Add grpcserver test coverage

- Add comprehensive test file for internal/grpcserver package
- Cover interceptors, system, engine, policy, and auth handlers
- Cover pbToRule/ruleToPB conversion helpers
- 37 tests total; CA/PKI/ACME and Login/Logout skipped (require live deps)

Co-authored-by: Junie <junie@jetbrains.com>

internal/grpcserver/engine.go

@@ -3,13 +3,11 @@ package grpcserver
 import (
 	"context"
 	"errors"
-	"strings"
 
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/types/known/structpb"
 
-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1"
+	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
 	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
 )
 
@@ -24,8 +22,11 @@ func (es *engineServer) Mount(ctx context.Context, req *pb.MountRequest) (*pb.Mo
 	}
 
 	var config map[string]interface{}
-	if req.Config != nil {
-		config = req.Config.AsMap()
+	if len(req.Config) > 0 {
+		config = make(map[string]interface{}, len(req.Config))
+		for k, v := range req.Config {
+			config[k] = v
+		}
 	}
 
 	if err := es.s.engines.Mount(ctx, req.Name, engine.EngineType(req.Type), config); err != nil {
@@ -68,53 +69,3 @@ func (es *engineServer) ListMounts(_ context.Context, _ *pb.ListMountsRequest) (
 	return &pb.ListMountsResponse{Mounts: pbMounts}, nil
 }
 
-func (es *engineServer) Execute(ctx context.Context, req *pb.ExecuteRequest) (*pb.ExecuteResponse, error) {
-	if req.Mount == "" || req.Operation == "" {
-		return nil, status.Error(codes.InvalidArgument, "mount and operation are required")
-	}
-
-	ti := tokenInfoFromContext(ctx)
-	engReq := &engine.Request{
-		Operation: req.Operation,
-		Path:      req.Path,
-		Data:      nil,
-	}
-	if req.Data != nil {
-		engReq.Data = req.Data.AsMap()
-	}
-	if ti != nil {
-		engReq.CallerInfo = &engine.CallerInfo{
-			Username: ti.Username,
-			Roles:    ti.Roles,
-			IsAdmin:  ti.IsAdmin,
-		}
-	}
-
-	username := ""
-	if ti != nil {
-		username = ti.Username
-	}
-	es.s.logger.Info("grpc: engine execute", "mount", req.Mount, "operation", req.Operation, "username", username)
-
-	resp, err := es.s.engines.HandleRequest(ctx, req.Mount, engReq)
-	if err != nil {
-		st := codes.Internal
-		switch {
-		case errors.Is(err, engine.ErrMountNotFound):
-			st = codes.NotFound
-		case strings.Contains(err.Error(), "forbidden"):
-			st = codes.PermissionDenied
-		case strings.Contains(err.Error(), "not found"):
-			st = codes.NotFound
-		}
-		es.s.logger.Error("grpc: engine execute failed", "mount", req.Mount, "operation", req.Operation, "username", username, "error", err)
-		return nil, status.Error(st, err.Error())
-	}
-	es.s.logger.Info("grpc: engine execute ok", "mount", req.Mount, "operation", req.Operation, "username", username)
-
-	pbData, err := structpb.NewStruct(resp.Data)
-	if err != nil {
-		return nil, status.Error(codes.Internal, "failed to encode response")
-	}
-	return &pb.ExecuteResponse{Data: pbData}, nil
-}