Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 106b1cd

Browse files
hugodutkahugodutka
authored
chore: convert dbauthz tests to also run with Postgres (#15862)
Another PR to address #15109. - adds the DisableForeignKeysAndTriggers utility, which simplifies converting tests from in-mem to postgres - converts the dbauthz test suite to pass on both the in-mem db and Postgres
1 parent 13cfaae commit 106b1cd

File tree

13 files changed

+1678
-335
lines changed

13 files changed

+1678
-335
lines changed

coderd/coderdtest/authorize.go

+13-4
Original file line numberDiff line numberDiff line change
@@ -358,6 +358,7 @@ func (s *PreparedRecorder) CompileToSQL(ctx context.Context, cfg regosql.Convert
358358
// Meaning 'FakeAuthorizer' by default will never return "unauthorized".
359359
type FakeAuthorizer struct {
360360
ConditionalReturn func(context.Context, rbac.Subject, policy.Action, rbac.Object) error
361+
sqlFilter string
361362
}
362363

363364
var _ rbac.Authorizer = (*FakeAuthorizer)(nil)
@@ -370,6 +371,12 @@ func (d *FakeAuthorizer) AlwaysReturn(err error) *FakeAuthorizer {
370371
return d
371372
}
372373

374+
// OverrideSQLFilter sets the SQL filter that will always be returned by CompileToSQL.
375+
func (d *FakeAuthorizer) OverrideSQLFilter(filter string) *FakeAuthorizer {
376+
d.sqlFilter = filter
377+
return d
378+
}
379+
373380
func (d *FakeAuthorizer) Authorize(ctx context.Context, subject rbac.Subject, action policy.Action, object rbac.Object) error {
374381
if d.ConditionalReturn != nil {
375382
return d.ConditionalReturn(ctx, subject, action, object)
@@ -400,10 +407,12 @@ func (f *fakePreparedAuthorizer) Authorize(ctx context.Context, object rbac.Obje
400407
return f.Original.Authorize(ctx, f.Subject, f.Action, object)
401408
}
402409

403-
// CompileToSQL returns a compiled version of the authorizer that will work for
404-
// in memory databases. This fake version will not work against a SQL database.
405-
func (*fakePreparedAuthorizer) CompileToSQL(_ context.Context, _ regosql.ConvertConfig) (string, error) {
406-
return "not a valid sql string", nil
410+
func (f *fakePreparedAuthorizer) CompileToSQL(_ context.Context, _ regosql.ConvertConfig) (string, error) {
411+
if f.Original.sqlFilter != "" {
412+
return f.Original.sqlFilter, nil
413+
}
414+
// By default, allow all SQL queries.
415+
return "TRUE", nil
407416
}
408417

409418
// Random rbac helper funcs

coderd/coderdtest/authorize_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ func TestAuthzRecorder(t *testing.T) {
4444
require.NoError(t, rec.AllAsserted(), "all assertions should have been made")
4545
})
4646

47-
t.Run("Authorize&Prepared", func(t *testing.T) {
47+
t.Run("Authorize_Prepared", func(t *testing.T) {
4848
t.Parallel()
4949

5050
rec := &coderdtest.RecordingAuthorizer{

coderd/database/dbauthz/dbauthz.go

+8
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ import (
88
"fmt"
99
"strings"
1010
"sync/atomic"
11+
"testing"
1112
"time"
1213

1314
"github.com/google/uuid"
@@ -1366,6 +1367,13 @@ func (q *querier) DeleteWorkspaceAgentPortSharesByTemplate(ctx context.Context,
13661367
return q.db.DeleteWorkspaceAgentPortSharesByTemplate(ctx, templateID)
13671368
}
13681369

1370+
func (q *querier) DisableForeignKeysAndTriggers(ctx context.Context) error {
1371+
if !testing.Testing() {
1372+
return xerrors.Errorf("DisableForeignKeysAndTriggers is only allowed in tests")
1373+
}
1374+
return q.db.DisableForeignKeysAndTriggers(ctx)
1375+
}
1376+
13691377
func (q *querier) EnqueueNotificationMessage(ctx context.Context, arg database.EnqueueNotificationMessageParams) error {
13701378
if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceNotificationMessage); err != nil {
13711379
return err

0 commit comments

Comments
 (0)