolint:gocritic // Deleting orphaned workspaces requires an admin. clitest.SetupConfig(t, client, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) @@ -133,6 +136,7 @@ func TestDelete(t *testing.T) { coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "delete", user.Username+"/"+workspace.Name, "-y") + //nolint:gocritic // This requires an admin. clitest.SetupConfig(t, adminClient, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) diff --git a/cli/list_test.go b/cli/list_test.go index 2b8334b1b4..cdc47821b0 100644 --- a/cli/list_test.go +++ b/cli/list_test.go @@ -21,14 +21,15 @@ func TestList(t *testing.T) { t.Run("Single", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "ls") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t).Attach(inv) ctx, cancelFunc := context.WithTimeout(context.Background(), testutil.WaitLong) @@ -48,15 +49,16 @@ func TestList(t *testing.T) { t.Run("JSON", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "list", "--output=json") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) ctx, cancelFunc := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancelFunc() diff --git a/cli/portforward_test.go b/cli/portforward_test.go index 05b9c69e32..ef4d36ee05 100644 --- a/cli/portforward_test.go +++ b/cli/portforward_test.go @@ -28,10 +28,11 @@ func TestPortForward_None(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - _ = coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) inv, root := clitest.New(t, "port-forward", "blah") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t).Attach(inv) inv.Stderr = pty.Output() @@ -132,8 +133,9 @@ func TestPortForward(t *testing.T) { // non-parallel setup). var ( client = coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user = coderdtest.CreateFirstUser(t, client) - workspace = runAgent(t, client, user.UserID) + admin = coderdtest.CreateFirstUser(t, client) + member, _ = coderdtest.CreateAnotherUser(t, client, admin.OrganizationID) + workspace = runAgent(t, client, member) ) for _, c := range cases { @@ -151,7 +153,7 @@ func TestPortForward(t *testing.T) { // Launch port-forward in a goroutine so we can start dialing // the "local" listener. inv, root := clitest.New(t, "-v", "port-forward", workspace.Name, flag) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t) inv.Stdin = pty.Input() inv.Stdout = pty.Output() @@ -198,7 +200,7 @@ func TestPortForward(t *testing.T) { // Launch port-forward in a goroutine so we can start dialing // the "local" listeners. inv, root := clitest.New(t, "-v", "port-forward", workspace.Name, flag1, flag2) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t) inv.Stdin = pty.Input() inv.Stdout = pty.Output() @@ -253,7 +255,7 @@ func TestPortForward(t *testing.T) { // Launch port-forward in a goroutine so we can start dialing // the "local" listeners. inv, root := clitest.New(t, append([]string{"-v", "port-forward", workspace.Name}, flags...)...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t).Attach(inv) inv.Stderr = pty.Output() ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) @@ -294,33 +296,33 @@ func TestPortForward(t *testing.T) { // runAgent creates a fake workspace and starts an agent locally for that // workspace. The agent will be cleaned up on test completion. // nolint:unused -func runAgent(t *testing.T, client *codersdk.Client, userID uuid.UUID) codersdk.Workspace { +func runAgent(t *testing.T, adminClient, userClient *codersdk.Client) codersdk.Workspace { ctx := context.Background() - user, err := client.User(ctx, userID.String()) + user, err := userClient.User(ctx, codersdk.Me) require.NoError(t, err, "specified user does not exist") require.Greater(t, len(user.OrganizationIDs), 0, "user has no organizations") orgID := user.OrganizationIDs[0] // Setup template agentToken := uuid.NewString() - version := coderdtest.CreateTemplateVersion(t, client, orgID, &echo.Responses{ + version := coderdtest.CreateTemplateVersion(t, adminClient, orgID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.PlanComplete, ProvisionApply: echo.ProvisionApplyWithAgent(agentToken), }) // Create template and workspace - template := coderdtest.CreateTemplate(t, client, orgID, version.ID) - coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, orgID, template.ID) - coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) + template := coderdtest.CreateTemplate(t, adminClient, orgID, version.ID) + coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, version.ID) + workspace := coderdtest.CreateWorkspace(t, userClient, orgID, template.ID) + coderdtest.AwaitWorkspaceBuildJobCompleted(t, adminClient, workspace.LatestBuild.ID) - _ = agenttest.New(t, client.URL, agentToken, + _ = agenttest.New(t, adminClient.URL, agentToken, func(o *agent.Options) { o.SSHMaxTimeout = 60 * time.Second }, ) - coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID) + coderdtest.AwaitWorkspaceAgents(t, adminClient, workspace.ID) return workspace } diff --git a/cli/rename_test.go b/cli/rename_test.go index 7d5a1af17a..5a08d29c5a 100644 --- a/cli/rename_test.go +++ b/cli/rename_test.go @@ -16,11 +16,12 @@ func TestRename(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) @@ -30,7 +31,7 @@ func TestRename(t *testing.T) { // E.g. "compassionate-chandrasekhar82" + "t". want := workspace.Name + "t" inv, root := clitest.New(t, "rename", workspace.Name, want, "--yes") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t) pty.Attach(inv) clitest.Start(t, inv) diff --git a/cli/restart_test.go b/cli/restart_test.go index 604a179183..cdf22c9b98 100644 --- a/cli/restart_test.go +++ b/cli/restart_test.go @@ -33,17 +33,18 @@ func TestRestart(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) ctx := testutil.Context(t, testutil.WaitLong) inv, root := clitest.New(t, "restart", workspace.Name, "--yes") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t).Attach(inv) @@ -63,15 +64,16 @@ func TestRestart(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, memberUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "restart", workspace.Name, "--build-options") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -102,7 +104,7 @@ func TestRestart(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) defer cancel() - workspace, err := client.WorkspaceByOwnerAndName(ctx, user.UserID.String(), workspace.Name, codersdk.WorkspaceOptions{}) + workspace, err := client.WorkspaceByOwnerAndName(ctx, memberUser.ID.String(), workspace.Name, codersdk.WorkspaceOptions{}) require.NoError(t, err) actualParameters, err := client.WorkspaceBuildParameters(ctx, workspace.LatestBuild.ID) require.NoError(t, err) @@ -116,16 +118,17 @@ func TestRestart(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, memberUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "restart", workspace.Name, "--build-option", fmt.Sprintf("%s=%s", ephemeralParameterName, ephemeralParameterValue)) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -155,7 +158,7 @@ func TestRestart(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) defer cancel() - workspace, err := client.WorkspaceByOwnerAndName(ctx, user.UserID.String(), workspace.Name, codersdk.WorkspaceOptions{}) + workspace, err := client.WorkspaceByOwnerAndName(ctx, memberUser.ID.String(), workspace.Name, codersdk.WorkspaceOptions{}) require.NoError(t, err) actualParameters, err := client.WorkspaceBuildParameters(ctx, workspace.LatestBuild.ID) require.NoError(t, err) @@ -194,11 +197,12 @@ func TestRestartWithParameters(t *testing.T) { // Create the workspace client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID, func(cwr *codersdk.CreateWorkspaceRequest) { + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID, func(cwr *codersdk.CreateWorkspaceRequest) { cwr.RichParameterValues = []codersdk.WorkspaceBuildParameter{ { Name: immutableParameterName, @@ -210,7 +214,7 @@ func TestRestartWithParameters(t *testing.T) { // Restart the workspace again inv, root := clitest.New(t, "restart", workspace.Name, "-y") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { diff --git a/cli/root_test.go b/cli/root_test.go index 1a6540a76c..4d95e5381b 100644 --- a/cli/root_test.go +++ b/cli/root_test.go @@ -136,8 +136,9 @@ func TestDERPHeaders(t *testing.T) { }) var ( - user = coderdtest.CreateFirstUser(t, client) - workspace = runAgent(t, client, user.UserID) + admin = coderdtest.CreateFirstUser(t, client) + member, _ = coderdtest.CreateAnotherUser(t, client, admin.OrganizationID) + workspace = runAgent(t, client, member) ) // Inject custom /derp handler so we can inspect the headers. @@ -183,7 +184,7 @@ func TestDERPHeaders(t *testing.T) { } } inv, root := clitest.New(t, args...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t) inv.Stdin = pty.Input() inv.Stderr = pty.Output() diff --git a/cli/show_test.go b/cli/show_test.go index 0753ee58c9..eff2789e75 100644 --- a/cli/show_test.go +++ b/cli/show_test.go @@ -15,11 +15,12 @@ func TestShow(t *testing.T) { t.Run("Exists", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, completeWithAgent()) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, completeWithAgent()) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) args := []string{ @@ -27,7 +28,7 @@ func TestShow(t *testing.T) { workspace.Name, } inv, root := clitest.New(t, args...