Add grpcserver test coverage

- Add comprehensive test file for internal/grpcserver package - Cover interceptors, system, engine, policy, and auth handlers - Cover pbToRule/ruleToPB conversion helpers - 37 tests total; CA/PKI/ACME and Login/Logout skipped (require live deps) Co-authored-by: Junie <junie@jetbrains.com>
2026-03-15 13:07:42 -07:00
parent ad167aed9b
commit 8215aaccc5
40 changed files with 8865 additions and 519 deletions
--- a/gen/metacrypt/v2/pki.pb.go
+++ b/gen/metacrypt/v2/pki.pb.go
@@ -0,0 +1,386 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v3.20.3
+// source: proto/metacrypt/v2/pki.proto
+
+package metacryptv2
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type GetRootCertRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Mount         string                 `protobuf:"bytes,1,opt,name=mount,proto3" json:"mount,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetRootCertRequest) Reset() {
+	*x = GetRootCertRequest{}
+	mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetRootCertRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetRootCertRequest) ProtoMessage() {}
+
+func (x *GetRootCertRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetRootCertRequest.ProtoReflect.Descriptor instead.
+func (*GetRootCertRequest) Descriptor() ([]byte, []int) {
+	return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *GetRootCertRequest) GetMount() string {
+	if x != nil {
+		return x.Mount
+	}
+	return ""
+}
+
+type GetRootCertResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	CertPem       []byte                 `protobuf:"bytes,1,opt,name=cert_pem,json=certPem,proto3" json:"cert_pem,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetRootCertResponse) Reset() {
+	*x = GetRootCertResponse{}
+	mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetRootCertResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetRootCertResponse) ProtoMessage() {}
+
+func (x *GetRootCertResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetRootCertResponse.ProtoReflect.Descriptor instead.
+func (*GetRootCertResponse) Descriptor() ([]byte, []int) {
+	return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *GetRootCertResponse) GetCertPem() []byte {
+	if x != nil {
+		return x.CertPem
+	}
+	return nil
+}
+
+type GetChainRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Mount         string                 `protobuf:"bytes,1,opt,name=mount,proto3" json:"mount,omitempty"`
+	Issuer        string                 `protobuf:"bytes,2,opt,name=issuer,proto3" json:"issuer,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetChainRequest) Reset() {
+	*x = GetChainRequest{}
+	mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetChainRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetChainRequest) ProtoMessage() {}
+
+func (x *GetChainRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetChainRequest.ProtoReflect.Descriptor instead.
+func (*GetChainRequest) Descriptor() ([]byte, []int) {
+	return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *GetChainRequest) GetMount() string {
+	if x != nil {
+		return x.Mount
+	}
+	return ""
+}
+
+func (x *GetChainRequest) GetIssuer() string {
+	if x != nil {
+		return x.Issuer
+	}
+	return ""
+}
+
+type GetChainResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	ChainPem      []byte                 `protobuf:"bytes,1,opt,name=chain_pem,json=chainPem,proto3" json:"chain_pem,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetChainResponse) Reset() {
+	*x = GetChainResponse{}
+	mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetChainResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetChainResponse) ProtoMessage() {}
+
+func (x *GetChainResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetChainResponse.ProtoReflect.Descriptor instead.
+func (*GetChainResponse) Descriptor() ([]byte, []int) {
+	return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GetChainResponse) GetChainPem() []byte {
+	if x != nil {
+		return x.ChainPem
+	}
+	return nil
+}
+
+type GetIssuerCertRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Mount         string                 `protobuf:"bytes,1,opt,name=mount,proto3" json:"mount,omitempty"`
+	Issuer        string                 `protobuf:"bytes,2,opt,name=issuer,proto3" json:"issuer,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetIssuerCertRequest) Reset() {
+	*x = GetIssuerCertRequest{}
+	mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetIssuerCertRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetIssuerCertRequest) ProtoMessage() {}
+
+func (x *GetIssuerCertRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetIssuerCertRequest.ProtoReflect.Descriptor instead.
+func (*GetIssuerCertRequest) Descriptor() ([]byte, []int) {
+	return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *GetIssuerCertRequest) GetMount() string {
+	if x != nil {
+		return x.Mount
+	}
+	return ""
+}
+
+func (x *GetIssuerCertRequest) GetIssuer() string {
+	if x != nil {
+		return x.Issuer
+	}
+	return ""
+}
+
+type GetIssuerCertResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	CertPem       []byte                 `protobuf:"bytes,1,opt,name=cert_pem,json=certPem,proto3" json:"cert_pem,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetIssuerCertResponse) Reset() {
+	*x = GetIssuerCertResponse{}
+	mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetIssuerCertResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetIssuerCertResponse) ProtoMessage() {}
+
+func (x *GetIssuerCertResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_metacrypt_v2_pki_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetIssuerCertResponse.ProtoReflect.Descriptor instead.
