Documentation ¶
Index ¶
- Variables
- func AwaitTemplateVersionJob(t *testing.T, client *codersdk.Client, version uuid.UUID) codersdk.TemplateVersion
- func AwaitWorkspaceAgents(t *testing.T, client *codersdk.Client, workspaceID uuid.UUID, ...) []codersdk.WorkspaceResource
- func AwaitWorkspaceBuildJob(t *testing.T, client *codersdk.Client, build uuid.UUID) codersdk.WorkspaceBuild
- func CreateAnotherUser(t *testing.T, client *codersdk.Client, organizationID uuid.UUID, ...) (*codersdk.Client, codersdk.User)
- func CreateFirstUser(t *testing.T, client *codersdk.Client) codersdk.CreateFirstUserResponse
- func CreateTemplate(t *testing.T, client *codersdk.Client, organization uuid.UUID, ...) codersdk.Template
- func CreateTemplateVersion(t *testing.T, client *codersdk.Client, organizationID uuid.UUID, ...) codersdk.TemplateVersion
- func CreateWorkspace(t *testing.T, client *codersdk.Client, organization uuid.UUID, ...) codersdk.Workspace
- func CreateWorkspaceBuild(t *testing.T, client *codersdk.Client, workspace codersdk.Workspace, ...) codersdk.WorkspaceBuild
- func DeploymentValues(t *testing.T) *codersdk.DeploymentValues
- func MustTransitionWorkspace(t *testing.T, client *codersdk.Client, workspaceID uuid.UUID, ...) codersdk.Workspace
- func MustWorkspace(t *testing.T, client *codersdk.Client, workspaceID uuid.UUID) codersdk.Workspace
- func New(t *testing.T, options *Options) *codersdk.Client
- func NewAWSInstanceIdentity(t *testing.T, instanceID string) (awsidentity.Certificates, *http.Client)
- func NewAzureInstanceIdentity(t *testing.T, instanceID string) (x509.VerifyOptions, *http.Client)
- func NewExternalProvisionerDaemon(t *testing.T, client *codersdk.Client, org uuid.UUID, tags map[string]string) io.Closer
- func NewGoogleInstanceIdentity(t *testing.T, instanceID string, expired bool) (*idtoken.Validator, *metadata.Client)
- func NewOptions(t *testing.T, options *Options) (func(http.Handler), context.CancelFunc, *url.URL, *coderd.Options)
- func NewProvisionerDaemon(t *testing.T, coderAPI *coderd.API) io.Closer
- func NewWithAPI(t *testing.T, options *Options) (*codersdk.Client, io.Closer, *coderd.API)
- func NewWithProvisionerCloser(t *testing.T, options *Options) (*codersdk.Client, io.Closer)
- func RandomRBACAction() rbac.Action
- func RandomRBACObject() rbac.Object
- func RandomRBACSubject() rbac.Subject
- func RequestGitAuthCallback(t *testing.T, providerID string, client *codersdk.Client) *http.Response
- func SDKError(t *testing.T, err error) *codersdk.Error
- func UpdateTemplateVersion(t *testing.T, client *codersdk.Client, organizationID uuid.UUID, ...) codersdk.TemplateVersion
- func VerifySwaggerDefinitions(t *testing.T, router chi.Router, swaggerComments []SwaggerComment)
- type ActionObjectPair
- type AuthCall
- type FakeAuthorizer
- type OIDCConfig
- func (*OIDCConfig) AuthCodeURL(state string, _ ...oauth2.AuthCodeOption) string
- func (o *OIDCConfig) EncodeClaims(t *testing.T, claims jwt.MapClaims) string
- func (*OIDCConfig) Exchange(_ context.Context, code string, _ ...oauth2.AuthCodeOption) (*oauth2.Token, error)
- func (o *OIDCConfig) OIDCConfig(t *testing.T, userInfoClaims jwt.MapClaims, ...) *coderd.OIDCConfig
- func (*OIDCConfig) TokenSource(context.Context, *oauth2.Token) oauth2.TokenSource
- type Options
- type PreparedRecorder
- type RBACAsserter
- type RecordingAuthorizer
- func (r *RecordingAuthorizer) AllAsserted() error
- func (r *RecordingAuthorizer) AllCalls(actor *rbac.Subject) []AuthCall
- func (r *RecordingAuthorizer) AssertActor(t *testing.T, actor rbac.Subject, did ...ActionObjectPair)
- func (r *RecordingAuthorizer) AssertOutOfOrder(t *testing.T, actor rbac.Subject, did ...ActionObjectPair)
- func (r *RecordingAuthorizer) Authorize(ctx context.Context, subject rbac.Subject, action rbac.Action, ...) error
- func (*RecordingAuthorizer) Pair(action rbac.Action, object rbac.Objecter) ActionObjectPair
- func (r *RecordingAuthorizer) Prepare(ctx context.Context, subject rbac.Subject, action rbac.Action, ...) (rbac.PreparedAuthorized, error)
- func (r *RecordingAuthorizer) Reset()
- type SwaggerComment
Constants ¶
This section is empty.