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { diff --git a/cli/start_test.go b/cli/start_test.go index 7ebb5ab992..8a0e015f5c 100644 --- a/cli/start_test.go +++ b/cli/start_test.go @@ -56,15 +56,16 @@ func TestStart(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "start", workspace.Name, "--build-options") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -106,16 +107,17 @@ func TestStart(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "start", workspace.Name, "--build-option", fmt.Sprintf("%s=%s", ephemeralParameterName, ephemeralParameterValue)) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -170,11 +172,12 @@ func TestStartWithParameters(t *testing.T) { // Create the workspace client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID, func(cwr *codersdk.CreateWorkspaceRequest) { + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, member, owner.OrganizationID, template.ID, func(cwr *codersdk.CreateWorkspaceRequest) { cwr.RichParameterValues = []codersdk.WorkspaceBuildParameter{ { Name: immutableParameterName, @@ -190,7 +193,7 @@ func TestStartWithParameters(t *testing.T) { // Start the workspace again inv, root := clitest.New(t, "start", workspace.Name) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { diff --git a/cli/state_test.go b/cli/state_test.go index f4ab8fb5f1..5ca96f5089 100644 --- a/cli/state_test.go +++ b/cli/state_test.go @@ -12,6 +12,7 @@ import ( "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/coderd/coderdtest" + "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/provisioner/echo" "github.com/coder/coder/v2/provisionersdk/proto" ) @@ -21,9 +22,10 @@ func TestStatePull(t *testing.T) { t.Run("File", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) wantState := []byte("some state") - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionApply: []*proto.Response{{ Type: &proto.Response_Apply{ @@ -34,12 +36,13 @@ func TestStatePull(t *testing.T) { }}, }) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + // Need to create workspace as templateAdmin to ensure we can read state. + workspace := coderdtest.CreateWorkspace(t, templateAdmin, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) statefilePath := filepath.Join(t.TempDir(), "state") inv, root := clitest.New(t, "state", "pull", workspace.Name, statefilePath) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) err := inv.Run() require.NoError(t, err) gotState, err := os.ReadFile(statefilePath) @@ -49,9 +52,10 @@ func TestStatePull(t *testing.T) { t.Run("Stdout", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) wantState := []byte("some state") - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionApply: []*proto.Response{{ Type: &proto.Response_Apply{ @@ -62,13 +66,13 @@ func TestStatePull(t *testing.T) { }}, }) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, templateAdmin, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "state", "pull", workspace.Name) var gotState bytes.Buffer inv.Stdout = &gotState - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) err := inv.Run() require.NoError(t, err) require.Equal(t, wantState, bytes.TrimSpace(gotState.Bytes())) @@ -80,14 +84,15 @@ func TestStatePush(t *testing.T) { t.Run("File", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionApply: echo.ApplyComplete, }) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, templateAdmin, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) stateFile, err := os.CreateTemp(t.TempDir(), "") require.NoError(t, err) @@ -97,7 +102,7 @@ func TestStatePush(t *testing.T) { err = stateFile.Close() require.NoError(t, err) inv, root := clitest.New(t, "state", "push", workspace.Name, stateFile.Name()) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) err = inv.Run() require.NoError(t, err) }) @@ -105,17 +110,18 @@ func TestStatePush(t *testing.T) { t.Run("Stdin", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionApply: echo.ApplyComplete, }) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, templateAdmin, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "state", "push", "--build", strconv.Itoa(int(workspace.LatestBuild.BuildNumber)), workspace.Name, "-") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) inv.Stdin = strings.NewReader("some magic state") err := inv.Run() require.NoError(t, err) diff --git a/cli/templatedelete_test.go b/cli/templatedelete_test.go index dfb9f33b9a..d81a3235f5 100644 --- a/cli/templatedelete_test.go +++ b/cli/templatedelete_test.go @@ -13,6 +13,7 @@ import ( "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/cli/cliui" "github.com/coder/coder/v2/coderd/coderdtest" + "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/pty/ptytest" ) @@ -24,14 +25,15 @@ func TestTemplateDelete(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "templates", "delete", template.Name) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) execDone := make(chan error) @@ -52,19 +54,20 @@ func TestTemplateDelete(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) templates := []codersdk.Template{} templateNames := []string{} for i := 0; i < 3; i++ { - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) templates = append(templates, template) templateNames = append(templateNames, template.Name) } inv, root := clitest.New(t, append([]string{"templates", "delete", "--yes"}, templateNames...)...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) require.NoError(t, inv.Run()) for _, template := range templates { @@ -77,19 +80,20 @@ func TestTemplateDelete(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) templates := []codersdk.Template{} templateNames := []string{} for i := 0; i < 3; i++ { - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) templates = append(templates, template) templateNames = append(templateNames, template.Name) } inv, root := clitest.New(t, append([]string{"templates", "delete"}, templateNames...)...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) execDone := make(chan error) @@ -112,13 +116,14 @@ func TestTemplateDelete(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "templates", "delete") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) diff --git a/cli/templateedit_test.go b/cli/templateedit_test.go index 802d4e745c..57aaf94ef4 100644 --- a/cli/templateedit_test.go +++ b/cli/templateedit_test.go @@ -21,6 +21,7 @@ import ( "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/coderd/coderdtest" "github.com/coder/coder/v2/coderd/httpapi" + "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/testutil" ) @@ -31,10 +32,11 @@ func TestTemplateEdit(t *testing.T) { t.Run("FirstEmptyThenModified", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) // Test the cli command. name := "new-template-name" @@ -56,7 +58,7 @@ func TestTemplateEdit(t *testing.T) { "--allow-user-cancel-workspace-jobs=" + strconv.FormatBool(allowUserCancelWorkspaceJobs), } inv, root := clitest.New(t, cmdArgs...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) ctx := testutil.Context(t, testutil.WaitLong) err := inv.WithContext(ctx).Run() @@ -76,10 +78,11 @@ func TestTemplateEdit(t *testing.T) { t.Run("FirstEmptyThenNotModified", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) // Test the cli command. cmdArgs := []string{ @@ -93,7 +96,7 @@ func TestTemplateEdit(t *testing.T) { "--allow-user-cancel-workspace-jobs=" + strconv.FormatBool(template.AllowUserCancelWorkspaceJobs), } inv, root := clitest.New(t, cmdArgs...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) ctx := testutil.Context(t, testutil.WaitLong) err := inv.WithContext(ctx).Run() @@ -112,10 +115,11 @@ func TestTemplateEdit(t *testing.T) { t.Run("InvalidDisplayName", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) // Test the cli command. cmdArgs := []string{ @@ -126,7 +130,7 @@ func TestTemplateEdit(t *testing.T) { "--display-name", " a-b-c", } inv, root := clitest.New(t, cmdArgs...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) ctx := testutil.Context(t, testutil.WaitLong) err := inv.WithContext(ctx).Run() @@ -144,15 +148,16 @@ func TestTemplateEdit(t *testing.T) { t.Run("WithPropertiesThenModified", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) initialDisplayName := "This is a template" initialDescription := "This is description" initialIcon := "/img/icon.png" - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { ctr.DisplayName = initialDisplayName ctr.Description = initialDescription ctr.Icon = initialIcon @@ -178,7 +183,7 @@ func TestTemplateEdit(t *testing.T) { "--icon", icon, } inv, root := clitest.New(t, cmdArgs...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) ctx := testutil.Context(t, testutil.WaitLong) err = inv.WithContext(ctx).Run() @@ -196,15 +201,16 @@ func TestTemplateEdit(t *testing.T) { t.Run("WithPropertiesThenEmptyEdit", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) initialDisplayName := "This is a template" initialDescription := "This is description" initialIcon := "/img/icon.png" - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { ctr.DisplayName = initialDisplayName ctr.Description = initialDescription ctr.Icon = initialIcon @@ -224,7 +230,7 @@ func TestTemplateEdit(t *testing.T) { template.Name, } inv, root := clitest.New(t, cmdArgs...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) ctx := testutil.Context(t, testutil.WaitLong) err = inv.WithContext(ctx).Run() @@ -247,10 +253,11 @@ func TestTemplateEdit(t *testing.T) { t.Run("BlockedAGPL", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { ctr.DefaultTTLMillis = nil ctr.AutostopRequirement = nil }) @@ -293,7 +300,7 @@ func TestTemplateEdit(t *testing.T) { } cmdArgs = append(cmdArgs, c.flags...) inv, root := clitest.New(t, cmdArgs...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) ctx := testutil.Context(t, testutil.WaitLong) err := inv.WithContext(ctx).Run() @@ -321,10 +328,11 @@ func TestTemplateEdit(t *testing.T) { t.Run("BlockedNotEntitled", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { ctr.DefaultTTLMillis = nil ctr.AutostopRequirement = nil }) @@ -366,7 +374,7 @@ func TestTemplateEdit(t *testing.T) { proxyURL, err := url.Parse(proxy.URL) require.NoError(t, err) proxyClient := codersdk.New(proxyURL) - proxyClient.SetSessionToken(client.SessionToken()) + proxyClient.SetSessionToken(templateAdmin.SessionToken()) t.Cleanup(proxyClient.HTTPClient.CloseIdleConnections) cases := []struct { @@ -434,10 +442,11 @@ func TestTemplateEdit(t *testing.T) { t.Run("Entitled", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { ctr.DefaultTTLMillis = nil ctr.AutostopRequirement = nil }) @@ -496,7 +505,7 @@ func TestTemplateEdit(t *testing.T) { proxyURL, err := url.Parse(proxy.URL) require.NoError(t, err) proxyClient := codersdk.New(proxyURL) - proxyClient.SetSessionToken(client.SessionToken()) + proxyClient.SetSessionToken(templateAdmin.SessionToken()) t.Cleanup(proxyClient.HTTPClient.CloseIdleConnections) // Test the cli command. @@ -535,10 +544,11 @@ func TestTemplateEdit(t *testing.T) { t.Run("BlockedAGPL", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { ctr.DefaultTTLMillis = nil ctr.MaxTTLMillis = nil }) @@ -551,7 +561,7 @@ func TestTemplateEdit(t *testing.T) { "--max-ttl", "1h", } inv, root := clitest.New(t, cmdArgs...