authz: protect instance endpoints#673
Conversation
|
I think this is now ready for review. |
|
|
||
| pub fn project(&self) -> &Project { | ||
| &self.parent | ||
| } |
There was a problem hiding this comment.
thanks. it didn't come up in my find because nexus.rs was collapsed
| .await | ||
| .unwrap() | ||
| .parsed_body() | ||
| .unwrap(); |
There was a problem hiding this comment.
I don't see an obvious way around it besides adding yet another helper, but these chains are long and there are a lot of them
There was a problem hiding this comment.
I agree -- and a little error prone. (It's easy to forget the authn_as() and get a 404 for the wrong reason.) And you probably remember that the reason we got here was we had like 5-10 helper functions that were all only slightly different from each other :-/
It's possible most of our tests should be using clients generated from the OpenAPI spec. That could make a lot of these a lot clearer.
I've also been considering using something like hurl for our tests, where we use something like a DSL to describe the requests we want to make and the expected responses. This sounds fantastic at first but it gets hairy when you add authn and stuff like the side-door operations used by the tests to manipulate Nexus state outside the API.
This change adds protection for various Instance-related endpoints, following the same patterns as what's already been done for Disks and others. This one's a bit more involved because of the start/stop/reboot endpoints.