Phase 10: gRPC admin API with interceptor chain

Proto definitions for 4 services (RegistryService, PolicyService, AuditService, AdminService) with hand-written Go stubs using JSON codec until protobuf tooling is available. Interceptor chain: logging (method, peer IP, duration, never logs auth metadata) → auth (bearer token via MCIAS, Health bypasses) → admin (role check for GC, policy, delete, audit RPCs). All RPCs share business logic with REST handlers via internal/db and internal/gc packages. TLS 1.3 minimum on gRPC listener. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 20:46:21 -07:00
parent 562b69e875
commit 185b68ff6d
30 changed files with 3616 additions and 4 deletions
--- a/internal/grpcserver/admin_test.go
+++ b/internal/grpcserver/admin_test.go
@@ -0,0 +1,43 @@
+package grpcserver
+
+import (
+	"context"
+	"testing"
+
+	pb "git.wntrmute.dev/kyle/mcr/gen/mcr/v1"
+	"git.wntrmute.dev/kyle/mcr/internal/auth"
+)
+
+func TestHealthReturnsOk(t *testing.T) {
+	deps := adminDeps(t)
+	cc := startTestServer(t, deps)
+	client := pb.NewAdminServiceClient(cc)
+
+	resp, err := client.Health(context.Background(), &pb.HealthRequest{})
+	if err != nil {
+		t.Fatalf("Health: %v", err)
+	}
+	if resp.GetStatus() != "ok" {
+		t.Fatalf("status: got %q, want %q", resp.Status, "ok")
+	}
+}
+
+func TestHealthWithoutAuth(t *testing.T) {
+	database := openTestDB(t)
+	// Use a validator that always rejects.
+	validator := &fakeValidator{err: auth.ErrUnauthorized}
+
+	cc := startTestServer(t, Deps{
+		DB:        database,
+		Validator: validator,
+	})
+
+	client := pb.NewAdminServiceClient(cc)
+	resp, err := client.Health(context.Background(), &pb.HealthRequest{})
+	if err != nil {
+		t.Fatalf("Health without auth should succeed: %v", err)
+	}
+	if resp.GetStatus() != "ok" {
+		t.Fatalf("status: got %q, want %q", resp.Status, "ok")
+	}
+}