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) ctx := testutil.Context(t, testutil.WaitLong) err := inv.WithContext(ctx).Run() @@ -572,10 +582,11 @@ func TestTemplateEdit(t *testing.T) { t.Run("BlockedNotEntitled", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { ctr.DefaultTTLMillis = nil ctr.MaxTTLMillis = nil }) @@ -617,7 +628,7 @@ func TestTemplateEdit(t *testing.T) { proxyURL, err := url.Parse(proxy.URL) require.NoError(t, err) proxyClient := codersdk.New(proxyURL) - proxyClient.SetSessionToken(client.SessionToken()) + proxyClient.SetSessionToken(templateAdmin.SessionToken()) t.Cleanup(proxyClient.HTTPClient.CloseIdleConnections) // Test the cli command. @@ -648,10 +659,11 @@ func TestTemplateEdit(t *testing.T) { t.Run("Entitled", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { ctr.DefaultTTLMillis = nil ctr.MaxTTLMillis = nil }) @@ -709,7 +721,7 @@ func TestTemplateEdit(t *testing.T) { proxyURL, err := url.Parse(proxy.URL) require.NoError(t, err) proxyClient := codersdk.New(proxyURL) - proxyClient.SetSessionToken(client.SessionToken()) + proxyClient.SetSessionToken(templateAdmin.SessionToken()) t.Cleanup(proxyClient.HTTPClient.CloseIdleConnections) // Test the cli command. @@ -745,10 +757,11 @@ func TestTemplateEdit(t *testing.T) { t.Run("BlockedAGPL", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(ctr *codersdk.CreateTemplateRequest) { ctr.DefaultTTLMillis = nil ctr.AutostopRequirement = nil ctr.FailureTTLMillis = nil @@ -763,7 +776,7 @@ func TestTemplateEdit(t *testing.T) { "--allow-user-autostart=false", } inv, root := clitest.New(t, cmdArgs...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) ctx := testutil.Context(t, testutil.WaitLong) err := inv.WithContext(ctx).Run() @@ -778,7 +791,7 @@ func TestTemplateEdit(t *testing.T) { "--allow-user-autostop=false", } inv, root = clitest.New(t, cmdArgs...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) ctx = testutil.Context(t, testutil.WaitLong) err = inv.WithContext(ctx).Run() @@ -804,10 +817,11 @@ func TestTemplateEdit(t *testing.T) { t.Run("BlockedNotEntitled", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) // Make a proxy server that will return a valid entitlements // response, but without advanced scheduling entitlement. @@ -846,7 +860,7 @@ func TestTemplateEdit(t *testing.T) { proxyURL, err := url.Parse(proxy.URL) require.NoError(t, err) proxyClient := codersdk.New(proxyURL) - proxyClient.SetSessionToken(client.SessionToken()) + proxyClient.SetSessionToken(templateAdmin.SessionToken()) t.Cleanup(proxyClient.HTTPClient.CloseIdleConnections) // Test the cli command with --allow-user-autostart. @@ -897,10 +911,11 @@ func TestTemplateEdit(t *testing.T) { t.Run("Entitled", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) // Make a proxy server that will return a valid entitlements // response, including a valid advanced scheduling entitlement. @@ -956,7 +971,7 @@ func TestTemplateEdit(t *testing.T) { proxyURL, err := url.Parse(proxy.URL) require.NoError(t, err) proxyClient := codersdk.New(proxyURL) - proxyClient.SetSessionToken(client.SessionToken()) + proxyClient.SetSessionToken(templateAdmin.SessionToken()) t.Cleanup(proxyClient.HTTPClient.CloseIdleConnections) // Test the cli command. diff --git a/cli/templatelist_test.go b/cli/templatelist_test.go index b0a248c7a0..98796a3906 100644 --- a/cli/templatelist_test.go +++ b/cli/templatelist_test.go @@ -11,6 +11,7 @@ import ( "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/coderd/coderdtest" + "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/pty/ptytest" "github.com/coder/coder/v2/testutil" @@ -21,17 +22,18 @@ func TestTemplateList(t *testing.T) { t.Run("ListTemplates", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - firstVersion := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + firstVersion := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, firstVersion.ID) - firstTemplate := coderdtest.CreateTemplate(t, client, user.OrganizationID, firstVersion.ID) + firstTemplate := coderdtest.CreateTemplate(t, client, owner.OrganizationID, firstVersion.ID) - secondVersion := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + secondVersion := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, secondVersion.ID) - secondTemplate := coderdtest.CreateTemplate(t, client, user.OrganizationID, secondVersion.ID) + secondTemplate := coderdtest.CreateTemplate(t, client, owner.OrganizationID, secondVersion.ID) inv, root := clitest.New(t, "templates", "list") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) @@ -56,17 +58,18 @@ func TestTemplateList(t *testing.T) { t.Run("ListTemplatesJSON", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - firstVersion := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + firstVersion := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, firstVersion.ID) - _ = coderdtest.CreateTemplate(t, client, user.OrganizationID, firstVersion.ID) + _ = coderdtest.CreateTemplate(t, client, owner.OrganizationID, firstVersion.ID) - secondVersion := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + secondVersion := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, secondVersion.ID) - _ = coderdtest.CreateTemplate(t, client, user.OrganizationID, secondVersion.ID) + _ = coderdtest.CreateTemplate(t, client, owner.OrganizationID, secondVersion.ID) inv, root := clitest.New(t, "templates", "list", "--output=json") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) ctx, cancelFunc := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancelFunc() @@ -83,10 +86,11 @@ func TestTemplateList(t *testing.T) { t.Run("NoTemplates", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{}) - coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) inv, root := clitest.New(t, "templates", "list") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t) inv.Stdin = pty.Input() diff --git a/cli/templatepull_test.go b/cli/templatepull_test.go index fd89b29d01..7d22f31f74 100644 --- a/cli/templatepull_test.go +++ b/cli/templatepull_test.go @@ -15,6 +15,7 @@ import ( "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/coderd/coderdtest" + "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/provisioner/echo" "github.com/coder/coder/v2/provisionersdk/proto" "github.com/coder/coder/v2/pty/ptytest" @@ -56,7 +57,8 @@ func TestTemplatePull_Stdout(t *testing.T) { client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) // Create an initial template bundle. source1 := genTemplateVersionSource() @@ -67,18 +69,18 @@ func TestTemplatePull_Stdout(t *testing.T) { expected, err := echo.Tar(source2) require.NoError(t, err) - version1 := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, source1) + version1 := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, source1) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version1.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version1.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version1.ID) // Update the template version so that we can assert that templates // are being sorted correctly. - updatedVersion := coderdtest.UpdateTemplateVersion(t, client, user.OrganizationID, source2, template.ID) + updatedVersion := coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, source2, template.ID) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, updatedVersion.ID) inv, root := clitest.New(t, "templates", "pull", "--tar", template.Name) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) var buf bytes.Buffer inv.Stdout = &buf @@ -97,7 +99,8 @@ func TestTemplatePull_ToDir(t *testing.T) { client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) // Create an initial template bundle. source1 := genTemplateVersionSource() @@ -108,14 +111,14 @@ func TestTemplatePull_ToDir(t *testing.T) { expected, err := echo.Tar(source2) require.NoError(t, err) - version1 := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, source1) + version1 := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, source1) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version1.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version1.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version1.ID) // Update the template version so that we can assert that templates // are being sorted correctly. - updatedVersion := coderdtest.UpdateTemplateVersion(t, client, user.OrganizationID, source2, template.ID) + updatedVersion := coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, source2, template.ID) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, updatedVersion.ID) dir := t.TempDir() @@ -128,7 +131,7 @@ func TestTemplatePull_ToDir(t *testing.T) { require.NoError(t, err) inv, root := clitest.New(t, "templates", "pull", template.Name, actualDest) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) ptytest.New(t).Attach(inv) @@ -147,7 +150,8 @@ func TestTemplatePull_ToImplicit(t *testing.T) { client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) // Create an initial template bundle. source1 := genTemplateVersionSource() @@ -158,14 +162,14 @@ func TestTemplatePull_ToImplicit(t *testing.T) { expected, err := echo.Tar(source2) require.NoError(t, err) - version1 := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, source1) + version1 := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, source1) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version1.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version1.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version1.ID) // Update the template version so that we can assert that templates // are being sorted correctly. - updatedVersion := coderdtest.UpdateTemplateVersion(t, client, user.OrganizationID, source2, template.ID) + updatedVersion := coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, source2, template.ID) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, updatedVersion.ID) // create a tempdir and change the working directory to it for the duration of the test (cannot run in parallel) @@ -188,7 +192,7 @@ func TestTemplatePull_ToImplicit(t *testing.T) { require.NoError(t, err) inv, root := clitest.New(t, "templates", "pull", template.Name) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) ptytest.New(t).Attach(inv) @@ -208,7 +212,8 @@ func TestTemplatePull_FolderConflict(t *testing.T) { client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) // Create an initial template bundle. source1 := genTemplateVersionSource() @@ -219,14 +224,14 @@ func TestTemplatePull_FolderConflict(t *testing.T) { expected, err := echo.Tar(source2) require.NoError(t, err) - version1 := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, source1) + version1 := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, source1) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version1.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version1.