update policy test for session list

Author: david-crespo

nexus/auth/src/authz/api_resources.rs

@@ -683,6 +683,10 @@ impl UserSessions {
     pub fn silo_user(&self) -> &SiloUser {
         &self.0
     }
+
+    pub fn silo(&self) -> &Silo {
+        &self.0.parent
+    }
 }
 
 impl oso::PolarClass for UserSessions {

nexus/db-queries/src/policy_test/resource_builder.rs

@@ -345,3 +345,20 @@ impl DynAuthorizedResource for authz::SiloUserList {
         format!("{}: user list", self.silo().resource_name())
     }
 }
+
+impl DynAuthorizedResource for authz::UserSessions {
+    fn do_authorize<'a, 'b>(
+        &'a self,
+        opctx: &'b OpContext,
+        action: authz::Action,
+    ) -> BoxFuture<'a, Result<(), Error>>
+    where
+        'b: 'a,
+    {
+        opctx.authorize(action, self).boxed()
+    }
+
+    fn resource_name(&self) -> String {
+        format!("{}: session list", self.silo_user().resource_name())
+    }
+}

nexus/db-queries/src/policy_test/resources.rs

@@ -265,7 +265,7 @@ async fn make_silo(
     builder.new_resource(silo_user.clone());
     let ssh_key_id = Uuid::new_v4();
     builder.new_resource(authz::SshKey::new(
-        silo_user,
+        silo_user.clone(),
         ssh_key_id,
         LookupType::ByName(format!("{}-user-ssh-key", silo_name)),
     ));
@@ -281,6 +281,7 @@ async fn make_silo(
         silo_image_id,
         LookupType::ByName(format!("{}-silo-image", silo_name)),
     ));
+    builder.new_resource(authz::UserSessions::new(silo_user));
 
     // Image is a special case in that this resource is technically just a
     // pass-through for `SiloImage` and `ProjectImage` resources.

nexus/db-queries/tests/output/authz-roles.out

@@ -306,6 +306,20 @@ resource: SiloImage "silo1-silo-image"
   silo1-proj1-viewer               ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
   unauthenticated                  !  !  !  !  !  !  !  !
 
+resource: SiloUser "silo1-user": session list
+
+  USER                             Q  R LC RP  M MP CC  D
+  fleet-admin                      ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  fleet-collaborator               ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  fleet-viewer                     ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  silo1-admin                      ✘  ✘  ✘  ✘  ✔  ✔  ✘  ✔
+  silo1-collaborator               ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  silo1-viewer                     ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  silo1-proj1-admin                ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  silo1-proj1-collaborator         ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  silo1-proj1-viewer               ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  unauthenticated                  !  !  !  !  !  !  !  !
+
 resource: Image "silo1-image"
 
   USER                             Q  R LC RP  M MP CC  D
@@ -866,6 +880,20 @@ resource: SiloImage "silo2-silo-image"
   silo1-proj1-viewer               ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
   unauthenticated                  !  !  !  !  !  !  !  !
 
+resource: SiloUser "silo2-user": session list
+
+  USER                             Q  R LC RP  M MP CC  D
+  fleet-admin                      ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  fleet-collaborator               ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  fleet-viewer                     ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  silo1-admin                      ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  silo1-collaborator               ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  silo1-viewer                     ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  silo1-proj1-admin                ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  silo1-proj1-collaborator         ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  silo1-proj1-viewer               ✘  ✘  ✘  ✘  ✘  ✘  ✘  ✘
+  unauthenticated                  !  !  !  !  !  !  !  !
+
 resource: Image "silo2-image"
 
   USER                             Q  R LC RP  M MP CC  D