test: Easy method for assigning roles in unit tests

Emyrk · Emyrk · commit 8530cdf0fb98 · 2022-05-11T09:33:44.000-05:00
diff --git a/coderd/coderdtest/coderdtest.go b/coderd/coderdtest/coderdtest.go
@@ -13,6 +13,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"encoding/pem"
+	"fmt"
 	"io"
 	"math/big"
 	"net"
@@ -24,6 +25,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/coder/coder/coderd/rbac"
+
 	"cloud.google.com/go/compute/metadata"
 	"github.com/fullsailor/pkcs7"
 	"github.com/golang-jwt/jwt"
@@ -197,14 +200,14 @@ func CreateFirstUser(t *testing.T, client *codersdk.Client) codersdk.CreateFirst
 }
 
 // CreateAnotherUser creates and authenticates a new user.
-func CreateAnotherUser(t *testing.T, client *codersdk.Client, organizationID uuid.UUID) *codersdk.Client {
+func CreateAnotherUser(t *testing.T, client *codersdk.Client, organizationID uuid.UUID, roles ...string) *codersdk.Client {
 	req := codersdk.CreateUserRequest{
 		Email:          namesgenerator.GetRandomName(1) + "@coder.com",
 		Username:       randomUsername(),
 		Password:       "testpass",
 		OrganizationID: organizationID,
 	}
-	_, err := client.CreateUser(context.Background(), req)
+	user, err := client.CreateUser(context.Background(), req)
 	require.NoError(t, err)
 
 	login, err := client.LoginWithPassword(context.Background(), codersdk.LoginWithPasswordRequest{
@@ -215,6 +218,40 @@ func CreateAnotherUser(t *testing.T, client *codersdk.Client, organizationID uui
 
 	other := codersdk.New(client.URL)
 	other.SessionToken = login.SessionToken
+
+	if len(roles) > 0 {
+		// Find the roles for the org vs the site wide roles
+		orgRoles := make(map[string][]string)
+		var siteRoles []string
+
+		for _, roleName := range roles {
+			roleName := roleName
+			orgID, ok := rbac.IsOrgRole(roleName)
+			if ok {
+				orgRoles[orgID] = append(orgRoles[orgID], roleName)
+			} else {
+				siteRoles = append(siteRoles, roleName)
+			}
+		}
+		// Update the roles
+		for _, r := range user.Roles {
+			siteRoles = append(siteRoles, r.Name)
+		}
+		// TODO: @emyrk switch "other" to "client" when we support updating other
+		//	users.
+		_, err := other.UpdateUserRoles(context.Background(), user.ID, codersdk.UpdateRoles{Roles: siteRoles})
+		require.NoError(t, err, "update site roles")
+
+		// Update org roles
+		for orgID, roles := range orgRoles {
+			organizationID, err := uuid.Parse(orgID)
+			require.NoError(t, err, fmt.Sprintf("parse org id %q", orgID))
+			// TODO: @Emyrk add the member to the organization if they do not already belong.
+			_, err = other.UpdateOrganizationMemberRoles(context.Background(), organizationID, user.ID,
+				codersdk.UpdateRoles{Roles: append(roles, rbac.RoleOrgMember(organizationID))})
+			require.NoError(t, err, "update org membership roles")
+		}
+	}
 	return other
 }
 
diff --git a/coderd/roles_test.go b/coderd/roles_test.go
@@ -15,24 +15,11 @@ import (
 func TestPermissionCheck(t *testing.T) {
 	t.Parallel()
 
-	ctx := context.Background()
 	client := coderdtest.New(t, nil)
 	// Create admin, member, and org admin
 	admin := coderdtest.CreateFirstUser(t, client)
 	member := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID)
-
-	orgAdmin := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID)
-	orgAdminUser, err := orgAdmin.User(ctx, codersdk.Me)
-	require.NoError(t, err)
-
-	// TODO: @emyrk switch this to the admin when getting non-personal users is
-	//	supported. `client.UpdateOrganizationMemberRoles(...)`
-	_, err = orgAdmin.UpdateOrganizationMemberRoles(ctx, admin.OrganizationID, orgAdminUser.ID,
-		codersdk.UpdateRoles{
-			Roles: []string{rbac.RoleOrgMember(admin.OrganizationID), rbac.RoleOrgAdmin(admin.OrganizationID)},
-		},
-	)
-	require.NoError(t, err, "update org member roles")
+	orgAdmin := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID, rbac.RoleOrgAdmin(admin.OrganizationID))
 
 	// With admin, member, and org admin
 	const (
@@ -102,6 +89,7 @@ func TestPermissionCheck(t *testing.T) {
 	for _, c := range testCases {
 		c := c
 		t.Run(c.Name, func(t *testing.T) {
+			t.Parallel()
 			resp, err := c.Client.CheckPermissions(context.Background(), codersdk.UserPermissionCheckRequest{Checks: params})
 			require.NoError(t, err, "check perms")
 			require.Equal(t, resp, c.Check)
@@ -117,19 +105,7 @@ func TestListRoles(t *testing.T) {
 	// Create admin, member, and org admin
 	admin := coderdtest.CreateFirstUser(t, client)
 	member := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID)
-
-	orgAdmin := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID)
-	orgAdminUser, err := orgAdmin.User(ctx, codersdk.Me)
-	require.NoError(t, err)
-
-	// TODO: @emyrk switch this to the admin when getting non-personal users is
-	//	supported. `client.UpdateOrganizationMemberRoles(...)`
-	_, err = orgAdmin.UpdateOrganizationMemberRoles(ctx, admin.OrganizationID, orgAdminUser.ID,
-		codersdk.UpdateRoles{
-			Roles: []string{rbac.RoleOrgMember(admin.OrganizationID), rbac.RoleOrgAdmin(admin.OrganizationID)},
-		},
-	)
-	require.NoError(t, err, "update org member roles")
+	orgAdmin := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID, rbac.RoleOrgAdmin(admin.OrganizationID))
 
 	otherOrg, err := client.CreateOrganization(ctx, admin.UserID, codersdk.CreateOrganizationRequest{
 		Name: "other",