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version1.ID) // Update the template version so that we can assert that templates // are being sorted correctly. - updatedVersion := coderdtest.UpdateTemplateVersion(t, client, user.OrganizationID, source2, template.ID) + updatedVersion := coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, source2, template.ID) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, updatedVersion.ID) dir := t.TempDir() @@ -249,7 +254,7 @@ func TestTemplatePull_FolderConflict(t *testing.T) { require.NoError(t, err) inv, root := clitest.New(t, "templates", "pull", template.Name, conflictDest) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) diff --git a/cli/templatepush_test.go b/cli/templatepush_test.go index e106c327f6..5736df8cc2 100644 --- a/cli/templatepush_test.go +++ b/cli/templatepush_test.go @@ -16,6 +16,7 @@ import ( "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/coderd/coderdtest" "github.com/coder/coder/v2/coderd/database" + "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/provisioner/echo" "github.com/coder/coder/v2/provisionersdk/proto" @@ -29,11 +30,12 @@ func TestTemplatePush(t *testing.T) { t.Run("OK", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) // Test the cli command. source := clitest.CreateTemplateVersionSource(t, &echo.Responses{ @@ -41,7 +43,7 @@ func TestTemplatePush(t *testing.T) { ProvisionApply: echo.ApplyComplete, }) inv, root := clitest.New(t, "templates", "push", template.Name, "--directory", source, "--test.provisioner", string(database.ProvisionerTypeEcho), "--name", "example") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) execDone := make(chan error) @@ -75,11 +77,12 @@ func TestTemplatePush(t *testing.T) { t.Run("Message less than or equal to 72 chars", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) source := clitest.CreateTemplateVersionSource(t, &echo.Responses{ Parse: echo.ParseComplete, ProvisionApply: echo.ApplyComplete, @@ -88,7 +91,7 @@ func TestTemplatePush(t *testing.T) { wantMessage := strings.Repeat("a", 72) inv, root := clitest.New(t, "templates", "push", template.Name, "--directory", source, "--test.provisioner", string(database.ProvisionerTypeEcho), "--name", "example", "--message", wantMessage, "--yes") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitMedium) @@ -114,11 +117,12 @@ func TestTemplatePush(t *testing.T) { t.Run("Message too long, warn but continue", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) source := clitest.CreateTemplateVersionSource(t, &echo.Responses{ Parse: echo.ParseComplete, ProvisionApply: echo.ApplyComplete, @@ -134,8 +138,13 @@ func TestTemplatePush(t *testing.T) { {wantMessage: strings.Repeat("a", 73), wantMatch: "Template message is longer than 72 characters"}, {wantMessage: "This is my title\n\nAnd this is my body.", wantMatch: "Template message contains newlines"}, } { - inv, root := clitest.New(t, "templates", "push", template.Name, "--directory", source, "--test.provisioner", string(database.ProvisionerTypeEcho), "--message", tt.wantMessage, "--yes") - clitest.SetupConfig(t, client, root) + inv, root := clitest.New(t, "templates", "push", template.Name, + "--directory", source, + "--test.provisioner", string(database.ProvisionerTypeEcho), + "--message", tt.wantMessage, + "--yes", + ) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) inv = inv.WithContext(ctx) @@ -159,11 +168,12 @@ func TestTemplatePush(t *testing.T) { t.Run("NoLockfile", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) // Test the cli command. source := clitest.CreateTemplateVersionSource(t, &echo.Responses{ @@ -172,8 +182,12 @@ func TestTemplatePush(t *testing.T) { }) require.NoError(t, os.Remove(filepath.Join(source, ".terraform.lock.hcl"))) - inv, root := clitest.New(t, "templates", "push", template.Name, "--directory", source, "--test.provisioner", string(database.ProvisionerTypeEcho), "--name", "example") - clitest.SetupConfig(t, client, root) + inv, root := clitest.New(t, "templates", "push", template.Name, + "--directory", source, + "--test.provisioner", string(database.ProvisionerTypeEcho), + "--name", "example", + ) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) execDone := make(chan error) @@ -202,11 +216,12 @@ func TestTemplatePush(t *testing.T) { t.Run("NoLockfileIgnored", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) // Test the cli command. source := clitest.CreateTemplateVersionSource(t, &echo.Responses{ @@ -215,8 +230,13 @@ func TestTemplatePush(t *testing.T) { }) require.NoError(t, os.Remove(filepath.Join(source, ".terraform.lock.hcl"))) - inv, root := clitest.New(t, "templates", "push", template.Name, "--directory", source, "--test.provisioner", string(database.ProvisionerTypeEcho), "--name", "example", "--ignore-lockfile") - clitest.SetupConfig(t, client, root) + inv, root := clitest.New(t, "templates", "push", template.Name, + "--directory", source, + "--test.provisioner", string(database.ProvisionerTypeEcho), + "--name", "example", + "--ignore-lockfile", + ) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) execDone := make(chan error) @@ -239,19 +259,25 @@ func TestTemplatePush(t *testing.T) { t.Run("PushInactiveTemplateVersion", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) // Test the cli command. source := clitest.CreateTemplateVersionSource(t, &echo.Responses{ Parse: echo.ParseComplete, ProvisionApply: echo.ApplyComplete, }) - inv, root := clitest.New(t, "templates", "push", template.Name, "--activate=false", "--directory", source, "--test.provisioner", string(database.ProvisionerTypeEcho), "--name", "example") - clitest.SetupConfig(t, client, root) + inv, root := clitest.New(t, "templates", "push", template.Name, + "--activate=false", + "--directory", source, + "--test.provisioner", string(database.ProvisionerTypeEcho), + "--name", "example", + ) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) w := clitest.StartWithWaiter(t, inv) @@ -286,8 +312,9 @@ func TestTemplatePush(t *testing.T) { } client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) // Test the cli command. @@ -296,15 +323,18 @@ func TestTemplatePush(t *testing.T) { ProvisionApply: echo.ApplyComplete, }) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID, + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(r *codersdk.CreateTemplateRequest) { r.Name = filepath.Base(source) }) // Don't pass the name of the template, it should use the // directory of the source. - inv, root := clitest.New(t, "templates", "push", "--test.provisioner", string(database.ProvisionerTypeEcho), "--test.workdir", source) - clitest.SetupConfig(t, client, root) + inv, root := clitest.New(t, "templates", "push", + "--test.provisioner", string(database.ProvisionerTypeEcho), + "--test.workdir", source, + ) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) waiter := clitest.StartWithWaiter(t, inv) @@ -334,8 +364,9 @@ func TestTemplatePush(t *testing.T) { t.Run("Stdin", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) source, err := echo.Tar(&echo.Responses{ @@ -344,14 +375,14 @@ func TestTemplatePush(t *testing.T) { }) require.NoError(t, err) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New( t, "templates", "push", "--directory", "-", "--test.provisioner", string(database.ProvisionerTypeEcho), template.Name, ) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t) inv.Stdin = bytes.NewReader(source) inv.Stdout = pty.Output() @@ -389,11 +420,12 @@ func TestTemplatePush(t *testing.T) { t.Run("VariableIsRequired", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) - templateVersion := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, createEchoResponsesWithTemplateVariables(initialTemplateVariables)) + templateVersion := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, createEchoResponsesWithTemplateVariables(initialTemplateVariables)) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, templateVersion.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, templateVersion.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, templateVersion.ID) // Test the cli command. modifiedTemplateVariables := append(initialTemplateVariables, @@ -409,8 +441,13 @@ func TestTemplatePush(t *testing.T) { removeTmpDirUntilSuccessAfterTest(t, tempDir) variablesFile, _ := os.CreateTemp(tempDir, "variables*.yaml") _, _ = variablesFile.WriteString(`second_variable: foobar`) - inv, root := clitest.New(t, "templates", "push", template.Name, "--directory", source, "--test.provisioner", string(database.ProvisionerTypeEcho), "--name", "example", "--variables-file", variablesFile.Name()) - clitest.SetupConfig(t, client, root) + inv, root := clitest.New(t, "templates", "push", template.Name, + "--directory", source, + "--test.provisioner", string(database.ProvisionerTypeEcho), + "--name", "example", + "--variables-file", variablesFile.Name(), + ) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t) inv.Stdin = pty.Input() inv.Stdout = pty.Output() @@ -452,11 +489,12 @@ func TestTemplatePush(t *testing.T) { t.Run("VariableIsRequiredButNotProvided", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) - templateVersion := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, createEchoResponsesWithTemplateVariables(initialTemplateVariables)) + templateVersion := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, createEchoResponsesWithTemplateVariables(initialTemplateVariables)) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, templateVersion.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, templateVersion.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, templateVersion.ID) // Test the cli command. modifiedTemplateVariables := append(initialTemplateVariables, @@ -469,7 +507,7 @@ func TestTemplatePush(t *testing.T) { ) source := clitest.CreateTemplateVersionSource(t, createEchoResponsesWithTemplateVariables(modifiedTemplateVariables)) inv, root := clitest.New(t, "templates", "push", template.Name, "--directory", source, "--test.provisioner", string(database.ProvisionerTypeEcho), "--name", "example") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t) inv.Stdin = pty.Input() inv.Stdout = pty.Output() @@ -498,11 +536,12 @@ func TestTemplatePush(t *testing.T) { t.Run("VariableIsOptionalButNotProvided", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) - templateVersion := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, createEchoResponsesWithTemplateVariables(initialTemplateVariables)) + templateVersion := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, createEchoResponsesWithTemplateVariables(initialTemplateVariables)) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, templateVersion.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, templateVersion.