+func (*GetIssuerCertResponse) Descriptor() ([]byte, []int) {
+	return file_proto_metacrypt_v2_pki_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *GetIssuerCertResponse) GetCertPem() []byte {
+	if x != nil {
+		return x.CertPem
+	}
+	return nil
+}
+
+var File_proto_metacrypt_v2_pki_proto protoreflect.FileDescriptor
+
+const file_proto_metacrypt_v2_pki_proto_rawDesc = "" +
+	"\n" +
+	"\x1cproto/metacrypt/v2/pki.proto\x12\fmetacrypt.v2\"*\n" +
+	"\x12GetRootCertRequest\x12\x14\n" +
+	"\x05mount\x18\x01 \x01(\tR\x05mount\"0\n" +
+	"\x13GetRootCertResponse\x12\x19\n" +
+	"\bcert_pem\x18\x01 \x01(\fR\acertPem\"?\n" +
+	"\x0fGetChainRequest\x12\x14\n" +
+	"\x05mount\x18\x01 \x01(\tR\x05mount\x12\x16\n" +
+	"\x06issuer\x18\x02 \x01(\tR\x06issuer\"/\n" +
+	"\x10GetChainResponse\x12\x1b\n" +
+	"\tchain_pem\x18\x01 \x01(\fR\bchainPem\"D\n" +
+	"\x14GetIssuerCertRequest\x12\x14\n" +
+	"\x05mount\x18\x01 \x01(\tR\x05mount\x12\x16\n" +
+	"\x06issuer\x18\x02 \x01(\tR\x06issuer\"2\n" +
+	"\x15GetIssuerCertResponse\x12\x19\n" +
+	"\bcert_pem\x18\x01 \x01(\fR\acertPem2\x85\x02\n" +
+	"\n" +
+	"PKIService\x12R\n" +
+	"\vGetRootCert\x12 .metacrypt.v2.GetRootCertRequest\x1a!.metacrypt.v2.GetRootCertResponse\x12I\n" +
+	"\bGetChain\x12\x1d.metacrypt.v2.GetChainRequest\x1a\x1e.metacrypt.v2.GetChainResponse\x12X\n" +
+	"\rGetIssuerCert\x12\".metacrypt.v2.GetIssuerCertRequest\x1a#.metacrypt.v2.GetIssuerCertResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+
+var (
+	file_proto_metacrypt_v2_pki_proto_rawDescOnce sync.Once
+	file_proto_metacrypt_v2_pki_proto_rawDescData []byte
+)
+
+func file_proto_metacrypt_v2_pki_proto_rawDescGZIP() []byte {
+	file_proto_metacrypt_v2_pki_proto_rawDescOnce.Do(func() {
+		file_proto_metacrypt_v2_pki_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_proto_metacrypt_v2_pki_proto_rawDesc), len(file_proto_metacrypt_v2_pki_proto_rawDesc)))
+	})
+	return file_proto_metacrypt_v2_pki_proto_rawDescData
+}
+
+var file_proto_metacrypt_v2_pki_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
+var file_proto_metacrypt_v2_pki_proto_goTypes = []any{
+	(*GetRootCertRequest)(nil),    // 0: metacrypt.v2.GetRootCertRequest
+	(*GetRootCertResponse)(nil),   // 1: metacrypt.v2.GetRootCertResponse
+	(*GetChainRequest)(nil),       // 2: metacrypt.v2.GetChainRequest
+	(*GetChainResponse)(nil),      // 3: metacrypt.v2.GetChainResponse
+	(*GetIssuerCertRequest)(nil),  // 4: metacrypt.v2.GetIssuerCertRequest
+	(*GetIssuerCertResponse)(nil), // 5: metacrypt.v2.GetIssuerCertResponse
+}
+var file_proto_metacrypt_v2_pki_proto_depIdxs = []int32{
+	0, // 0: metacrypt.v2.PKIService.GetRootCert:input_type -> metacrypt.v2.GetRootCertRequest
+	2, // 1: metacrypt.v2.PKIService.GetChain:input_type -> metacrypt.v2.GetChainRequest
+	4, // 2: metacrypt.v2.PKIService.GetIssuerCert:input_type -> metacrypt.v2.GetIssuerCertRequest
+	1, // 3: metacrypt.v2.PKIService.GetRootCert:output_type -> metacrypt.v2.GetRootCertResponse
+	3, // 4: metacrypt.v2.PKIService.GetChain:output_type -> metacrypt.v2.GetChainResponse
+	5, // 5: metacrypt.v2.PKIService.GetIssuerCert:output_type -> metacrypt.v2.GetIssuerCertResponse
+	3, // [3:6] is the sub-list for method output_type
+	0, // [0:3] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_proto_metacrypt_v2_pki_proto_init() }
+func file_proto_metacrypt_v2_pki_proto_init() {
+	if File_proto_metacrypt_v2_pki_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_proto_metacrypt_v2_pki_proto_rawDesc), len(file_proto_metacrypt_v2_pki_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   6,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_proto_metacrypt_v2_pki_proto_goTypes,
+		DependencyIndexes: file_proto_metacrypt_v2_pki_proto_depIdxs,
+		MessageInfos:      file_proto_metacrypt_v2_pki_proto_msgTypes,
+	}.Build()
+	File_proto_metacrypt_v2_pki_proto = out.File
+	file_proto_metacrypt_v2_pki_proto_goTypes = nil
+	file_proto_metacrypt_v2_pki_proto_depIdxs = nil
+}