Variables ¶
var AppSecurityKey = must(workspaceapps.KeyFromString("6465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e2077617320686572"))
AppSecurityKey is a 96-byte key used to sign JWTs and encrypt JWEs for workspace app tokens in tests.
var FirstUserParams = codersdk.CreateFirstUserRequest{
Email: "testuser@coder.com",
Username: "testuser",
Password: "SomeSecurePassword!",
}
Functions ¶
func AwaitTemplateVersionJob ¶ added in v0.4.0
func AwaitTemplateVersionJob(t *testing.T, client *codersdk.Client, version uuid.UUID) codersdk.TemplateVersion
AwaitTemplateImportJob awaits for an import job to reach completed status.
func AwaitWorkspaceAgents ¶
func AwaitWorkspaceAgents(t *testing.T, client *codersdk.Client, workspaceID uuid.UUID, agentNames ...string) []codersdk.WorkspaceResource
AwaitWorkspaceAgents waits for all resources with agents to be connected. If specific agents are provided, it will wait for those agents to be connected but will not fail if other agents are not connected.
func AwaitWorkspaceBuildJob ¶
func AwaitWorkspaceBuildJob(t *testing.T, client *codersdk.Client, build uuid.UUID) codersdk.WorkspaceBuild
AwaitWorkspaceBuildJob waits for a workspace provision job to reach completed status.
func CreateAnotherUser ¶
func CreateAnotherUser(t *testing.T, client *codersdk.Client, organizationID uuid.UUID, roles ...string) (*codersdk.Client, codersdk.User)
CreateAnotherUser creates and authenticates a new user.
func CreateFirstUser ¶
CreateFirstUser creates a user with preset credentials and authenticates with the passed in codersdk client.
func CreateTemplate ¶ added in v0.4.0
func CreateTemplate(t *testing.T, client *codersdk.Client, organization uuid.UUID, version uuid.UUID, mutators ...func(*codersdk.CreateTemplateRequest)) codersdk.Template
CreateTemplate creates a template with the "echo" provisioner for compatibility with testing. The name assigned is randomly generated.
func CreateTemplateVersion ¶ added in v0.4.0
func CreateTemplateVersion(t *testing.T, client *codersdk.Client, organizationID uuid.UUID, res *echo.Responses, mutators ...func(*codersdk.CreateTemplateVersionRequest)) codersdk.TemplateVersion
CreateTemplateVersion creates a template import provisioner job with the responses provided. It uses the "echo" provisioner for compatibility with testing.
func CreateWorkspace ¶
func CreateWorkspace(t *testing.T, client *codersdk.Client, organization uuid.UUID, templateID uuid.UUID, mutators ...func(*codersdk.CreateWorkspaceRequest)) codersdk.Workspace
CreateWorkspace creates a workspace for the user and template provided. A random name is generated for it. To customize the defaults, pass a mutator func.
func CreateWorkspaceBuild ¶ added in v0.6.0
func CreateWorkspaceBuild( t *testing.T, client *codersdk.Client, workspace codersdk.Workspace, transition database.WorkspaceTransition, ) codersdk.WorkspaceBuild
CreateWorkspaceBuild creates a workspace build for the given workspace and transition.
func DeploymentValues ¶ added in v0.19.0
func DeploymentValues(t *testing.T) *codersdk.DeploymentValues
func MustTransitionWorkspace ¶ added in v0.6.3
func MustTransitionWorkspace(t *testing.T, client *codersdk.Client, workspaceID uuid.UUID, from, to database.WorkspaceTransition) codersdk.Workspace
TransitionWorkspace is a convenience method for transitioning a workspace from one state to another.
func MustWorkspace ¶ added in v0.6.3
MustWorkspace is a convenience method for fetching a workspace that should exist.
func NewAWSInstanceIdentity ¶
func NewAWSInstanceIdentity(t *testing.T, instanceID string) (awsidentity.Certificates, *http.Client)
NewAWSInstanceIdentity returns a metadata client and ID token validator for faking instance authentication for AWS.
func NewAzureInstanceIdentity ¶ added in v0.4.4
NewAzureInstanceIdentity returns a metadata client and ID token validator for faking instance authentication for Azure.
func NewExternalProvisionerDaemon ¶ added in v0.12.8
func NewGoogleInstanceIdentity ¶
func NewGoogleInstanceIdentity(t *testing.T, instanceID string, expired bool) (*idtoken.Validator, *metadata.Client)
NewGoogleInstanceIdentity returns a metadata client and ID token validator for faking instance authentication for Google Cloud. nolint:revive
func NewOptions ¶ added in v0.9.0
func NewProvisionerDaemon ¶
NewProvisionerDaemon launches a provisionerd instance configured to work well with coderd testing. It registers the "echo" provisioner for quick testing.