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, templateVersion.ID) // Test the cli command. modifiedTemplateVariables := append(initialTemplateVariables, @@ -515,8 +554,12 @@ func TestTemplatePush(t *testing.T) { }, ) source := clitest.CreateTemplateVersionSource(t, createEchoResponsesWithTemplateVariables(modifiedTemplateVariables)) - inv, root := clitest.New(t, "templates", "push", template.Name, "--directory", source, "--test.provisioner", string(database.ProvisionerTypeEcho), "--name", "example") - clitest.SetupConfig(t, client, root) + inv, root := clitest.New(t, "templates", "push", template.Name, + "--directory", source, + "--test.provisioner", string(database.ProvisionerTypeEcho), + "--name", "example", + ) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t) inv.Stdin = pty.Input() inv.Stdout = pty.Output() @@ -559,11 +602,12 @@ func TestTemplatePush(t *testing.T) { t.Run("WithVariableOption", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) - templateVersion := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, createEchoResponsesWithTemplateVariables(initialTemplateVariables)) + templateVersion := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, createEchoResponsesWithTemplateVariables(initialTemplateVariables)) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, templateVersion.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, templateVersion.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, templateVersion.ID) // Test the cli command. modifiedTemplateVariables := append(initialTemplateVariables, @@ -575,8 +619,14 @@ func TestTemplatePush(t *testing.T) { }, ) source := clitest.CreateTemplateVersionSource(t, createEchoResponsesWithTemplateVariables(modifiedTemplateVariables)) - inv, root := clitest.New(t, "templates", "push", template.Name, "--directory", source, "--test.provisioner", string(database.ProvisionerTypeEcho), "--name", "example", "--variable", "second_variable=foobar") - clitest.SetupConfig(t, client, root) + inv, root := clitest.New(t, + "templates", "push", template.Name, + "--directory", source, + "--test.provisioner", string(database.ProvisionerTypeEcho), + "--name", "example", + "--variable", "second_variable=foobar", + ) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t) inv.Stdin = pty.Input() inv.Stdout = pty.Output() @@ -618,7 +668,8 @@ func TestTemplatePush(t *testing.T) { t.Run("CreateTemplate", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) source := clitest.CreateTemplateVersionSource(t, completeWithAgent()) const templateName = "my-template" @@ -631,7 +682,7 @@ func TestTemplatePush(t *testing.T) { "--create", } inv, root := clitest.New(t, args...) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, templateAdmin, root) pty := ptytest.New(t).Attach(inv) waiter := clitest.StartWithWaiter(t, inv) @@ -652,7 +703,7 @@ func TestTemplatePush(t *testing.T) { waiter.RequireSuccess() - template, err := client.TemplateByName(context.Background(), user.OrganizationID, templateName) + template, err := client.TemplateByName(context.Background(), owner.OrganizationID, templateName) require.NoError(t, err) require.Equal(t, templateName, template.Name) require.NotEqual(t, uuid.Nil, template.ActiveVersionID) diff --git a/cli/templateversions_test.go b/cli/templateversions_test.go index e6624d27c7..8a017fb15d 100644 --- a/cli/templateversions_test.go +++ b/cli/templateversions_test.go @@ -15,13 +15,14 @@ func TestTemplateVersions(t *testing.T) { t.Run("ListVersions", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) _ = coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "templates", "versions", "list", template.Name) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) pty := ptytest.New(t).Attach(inv) diff --git a/cli/update_test.go b/cli/update_test.go index cfedf7a5ba..ce81807b21 100644 --- a/cli/update_test.go +++ b/cli/update_test.go @@ -35,27 +35,28 @@ func TestUpdate(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version1 := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil) + owner := coderdtest.CreateFirstUser(t, client) + member, memberUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version1 := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version1.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version1.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version1.ID) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name, "-y", ) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err := inv.Run() require.NoError(t, err) - ws, err := client.WorkspaceByOwnerAndName(context.Background(), "testuser", "my-workspace", codersdk.WorkspaceOptions{}) + ws, err := client.WorkspaceByOwnerAndName(context.Background(), memberUser.Username, "my-workspace", codersdk.WorkspaceOptions{}) require.NoError(t, err) require.Equal(t, version1.ID.String(), ws.LatestBuild.TemplateVersionID.String()) - version2 := coderdtest.UpdateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ + version2 := coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionApply: echo.ApplyComplete, ProvisionPlan: echo.PlanComplete, @@ -68,12 +69,12 @@ func TestUpdate(t *testing.T) { require.NoError(t, err) inv, root = clitest.New(t, "update", ws.Name) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err = inv.Run() require.NoError(t, err) - ws, err = client.WorkspaceByOwnerAndName(context.Background(), "testuser", "my-workspace", codersdk.WorkspaceOptions{}) + ws, err = member.WorkspaceByOwnerAndName(context.Background(), memberUser.Username, "my-workspace", codersdk.WorkspaceOptions{}) require.NoError(t, err) require.Equal(t, version2.ID.String(), ws.LatestBuild.TemplateVersionID.String()) }) @@ -112,11 +113,12 @@ func TestUpdateWithRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) tempDir := t.TempDir() removeTmpDirUntilSuccessAfterTest(t, tempDir) @@ -127,12 +129,12 @@ func TestUpdateWithRichParameters(t *testing.T) { secondParameterName + ": " + secondParameterValue) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name, "--rich-parameter-file", parameterFile.Name(), "-y") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err := inv.Run() assert.NoError(t, err) inv, root = clitest.New(t, "update", "my-workspace", "--always-prompt") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) @@ -162,11 +164,12 @@ func TestUpdateWithRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, memberUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) tempDir := t.TempDir() removeTmpDirUntilSuccessAfterTest(t, tempDir) @@ -179,12 +182,12 @@ func TestUpdateWithRichParameters(t *testing.T) { const workspaceName = "my-workspace" inv, root := clitest.New(t, "create", workspaceName, "--template", template.Name, "--rich-parameter-file", parameterFile.Name(), "-y") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err := inv.Run() assert.NoError(t, err) inv, root = clitest.New(t, "update", workspaceName, "--build-options") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) @@ -212,7 +215,7 @@ func TestUpdateWithRichParameters(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) defer cancel() - workspace, err := client.WorkspaceByOwnerAndName(ctx, user.UserID.String(), workspaceName, codersdk.WorkspaceOptions{}) + workspace, err := client.WorkspaceByOwnerAndName(ctx, memberUser.ID.String(), workspaceName, codersdk.WorkspaceOptions{}) require.NoError(t, err) actualParameters, err := client.WorkspaceBuildParameters(ctx, workspace.LatestBuild.ID) require.NoError(t, err) @@ -226,11 +229,12 @@ func TestUpdateWithRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, echoResponses) + owner := coderdtest.CreateFirstUser(t, client) + member, memberUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) const workspaceName = "my-workspace" @@ -238,13 +242,13 @@ func TestUpdateWithRichParameters(t *testing.T) { "--parameter", fmt.Sprintf("%s=%s", firstParameterName, firstParameterValue), "--parameter", fmt.Sprintf("%s=%s", immutableParameterName, immutableParameterValue), "--parameter", fmt.Sprintf("%s=%s", secondParameterName, secondParameterValue)) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err := inv.Run() assert.NoError(t, err) inv, root = clitest.New(t, "update", workspaceName, "--build-option", fmt.Sprintf("%s=%s", ephemeralParameterName, ephemeralParameterValue)) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) @@ -261,7 +265,7 @@ func TestUpdateWithRichParameters(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) defer cancel() - workspace, err := client.WorkspaceByOwnerAndName(ctx, user.UserID.String(), workspaceName, codersdk.WorkspaceOptions{}) + workspace, err := client.WorkspaceByOwnerAndName(ctx, memberUser.ID.String(), workspaceName, codersdk.WorkspaceOptions{}) require.NoError(t, err) actualParameters, err := client.WorkspaceBuildParameters(ctx, workspace.LatestBuild.ID) require.NoError(t, err) @@ -302,10 +306,11 @@ func TestUpdateValidateRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(stringRichParameters)) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(stringRichParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) tempDir := t.TempDir() removeTmpDirUntilSuccessAfterTest(t, tempDir) @@ -314,12 +319,12 @@ func TestUpdateValidateRichParameters(t *testing.T) { stringParameterName + ": " + stringParameterValue) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name, "--rich-parameter-file", parameterFile.Name(), "-y") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err := inv.Run() require.NoError(t, err) inv, root = clitest.New(t, "update", "my-workspace", "--always-prompt") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -346,11 +351,12 @@ func TestUpdateValidateRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(numberRichParameters)) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(numberRichParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) tempDir := t.TempDir() removeTmpDirUntilSuccessAfterTest(t, tempDir) @@ -359,12 +365,12 @@ func TestUpdateValidateRichParameters(t *testing.T) { numberParameterName + ": " + numberParameterValue) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name, "--rich-parameter-file", parameterFile.Name(), "-y") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err := inv.Run() require.NoError(t, err) inv, root = clitest.New(t, "update", "my-workspace", "--always-prompt") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -394,11 +400,12 @@ func TestUpdateValidateRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(boolRichParameters)) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(boolRichParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) tempDir := t.TempDir() removeTmpDirUntilSuccessAfterTest(t, tempDir) @@ -407,12 +414,12 @@ func TestUpdateValidateRichParameters(t *testing.T) { boolParameterName + ": " + boolParameterValue) inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name, "--rich-parameter-file", parameterFile.Name(), "-y") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err := inv.Run() require.NoError(t, err) inv, root = clitest.New(t, "update", "my-workspace", "--always-prompt") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -439,12 +446,13 @@ func TestUpdateValidateRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) // Upload the initial template - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(stringRichParameters)) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(stringRichParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) tempDir := t.TempDir() removeTmpDirUntilSuccessAfterTest(t, tempDir) @@ -454,7 +462,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Create workspace inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name, "--rich-parameter-file", parameterFile.Name(), "-y") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err := inv.Run() require.NoError(t, err) @@ -469,7 +477,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { Mutable: true, Required: true, }) - version = coderdtest.UpdateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(modifiedParameters), template.ID) + version = coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(modifiedParameters), template.ID) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) err = client.UpdateActiveTemplateVersion(context.Background(), template.ID, codersdk.UpdateActiveTemplateVersion{ ID: version.ID, @@ -478,7 +486,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Update the workspace inv, root = clitest.New(t, "update", "my-workspace") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -507,12 +515,13 @@ func TestUpdateValidateRichParameters(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) // Upload the initial template - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(stringRichParameters)) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(stringRichParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) tempDir := t.TempDir() removeTmpDirUntilSuccessAfterTest(t, tempDir) @@ -522,7 +531,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Create workspace inv, root := clitest.New(t, "create", "my-workspace", "--template", template.Name, "--rich-parameter-file", parameterFile.Name(), "-y") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err := inv.Run() require.NoError(t, err) @@ -538,7 +547,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { DefaultValue: "foobar", Required: false, }) - version = coderdtest.UpdateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(modifiedParameters), template.ID) + version = coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(modifiedParameters), template.ID) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) err = client.UpdateActiveTemplateVersion(context.Background(), template.ID, codersdk.UpdateActiveTemplateVersion{ ID: version.ID, @@ -547,7 +556,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Update the workspace inv, root = clitest.New(t, "update", "my-workspace") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -566,6 +575,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Create template and workspace client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) user := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, user.OrganizationID) templateParameters := []*proto.RichParameter{ {Name: stringParameterName, Type: "string", Mutable: true, Required: true, Options: []*proto.RichParameterOption{ @@ -580,7 +590,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Create new workspace inv, root := clitest.New(t, "create", "my-workspace", "--yes", "--template", template.Name, "--parameter", fmt.Sprintf("%s=%s", stringParameterName, "2nd")) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err := inv.Run() require.NoError(t, err) @@ -603,7 +613,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Update the workspace inv, root = clitest.New(t, "update", "my-workspace") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -634,7 +644,8 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Create template and workspace client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) templateParameters := []*proto.RichParameter{ {Name: stringParameterName, Type: "string", Mutable: true, Required: true, Options: []*proto.RichParameterOption{ @@ -643,13 +654,13 @@ func TestUpdateValidateRichParameters(t *testing.T) { {Name: "Third option", Description: "This is third option", Value: "3rd"}, }}, } - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(templateParameters)) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(templateParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) // Create new workspace inv, root := clitest.New(t, "create", "my-workspace", "--yes", "--template", template.Name, "--parameter", fmt.Sprintf("%s=%s", stringParameterName, "2nd")) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) ptytest.New(t).Attach(inv) err := inv.Run() require.NoError(t, err) @@ -664,7 +675,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { }}, } - updatedVersion := coderdtest.UpdateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(updatedTemplateParameters), template.ID) + updatedVersion := coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(updatedTemplateParameters), template.ID) coderdtest.AwaitTemplateVersionJobCompleted(t, client, updatedVersion.ID) err = client.UpdateActiveTemplateVersion(context.Background(), template.ID, codersdk.UpdateActiveTemplateVersion{ ID: updatedVersion.ID, @@ -673,7 +684,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Update the workspace inv, root = clitest.New(t, "update", "my-workspace") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -704,7 +715,8 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Create template and workspace client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) templateParameters := []*proto.RichParameter{ {Name: stringParameterName, Type: "string", Mutable: false, Required: true, Options: []*proto.RichParameterOption{ @@ -713,12 +725,12 @@ func TestUpdateValidateRichParameters(t *testing.T) { {Name: "Third option", Description: "This is third option", Value: "3rd"}, }}, } - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(templateParameters)) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(templateParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "create", "my-workspace", "--yes", "--template", template.Name, "--parameter", fmt.Sprintf("%s=%s", stringParameterName, "2nd")) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err := inv.Run() require.NoError(t, err) @@ -729,7 +741,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { {Name: mutableParameterName, Type: "string", Mutable: true, Required: true}, } - updatedVersion := coderdtest.UpdateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(updatedTemplateParameters), template.ID) + updatedVersion := coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(updatedTemplateParameters), template.ID) coderdtest.AwaitTemplateVersionJobCompleted(t, client, updatedVersion.ID) err = client.UpdateActiveTemplateVersion(context.Background(), template.ID, codersdk.UpdateActiveTemplateVersion{ ID: updatedVersion.ID, @@ -738,7 +750,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Update the workspace inv, root = clitest.New(t, "update", "my-workspace") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -769,7 +781,8 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Create template and workspace client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) - user := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) templateParameters := []*proto.RichParameter{ {Name: stringParameterName, Type: "string", Mutable: true, Required: true, Options: []*proto.RichParameterOption{ @@ -778,12 +791,12 @@ func TestUpdateValidateRichParameters(t *testing.T) { {Name: "Third option", Description: "This is third option", Value: "3rd"}, }}, } - version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(templateParameters)) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(templateParameters)) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) inv, root := clitest.New(t, "create", "my-workspace", "--yes", "--template", template.Name, "--parameter", fmt.Sprintf("%s=%s", stringParameterName, "2nd")) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) err := inv.Run() require.NoError(t, err) @@ -798,7 +811,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { }}, } - updatedVersion := coderdtest.UpdateTemplateVersion(t, client, user.OrganizationID, prepareEchoResponses(updatedTemplateParameters), template.ID) + updatedVersion := coderdtest.UpdateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(updatedTemplateParameters), template.ID) coderdtest.AwaitTemplateVersionJobCompleted(t, client, updatedVersion.ID) err = client.UpdateActiveTemplateVersion(context.Background(), template.ID, codersdk.UpdateActiveTemplateVersion{ ID: updatedVersion.ID, @@ -807,7 +820,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { // Update the workspace inv, root = clitest.New(t, "update", "my-workspace") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, member, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { diff --git a/cli/user_delete_test.go b/cli/user_delete_test.go index b1735ca668..d8a6956577 100644 --- a/cli/user_delete_test.go +++ b/cli/user_delete_test.go @@ -8,6 +8,7 @@ import ( "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/coderd/coderdtest" + "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/cryptorand" "github.com/coder/coder/v2/pty/ptytest" @@ -19,7 +20,8 @@ func TestUserDelete(t *testing.T) { t.Parallel() ctx := context.Background() client := coderdtest.New(t, nil) - aUser := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + userAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleUserAdmin()) pw, err := cryptorand.String(16) require.NoError(t, err) @@ -29,13 +31,13 @@ func TestUserDelete(t *testing.T) { Username: "coolin", Password: pw, UserLoginType: codersdk.LoginTypePassword, - OrganizationID: aUser.OrganizationID, + OrganizationID: owner.OrganizationID, DisableLogin: false, }) require.NoError(t, err) inv, root := clitest.New(t, "users", "delete", "coolin") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, userAdmin, root) pty := ptytest.New(t).Attach(inv) errC := make(chan error) go func() { @@ -49,7 +51,8 @@ func TestUserDelete(t *testing.T) { t.Parallel() ctx := context.Background() client := coderdtest.New(t, nil) - aUser := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + userAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleUserAdmin()) pw, err := cryptorand.String(16) require.NoError(t, err) @@ -59,13 +62,13 @@ func TestUserDelete(t *testing.T) { Username: "coolin", Password: pw, UserLoginType: codersdk.LoginTypePassword, - OrganizationID: aUser.OrganizationID, + OrganizationID: owner.OrganizationID, DisableLogin: false, }) require.NoError(t, err) inv, root := clitest.New(t, "users", "delete", user.ID.String()) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, userAdmin, root) pty := ptytest.New(t).Attach(inv) errC := make(chan error) go func() { @@ -79,7 +82,8 @@ func TestUserDelete(t *testing.T) { t.Parallel() ctx := context.Background() client := coderdtest.New(t, nil) - aUser := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + userAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleUserAdmin()) pw, err := cryptorand.String(16) require.NoError(t, err) @@ -89,13 +93,13 @@ func TestUserDelete(t *testing.T) { Username: "coolin", Password: pw, UserLoginType: codersdk.LoginTypePassword, - OrganizationID: aUser.OrganizationID, + OrganizationID: owner.OrganizationID, DisableLogin: false, }) require.NoError(t, err) inv, root := clitest.New(t, "users", "delete", user.ID.String()) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, userAdmin, root) pty := ptytest.New(t).Attach(inv) errC := make(chan error) go func() { @@ -139,27 +143,22 @@ func TestUserDelete(t *testing.T) { t.Run("DeleteSelf", func(t *testing.T) { t.Parallel() - ctx := context.Background() - client := coderdtest.New(t, nil) - aUser := coderdtest.CreateFirstUser(t, client) - - pw, err := cryptorand.String(16) - require.NoError(t, err) - - _, err = client.CreateUser(ctx, codersdk.CreateUserRequest{ - Email: "colin5@coder.com", - Username: "coolin", - Password: pw, - UserLoginType: codersdk.LoginTypePassword, - OrganizationID: aUser.OrganizationID, - DisableLogin: false, + t.Run("Owner", func(t *testing.T) { + client := coderdtest.New(t, nil) + _ = coderdtest.CreateFirstUser(t, client) + inv, root := clitest.New(t, "users", "delete", "me") + //nolint:gocritic // The point of the test is to validate that a user cannot delete + // themselves, the owner user is probably the most important user to test this with. + clitest.SetupConfig(t, client, root) + require.ErrorContains(t, inv.Run(), "You cannot delete yourself!") + }) + t.Run("UserAdmin", func(t *testing.T) { + client := coderdtest.New(t, nil) + owner := coderdtest.CreateFirstUser(t, client) + userAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleUserAdmin()) + inv, root := clitest.New(t, "users", "delete", "me") + clitest.SetupConfig(t, userAdmin, root) + require.ErrorContains(t, inv.Run(), "You cannot delete yourself!") }) - require.NoError(t, err) - - coderdtest.CreateAnotherUser(t, client, aUser.OrganizationID) - - inv, root := clitest.New(t, "users", "delete", "me") - clitest.SetupConfig(t, client, root) - require.ErrorContains(t, inv.Run(), "You cannot delete yourself!") }) } diff --git a/cli/userlist_test.go b/cli/userlist_test.go index d6c80d0b7c..64565e1dde 100644 --- a/cli/userlist_test.go +++ b/cli/userlist_test.go @@ -11,6 +11,7 @@ import ( "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/coderd/coderdtest" + "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/pty/ptytest" ) @@ -20,9 +21,10 @@ func TestUserList(t *testing.T) { t.Run("Table", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + userAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleUserAdmin()) inv, root := clitest.New(t, "users", "list") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, userAdmin, root) pty := ptytest.New(t).Attach(inv) errC := make(chan error) go func() { @@ -35,9 +37,10 @@ func TestUserList(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) + userAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleUserAdmin()) inv, root := clitest.New(t, "users", "list", "-o", "json") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, userAdmin, root) doneChan := make(chan struct{}) buf := bytes.NewBuffer(nil) @@ -53,7 +56,7 @@ func TestUserList(t *testing.T) { var users []codersdk.User err := json.Unmarshal(buf.Bytes(), &users) require.NoError(t, err, "unmarshal JSON output") - require.Len(t, users, 1) + require.Len(t, users, 2) require.Contains(t, users[0].Email, "coder.com") }) t.Run("NoURLFileErrorHasHelperText", func(t *testing.T) { @@ -84,10 +87,11 @@ func TestUserShow(t *testing.T) { t.Run("Table", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) - _, otherUser := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID) + owner := coderdtest.CreateFirstUser(t, client) + userAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleUserAdmin()) + _, otherUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) inv, root := clitest.New(t, "users", "show", otherUser.Username) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, userAdmin, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) go func() { @@ -104,12 +108,13 @@ func TestUserShow(t *testing.T) { ctx := context.Background() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) - other, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID) + owner := coderdtest.CreateFirstUser(t, client) + userAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleUserAdmin()) + other, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) otherUser, err := other.User(ctx, codersdk.Me) require.NoError(t, err, "fetch other user") inv, root := clitest.New(t, "users", "show", otherUser.Username, "-o", "json") - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, userAdmin, root) doneChan := make(chan struct{}) buf := bytes.NewBuffer(nil) diff --git a/cli/userstatus_test.go b/cli/userstatus_test.go index b288a483e0..607132c094 100644 --- a/cli/userstatus_test.go +++ b/cli/userstatus_test.go @@ -9,6 +9,7 @@ import ( "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/coderd/coderdtest" + "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/codersdk" ) @@ -35,13 +36,14 @@ func TestUserStatus(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) - other, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID) + owner := coderdtest.CreateFirstUser(t, client) + userAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleUserAdmin()) + other, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) otherUser, err := other.User(context.Background(), codersdk.Me) require.NoError(t, err, "fetch user") inv, root := clitest.New(t, "users", "suspend", otherUser.Username) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, userAdmin, root) // Yes to the prompt inv.Stdin = bytes.NewReader([]byte("yes\n")) err = inv.Run() @@ -54,7 +56,7 @@ func TestUserStatus(t *testing.T) { // Set back to active. Try using a uuid as well inv, root = clitest.New(t, "users", "activate", otherUser.ID.String()) - clitest.SetupConfig(t, client, root) + clitest.SetupConfig(t, userAdmin, root) // Yes to the prompt inv.Stdin = bytes.NewReader([]byte("yes\n")) err = inv.Run() diff --git a/coderd/insights_test.go b/coderd/insights_test.go index f81523262a..b154bb114c 100644 --- a/coderd/insights_test.go +++ b/coderd/insights_test.go @@ -2111,15 +2111,15 @@ func TestTemplateInsights_RBAC(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) defer cancel() var templateIDs []uuid.UUID if tt.withTemplate { - version := coderdtest.CreateTemplateVersion(t, client, admin.OrganizationID, nil) - template := coderdtest.CreateTemplate(t, client, admin.OrganizationID, version.ID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) templateIDs = append(templateIDs, template.ID) } @@ -2135,17 +2135,17 @@ func TestTemplateInsights_RBAC(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) - templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID, rbac.RoleTemplateAdmin()) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) defer cancel() var templateIDs []uuid.UUID if tt.withTemplate { - version := coderdtest.CreateTemplateVersion(t, client, admin.OrganizationID, nil) - template := coderdtest.CreateTemplate(t, client, admin.OrganizationID, version.ID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) templateIDs = append(templateIDs, template.ID) } @@ -2161,17 +2161,17 @@ func TestTemplateInsights_RBAC(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) - regular, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID) + regular, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) defer cancel() var templateIDs []uuid.UUID if tt.withTemplate { - version := coderdtest.CreateTemplateVersion(t, client, admin.OrganizationID, nil) - template := coderdtest.CreateTemplate(t, client, admin.OrganizationID, version.ID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) templateIDs = append(templateIDs, template.ID) } @@ -2240,15 +2240,15 @@ func TestGenericInsights_RBAC(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) defer cancel() var templateIDs []uuid.UUID if tt.withTemplate { - version := coderdtest.CreateTemplateVersion(t, client, admin.OrganizationID, nil) - template := coderdtest.CreateTemplate(t, client, admin.OrganizationID, version.ID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) templateIDs = append(templateIDs, template.ID) } @@ -2262,17 +2262,17 @@ func TestGenericInsights_RBAC(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) - templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID, rbac.RoleTemplateAdmin()) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) defer cancel() var templateIDs []uuid.UUID if tt.withTemplate { - version := coderdtest.CreateTemplateVersion(t, client, admin.OrganizationID, nil) - template := coderdtest.CreateTemplate(t, client, admin.OrganizationID, version.ID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) templateIDs = append(templateIDs, template.ID) } @@ -2286,17 +2286,17 @@ func TestGenericInsights_RBAC(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) - regular, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID) + regular, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) defer cancel() var templateIDs []uuid.UUID if tt.withTemplate { - version := coderdtest.CreateTemplateVersion(t, client, admin.OrganizationID, nil) - template := coderdtest.CreateTemplate(t, client, admin.OrganizationID, version.ID) + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) templateIDs = append(templateIDs, template.ID) } diff --git a/coderd/roles_test.go b/coderd/roles_test.go index 275edc25bf..c50f24eb46 100644 --- a/coderd/roles_test.go +++ b/coderd/roles_test.go @@ -17,10 +17,10 @@ func