Skip to content

Commit

Permalink
clients/v1: define user metadata RPCs (#78)
Browse files Browse the repository at this point in the history 
Part of
https://linear.app/sourcegraph/issue/CORE-545/confirm-absence-of-api-for-writing-sams-user-metadata
- see issue description

## Test plan

CI

---------

Co-authored-by: Joe Chen <jc@unknwon.io>
  • Loading branch information
@bobheadxi @unknwon
bobheadxi and unknwon authored Dec 11, 2024
1 parent 8ad5975 commit 6e9aa6a
Show file tree
Hide file tree
Showing 9 changed files with 931 additions and 282 deletions.
3 changes: 0 additions & 3 deletions auth/clientcredentials/connectrpc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,9 +170,6 @@ func extractSchemaRequiredScopes(spec connect.Spec, extension *protoimpl.Extensi
return nil, errors.Newf("extension field %s not valid", extension.TypeDescriptor().FullName())
}
list := value.List()
if list.Len() == 0 {
return nil, errors.Newf("extension field %s cannot be empty", extension.TypeDescriptor().FullName())
}

requiredScopes := make(scopes.Scopes, list.Len())
for i := 0; i < list.Len(); i++ {
Expand Down
46 changes: 42 additions & 4 deletions auth/clientcredentials/connectrpc_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,14 @@ import (
)

func TestInterceptor(t *testing.T) {
// All tests based on UsersService.GetUser()
// All tests based on UsersService
for _, tc := range []struct {
name string
token *sams.IntrospectTokenResponse
name string
token *sams.IntrospectTokenResponse

// doRPC, if nil, tests against UsersService.GetUser()
doRPC func(svc clientsv1connect.UsersServiceClient) error

wantError autogold.Value
wantLogs autogold.Value
}{{
Expand Down Expand Up @@ -56,6 +60,34 @@ func TestInterceptor(t *testing.T) {
},
wantError: autogold.Expect("permission_denied: insufficient scopes: got scopes [not-a-scope], required: [profile]"),
wantLogs: autogold.Expect([]string{}),
}, {
name: "no scopes required, active session",
token: &sams.IntrospectTokenResponse{
Active: true,
Scopes: scopes.Scopes{},
},
doRPC: func(svc clientsv1connect.UsersServiceClient) error {
// GetUserMetadata has no sams_required_scopes extension
_, err := svc.GetUserMetadata(context.Background(), connect.NewRequest(&clientsv1.GetUserMetadataRequest{}))
return err
},
wantError: autogold.Expect(nil), // should not error!
wantLogs: autogold.Expect([]string{}),
}, {
name: "no scopes required, inactive session",
token: &sams.IntrospectTokenResponse{
Active: false,
Scopes: scopes.Scopes{},
},
doRPC: func(svc clientsv1connect.UsersServiceClient) error {
// GetUserMetadata has no sams_required_scopes extension
_, err := svc.GetUserMetadata(context.Background(), connect.NewRequest(&clientsv1.GetUserMetadataRequest{}))
return err
},
// should error - no required scopes still requires an active and valid
// client credentials token
wantError: autogold.Expect("permission_denied: permission denied"),
wantLogs: autogold.Expect([]string{}),
}} {
t.Run(tc.name, func(t *testing.T) {
logger, exportLogs := logtest.Captured(t)
Expand Down Expand Up @@ -83,7 +115,13 @@ func TestInterceptor(t *testing.T) {
}),
),
srv.URL)
_, err := c.GetUser(context.Background(), connect.NewRequest(&clientsv1.GetUserRequest{}))

var err error
if tc.doRPC == nil {
_, err = c.GetUser(context.Background(), connect.NewRequest(&clientsv1.GetUserRequest{}))
} else {
err = tc.doRPC(c)
}

// Success cases are connect.CodeUnimplemented
require.Error(t, err)
Expand Down
Loading

0 comments on commit 6e9aa6a

Please sign in to comment.