func NewWithAPI ¶ added in v0.6.1
NewWithAPI constructs an in-memory API instance and returns a client to talk to it. Most tests never need a reference to the API, but AuthorizationTest in this module uses it. Do not expose the API or wrath shall descend upon thee.
func NewWithProvisionerCloser ¶ added in v0.7.6
NewWithProvisionerCloser returns a client as well as a handle to close the provisioner. This is a temporary function while work is done to standardize how provisioners are registered with coderd. The option to include a provisioner is set to true for convenience.
func RandomRBACAction ¶ added in v0.17.2
func RandomRBACObject ¶ added in v0.17.2
func RandomRBACSubject ¶ added in v0.17.2
func RequestGitAuthCallback ¶ added in v0.18.0
func RequestGitAuthCallback(t *testing.T, providerID string, client *codersdk.Client) *http.Response
RequestGitAuthCallback makes a request with the proper OAuth2 state cookie to the git auth callback endpoint.
func UpdateTemplateVersion ¶ added in v0.5.6
func UpdateTemplateVersion(t *testing.T, client *codersdk.Client, organizationID uuid.UUID, res *echo.Responses, templateID uuid.UUID) codersdk.TemplateVersion
UpdateTemplateVersion creates a new template version with the "echo" provisioner and associates it with the given templateID.
func VerifySwaggerDefinitions ¶ added in v0.15.0
func VerifySwaggerDefinitions(t *testing.T, router chi.Router, swaggerComments []SwaggerComment)
Types ¶
type ActionObjectPair ¶ added in v0.17.0
type FakeAuthorizer ¶ added in v0.17.0
type FakeAuthorizer struct { // AlwaysReturn is the error that will be returned by Authorize. AlwaysReturn error }
FakeAuthorizer is an Authorizer that always returns the same error.
type OIDCConfig ¶ added in v0.10.2
type OIDCConfig struct {
// contains filtered or unexported fields
}
func NewOIDCConfig ¶ added in v0.10.2
func NewOIDCConfig(t *testing.T, issuer string) *OIDCConfig
func (*OIDCConfig) AuthCodeURL ¶ added in v0.10.2
func (*OIDCConfig) AuthCodeURL(state string, _ ...oauth2.AuthCodeOption) string
func (*OIDCConfig) EncodeClaims ¶ added in v0.10.2
func (*OIDCConfig) Exchange ¶ added in v0.10.2
func (*OIDCConfig) Exchange(_ context.Context, code string, _ ...oauth2.AuthCodeOption) (*oauth2.Token, error)
func (*OIDCConfig) OIDCConfig ¶ added in v0.10.2
func (o *OIDCConfig) OIDCConfig(t *testing.T, userInfoClaims jwt.MapClaims, opts ...func(cfg *coderd.OIDCConfig)) *coderd.OIDCConfig
func (*OIDCConfig) TokenSource ¶ added in v0.10.2
func (*OIDCConfig) TokenSource(context.Context, *oauth2.Token) oauth2.TokenSource
type Options ¶
type Options struct { // AccessURL denotes a custom access URL. By default we use the httptest // server's URL. Setting this may result in unexpected behavior (especially // with running agents). AccessURL *url.URL AppHostname string AWSCertificates awsidentity.Certificates Authorizer rbac.Authorizer AzureCertificates x509.VerifyOptions GithubOAuth2Config *coderd.GithubOAuth2Config RealIPConfig *httpmw.RealIPConfig OIDCConfig *coderd.OIDCConfig GoogleTokenValidator *idtoken.Validator SSHKeygenAlgorithm gitsshkey.Algorithm AutobuildTicker <-chan time.Time AutobuildStats chan<- executor.Stats Auditor audit.Auditor TLSCertificates []tls.Certificate GitAuthConfigs []*gitauth.Config TrialGenerator func(context.Context, string) error TemplateScheduleStore schedule.TemplateScheduleStore HealthcheckFunc func(ctx context.Context) (*healthcheck.Report, error) HealthcheckTimeout time.Duration HealthcheckRefresh time.Duration // All rate limits default to -1 (unlimited) in tests if not set. APIRateLimit int LoginRateLimit int FilesRateLimit int // IncludeProvisionerDaemon when true means to start an in-memory provisionerD IncludeProvisionerDaemon bool MetricsCacheRefreshInterval time.Duration AgentStatsRefreshInterval time.Duration DeploymentValues *codersdk.DeploymentValues // Set update check options to enable update check. UpdateCheckOptions *updatecheck.Options // Overriding the database is heavily discouraged. // It should only be used in cases where multiple Coder // test instances are running against the same database. Database database.Store Pubsub database.Pubsub ConfigSSH codersdk.SSHConfigResponse SwaggerEndpoint bool }
type PreparedRecorder ¶ added in v0.17.0
type PreparedRecorder struct {
// contains filtered or unexported fields
}
PreparedRecorder is the prepared version of the RecordingAuthorizer. It records the Authorize() calls to the original recorder. If the caller uses CompileToSQL, all recording stops. This is to support parity between memory and SQL backed dbs.