TestListRoles(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - // Create admin, member, and org admin - admin := coderdtest.CreateFirstUser(t, client) - member, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID) - orgAdmin, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID, rbac.RoleOrgAdmin(admin.OrganizationID)) + // Create owner, member, and org admin + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + orgAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleOrgAdmin(owner.OrganizationID)) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) t.Cleanup(cancel) @@ -55,10 +55,10 @@ func TestListRoles(t *testing.T) { { Name: "OrgMemberListOrg", APICall: func(ctx context.Context) ([]codersdk.AssignableRoles, error) { - return member.ListOrganizationRoles(ctx, admin.OrganizationID) + return member.ListOrganizationRoles(ctx, owner.OrganizationID) }, ExpectedRoles: convertRoles(map[string]bool{ - rbac.RoleOrgAdmin(admin.OrganizationID): false, + rbac.RoleOrgAdmin(owner.OrganizationID): false, }), }, { @@ -84,10 +84,10 @@ func TestListRoles(t *testing.T) { { Name: "OrgAdminListOrg", APICall: func(ctx context.Context) ([]codersdk.AssignableRoles, error) { - return orgAdmin.ListOrganizationRoles(ctx, admin.OrganizationID) + return orgAdmin.ListOrganizationRoles(ctx, owner.OrganizationID) }, ExpectedRoles: convertRoles(map[string]bool{ - rbac.RoleOrgAdmin(admin.OrganizationID): true, + rbac.RoleOrgAdmin(owner.OrganizationID): true, }), }, { @@ -113,10 +113,10 @@ func TestListRoles(t *testing.T) { { Name: "AdminListOrg", APICall: func(ctx context.Context) ([]codersdk.AssignableRoles, error) { - return client.ListOrganizationRoles(ctx, admin.OrganizationID) + return client.ListOrganizationRoles(ctx, owner.OrganizationID) }, ExpectedRoles: convertRoles(map[string]bool{ - rbac.RoleOrgAdmin(admin.OrganizationID): true, + rbac.RoleOrgAdmin(owner.OrganizationID): true, }), }, } diff --git a/coderd/users_test.go b/coderd/users_test.go index 2c86a09691..ad6581c250 100644 --- a/coderd/users_test.go +++ b/coderd/users_test.go @@ -262,13 +262,13 @@ func TestPostLogin(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() split := strings.Split(client.SessionToken(), "-") - key, err := client.APIKeyByID(ctx, admin.UserID.String(), split[0]) + key, err := client.APIKeyByID(ctx, owner.UserID.String(), split[0]) require.NoError(t, err, "fetch login key") require.Equal(t, int64(86400), key.LifetimeSeconds, "default should be 86400") @@ -276,7 +276,7 @@ func TestPostLogin(t *testing.T) { token, err := client.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{}) require.NoError(t, err, "make new token api key") split = strings.Split(token.Key, "-") - apiKey, err := client.APIKeyByID(ctx, admin.UserID.String(), split[0]) + apiKey, err := client.APIKeyByID(ctx, owner.UserID.String(), split[0]) require.NoError(t, err, "fetch api key") require.True(t, apiKey.ExpiresAt.After(time.Now().Add(time.Hour*24*29)), "default tokens lasts more than 29 days") @@ -364,14 +364,14 @@ func TestPostLogout(t *testing.T) { client := coderdtest.New(t, &coderdtest.Options{Auditor: auditor}) numLogs := len(auditor.AuditLogs()) - admin := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) numLogs++ // add an audit log for login ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() keyID := strings.Split(client.SessionToken(), "-")[0] - apiKey, err := client.APIKeyByID(ctx, admin.UserID.String(), keyID) + apiKey, err := client.APIKeyByID(ctx, owner.UserID.String(), keyID) require.NoError(t, err) require.Equal(t, keyID, apiKey.ID, "API key should exist in the database") @@ -400,7 +400,7 @@ func TestPostLogout(t *testing.T) { } require.True(t, found, "auth cookie should be returned") - _, err = client.APIKeyByID(ctx, admin.UserID.String(), keyID) + _, err = client.APIKeyByID(ctx, owner.UserID.String(), keyID) sdkErr := &codersdk.Error{} require.ErrorAs(t, err, &sdkErr) require.Equal(t, http.StatusUnauthorized, sdkErr.StatusCode(), "Expecting 401") @@ -707,13 +707,13 @@ func TestUpdateUserPassword(t *testing.T) { t.Run("MemberCantUpdateAdminPassword", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) - member, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() - err := member.UpdateUserPassword(ctx, admin.UserID.String(), codersdk.UpdateUserPasswordRequest{ + err := member.UpdateUserPassword(ctx, owner.UserID.String(), codersdk.UpdateUserPasswordRequest{ Password: "newpassword", }) require.Error(t, err, "member should not be able to update admin password") @@ -722,7 +722,7 @@ func TestUpdateUserPassword(t *testing.T) { t.Run("AdminCanUpdateMemberPassword", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() @@ -731,7 +731,7 @@ func TestUpdateUserPassword(t *testing.T) { Email: "coder@coder.com", Username: "coder", Password: "SomeStrongPassword!", - OrganizationID: admin.OrganizationID, + OrganizationID: owner.OrganizationID, }) require.NoError(t, err, "create member") err = client.UpdateUserPassword(ctx, member.ID.String(), codersdk.UpdateUserPasswordRequest{ @@ -751,11 +751,11 @@ func TestUpdateUserPassword(t *testing.T) { client := coderdtest.New(t, &coderdtest.Options{Auditor: auditor}) numLogs := len(auditor.AuditLogs()) - admin := coderdtest.CreateFirstUser(t, client) + owner := coderdtest.CreateFirstUser(t, client) numLogs++ // add an audit log for user create numLogs++ // add an audit log for login - member, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) numLogs++ // add an audit log for user create ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) @@ -775,8 +775,8 @@ func TestUpdateUserPassword(t *testing.T) { t.Run("MemberCantUpdateOwnPasswordWithoutOldPassword", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, nil) - admin := coderdtest.CreateFirstUser(t, client) - member, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() diff --git a/coderd/workspacebuilds_test.go b/coderd/workspacebuilds_test.go index 5539cc4eef..c5c1d353d2 100644 --- a/coderd/workspacebuilds_test.go +++ b/coderd/workspacebuilds_test.go @@ -729,16 +729,16 @@ func TestWorkspaceBuildDebugMode(t *testing.T) { deploymentValues.EnableTerraformDebugMode = true adminClient := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true, DeploymentValues: deploymentValues}) - admin := coderdtest.CreateFirstUser(t, adminClient) - templateAuthorClient, _ := coderdtest.CreateAnotherUser(t, adminClient, admin.OrganizationID, rbac.RoleTemplateAdmin()) + owner := coderdtest.CreateFirstUser(t, adminClient) + templateAuthorClient, _ := coderdtest.CreateAnotherUser(t, adminClient, owner.OrganizationID, rbac.RoleTemplateAdmin()) // Template author: create a template - version := coderdtest.CreateTemplateVersion(t, templateAuthorClient, admin.OrganizationID, nil) - template := coderdtest.CreateTemplate(t, templateAuthorClient, admin.OrganizationID, version.ID) + version := coderdtest.CreateTemplateVersion(t, templateAuthorClient, owner.OrganizationID, nil) + template := coderdtest.CreateTemplate(t, templateAuthorClient, owner.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJobCompleted(t, templateAuthorClient, version.ID) // Template author: create a workspace - workspace := coderdtest.CreateWorkspace(t, templateAuthorClient, admin.OrganizationID, template.ID) + workspace := coderdtest.CreateWorkspace(t, templateAuthorClient, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, templateAuthorClient, workspace.LatestBuild.ID) // Template author: try to start a workspace build in debug mode @@ -766,7 +766,7 @@ func TestWorkspaceBuildDebugMode(t *testing.T) { deploymentValues.EnableTerraformDebugMode = true adminClient := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true, DeploymentValues: deploymentValues}) - admin := coderdtest.CreateFirstUser(t, adminClient) + owner := coderdtest.CreateFirstUser(t, adminClient) // Interact as template admin echoResponses := &echo.Responses{ @@ -799,12 +799,12 @@ func TestWorkspaceBuildDebugMode(t *testing.T) { }, }}, } - version := coderdtest.CreateTemplateVersion(t, adminClient, admin.OrganizationID, echoResponses) - template := coderdtest.CreateTemplate(t, adminClient, admin.OrganizationID, version.ID) + version := coderdtest.CreateTemplateVersion(t, adminClient, owner.OrganizationID, echoResponses) + template := coderdtest.CreateTemplate(t, adminClient, owner.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, version.ID) // Create workspace - workspace := coderdtest.CreateWorkspace(t, adminClient, admin.OrganizationID, template.ID) + workspace := coderdtest.CreateWorkspace(t, adminClient, owner.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJobCompleted(t, adminClient, workspace.LatestBuild.ID) // Create workspace build diff --git a/docs/admin/users.md b/docs/admin/users.md index dc4969edc1..4ef6ce1af9 100644 --- a/docs/admin/users.md +++ b/docs/admin/users.md @@ -13,7 +13,8 @@ Coder offers these user roles in the community edition: | Manage groups (enterprise) | | ✅ | | ✅ | | Change User roles | | | | ✅ | | Manage **ALL** Templates | | | ✅ | ✅ | -| View, update and delete **ALL** Workspaces | | | ✅ | ✅ | +| View **ALL** Workspaces | | | ✅ | ✅ | +| Update and delete **ALL** Workspaces | | | | ✅ | | Run [external provisioners](./provisioners.md) | | | ✅ | ✅ | | Execute and use **ALL** Workspaces | | | | ✅ | | View all user operation [Audit Logs](./audit-logs.md) | ✅ | | | ✅ | diff --git a/scripts/rules.go b/scripts/rules.go index ab5ef0b430..b21830bcee 100644 --- a/scripts/rules.go +++ b/scripts/rules.go @@ -43,6 +43,28 @@ func dbauthzAuthorizationContext(m dsl.Matcher) { Report("Using '$f' is dangerous and should be accompanied by a comment explaining why it's ok and a nolint.") } +// testingWithOwnerUser is a lint rule that detects potential permission bugs. +// Calling clitest.SetupConfig with a client authenticated as the Owner user +// can be a problem, since the CLI will be operating as that user and we may +// miss permission bugs. +// +//nolint:unused,deadcode,varnamelen +func testingWithOwnerUser(m dsl.Matcher) { + m.Import("testing") + m.Import("github.com/coder/coder/v2/cli/clitest") + + m.Match(` + $_ := coderdtest.CreateFirstUser($t, $client) + $*_ + clitest.$SetupConfig($t, $client, $_) + `). + Where(m["t"].Type.Implements("testing.TB") && + m["SetupConfig"].Text.Matches("^SetupConfig$") && + m.File().Name.Matches(`_test\.go$`)). + At(m["SetupConfig"]). + Report(`The CLI will be operating as the owner user, which has unrestricted permissions. Consider creating a different user.`) +} + // Use xerrors everywhere! It provides additional stacktrace info! // //nolint:unused,deadcode,varnamelen