func (*PreparedRecorder) CompileToSQL ¶ added in v0.17.0
func (s *PreparedRecorder) CompileToSQL(ctx context.Context, cfg regosql.ConvertConfig) (string, error)
type RBACAsserter ¶ added in v0.20.0
type RBACAsserter struct { Subject rbac.Subject Recorder *RecordingAuthorizer }
RBACAsserter is a helper for asserting that the correct RBAC checks are performed. This struct is tied to a given user, and only authorizes calls for this user are checked.
func AssertRBAC ¶ added in v0.20.0
AssertRBAC returns an RBACAsserter for the given user. This asserter will allow asserting that the correct RBAC checks are performed for the given user. All checks that are not run against this user will be ignored.
func (RBACAsserter) AllCalls ¶ added in v0.20.0
func (a RBACAsserter) AllCalls() []AuthCall
AllCalls is for debugging. If you are not sure where calls are coming from, call this and use a debugger or print them. They have small callstacks on them to help locate the 'Authorize' call. Only calls to Authorize by the given subject will be returned. Note that duplicate rbac calls are handled by the rbac.Cacher(), but will be recorded twice. So AllCalls() returns calls regardless if they were returned from the cached or not.
func (RBACAsserter) AssertChecked ¶ added in v0.20.0
func (a RBACAsserter) AssertChecked(t *testing.T, action rbac.Action, objects ...interface{})
AssertChecked will assert a given rbac check was performed. It does not care about order of checks, or any other checks. This is useful when you do not care about asserting every check that was performed.
func (RBACAsserter) AssertInOrder ¶ added in v0.20.0
func (a RBACAsserter) AssertInOrder(t *testing.T, action rbac.Action, objects ...interface{})
AssertInOrder must be called in the correct order of authz checks. If the objects or actions are not in the correct order, the test will fail.
func (RBACAsserter) Reset ¶ added in v0.20.0
func (a RBACAsserter) Reset() RBACAsserter
Reset will clear all previously recorded authz calls. This is helpful when wanting to ignore checks run in test setup.
type RecordingAuthorizer ¶ added in v0.9.0
type RecordingAuthorizer struct { sync.RWMutex Called []AuthCall Wrapped rbac.Authorizer }
RecordingAuthorizer wraps any rbac.Authorizer and records all Authorize() calls made. This is useful for testing as these calls can later be asserted.
func (*RecordingAuthorizer) AllAsserted ¶ added in v0.17.0
func (r *RecordingAuthorizer) AllAsserted() error
AllAsserted returns an error if all calls to Authorize() have not been asserted and checked. This is useful for testing to ensure that all Authorize() calls are checked in the unit test.
func (*RecordingAuthorizer) AllCalls ¶ added in v0.20.0
func (r *RecordingAuthorizer) AllCalls(actor *rbac.Subject) []AuthCall
AllCalls is useful for debugging.
func (*RecordingAuthorizer) AssertActor ¶ added in v0.17.0
func (r *RecordingAuthorizer) AssertActor(t *testing.T, actor rbac.Subject, did ...ActionObjectPair)
AssertActor asserts in order. If the order of authz calls does not match, this will fail.
func (*RecordingAuthorizer) AssertOutOfOrder ¶ added in v0.20.0
func (r *RecordingAuthorizer) AssertOutOfOrder(t *testing.T, actor rbac.Subject, did ...ActionObjectPair)
AssertOutOfOrder asserts that the given actor performed the given action on the given objects. It does not care about the order of the calls. When marking authz calls as asserted, it will mark the first matching calls first.
func (*RecordingAuthorizer) Pair ¶ added in v0.17.0
func (*RecordingAuthorizer) Pair(action rbac.Action, object rbac.Objecter) ActionObjectPair
Pair is on the RecordingAuthorizer to be easy to find and keep the pkg interface smaller.
func (*RecordingAuthorizer) Reset ¶ added in v0.17.0
func (r *RecordingAuthorizer) Reset()
Reset clears the recorded Authorize() calls.
type SwaggerComment ¶ added in v0.15.0
type SwaggerComment struct {
// contains filtered or unexported fields
}
func ParseSwaggerComments ¶ added in v0.15.0
func ParseSwaggerComments(dirs ...string) ([]SwaggerComment, error)