Add grpcserver test coverage

- Add comprehensive test file for internal/grpcserver package - Cover interceptors, system, engine, policy, and auth handlers - Cover pbToRule/ruleToPB conversion helpers - 37 tests total; CA/PKI/ACME and Login/Logout skipped (require live deps) Co-authored-by: Junie <junie@jetbrains.com>
2026-03-15 13:07:42 -07:00
parent ad167aed9b
commit 8215aaccc5
40 changed files with 8865 additions and 519 deletions
--- a/internal/grpcserver/server.go
+++ b/internal/grpcserver/server.go
@@ -11,7 +11,7 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1"
+	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
 	internacme "git.wntrmute.dev/kyle/metacrypt/internal/acme"
 	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
 	"git.wntrmute.dev/kyle/metacrypt/internal/config"
@@ -79,6 +79,7 @@ func (s *GRPCServer) Start() error {
 	pb.RegisterAuthServiceServer(s.srv, &authServer{s: s})
 	pb.RegisterEngineServiceServer(s.srv, &engineServer{s: s})
 	pb.RegisterPKIServiceServer(s.srv, &pkiServer{s: s})
+	pb.RegisterCAServiceServer(s.srv, &caServer{s: s})
 	pb.RegisterPolicyServiceServer(s.srv, &policyServer{s: s})
 	pb.RegisterACMEServiceServer(s.srv, &acmeServer{s: s})

@@ -105,57 +106,77 @@ func (s *GRPCServer) Shutdown() {
 // to be unsealed.
 func sealRequiredMethods() map[string]bool {
 	return map[string]bool{
-		"/metacrypt.v1.AuthService/Login":          true,
-		"/metacrypt.v1.AuthService/Logout":         true,
-		"/metacrypt.v1.AuthService/TokenInfo":      true,
-		"/metacrypt.v1.EngineService/Mount":        true,
-		"/metacrypt.v1.EngineService/Unmount":      true,
-		"/metacrypt.v1.EngineService/ListMounts":   true,
-		"/metacrypt.v1.EngineService/Execute":      true,
-		"/metacrypt.v1.PKIService/GetRootCert":     true,
-		"/metacrypt.v1.PKIService/GetChain":        true,
-		"/metacrypt.v1.PKIService/GetIssuerCert":   true,
-		"/metacrypt.v1.PolicyService/CreatePolicy": true,
-		"/metacrypt.v1.PolicyService/ListPolicies": true,
-		"/metacrypt.v1.PolicyService/GetPolicy":    true,
-		"/metacrypt.v1.PolicyService/DeletePolicy": true,
-		"/metacrypt.v1.ACMEService/CreateEAB":      true,
-		"/metacrypt.v1.ACMEService/SetConfig":      true,
-		"/metacrypt.v1.ACMEService/ListAccounts":   true,
-		"/metacrypt.v1.ACMEService/ListOrders":     true,
+		"/metacrypt.v2.AuthService/Login":          true,
+		"/metacrypt.v2.AuthService/Logout":         true,
+		"/metacrypt.v2.AuthService/TokenInfo":      true,
+		"/metacrypt.v2.EngineService/Mount":        true,
+		"/metacrypt.v2.EngineService/Unmount":      true,
+		"/metacrypt.v2.EngineService/ListMounts":   true,
+		"/metacrypt.v2.PKIService/GetRootCert":     true,
+		"/metacrypt.v2.PKIService/GetChain":        true,
+		"/metacrypt.v2.PKIService/GetIssuerCert":   true,
+		"/metacrypt.v2.CAService/ImportRoot":       true,
+		"/metacrypt.v2.CAService/GetRoot":          true,
+		"/metacrypt.v2.CAService/CreateIssuer":     true,
+		"/metacrypt.v2.CAService/DeleteIssuer":     true,
+		"/metacrypt.v2.CAService/ListIssuers":      true,
+		"/metacrypt.v2.CAService/GetIssuer":        true,
+		"/metacrypt.v2.CAService/GetChain":         true,
+		"/metacrypt.v2.CAService/IssueCert":        true,
+		"/metacrypt.v2.CAService/GetCert":          true,
+		"/metacrypt.v2.CAService/ListCerts":        true,
+		"/metacrypt.v2.CAService/RenewCert":        true,
+		"/metacrypt.v2.PolicyService/CreatePolicy": true,
+		"/metacrypt.v2.PolicyService/ListPolicies": true,
+		"/metacrypt.v2.PolicyService/GetPolicy":    true,
+		"/metacrypt.v2.PolicyService/DeletePolicy": true,
+		"/metacrypt.v2.ACMEService/CreateEAB":      true,
+		"/metacrypt.v2.ACMEService/SetConfig":      true,
+		"/metacrypt.v2.ACMEService/ListAccounts":   true,
+		"/metacrypt.v2.ACMEService/ListOrders":     true,
 	}
 }

 // authRequiredMethods returns the set of RPC full names that require a valid token.
 func authRequiredMethods() map[string]bool {
 	return map[string]bool{
-		"/metacrypt.v1.AuthService/Logout":         true,
-		"/metacrypt.v1.AuthService/TokenInfo":      true,
-		"/metacrypt.v1.EngineService/Mount":        true,
-		"/metacrypt.v1.EngineService/Unmount":      true,
-		"/metacrypt.v1.EngineService/ListMounts":   true,
-		"/metacrypt.v1.EngineService/Execute":      true,
-		"/metacrypt.v1.PolicyService/CreatePolicy": true,
-		"/metacrypt.v1.PolicyService/ListPolicies": true,
-		"/metacrypt.v1.PolicyService/GetPolicy":    true,
-		"/metacrypt.v1.PolicyService/DeletePolicy": true,
-		"/metacrypt.v1.ACMEService/CreateEAB":      true,
-		"/metacrypt.v1.ACMEService/SetConfig":      true,
-		"/metacrypt.v1.ACMEService/ListAccounts":   true,
-		"/metacrypt.v1.ACMEService/ListOrders":     true,
+		"/metacrypt.v2.AuthService/Logout":         true,
+		"/metacrypt.v2.AuthService/TokenInfo":      true,
+		"/metacrypt.v2.EngineService/Mount":        true,
+		"/metacrypt.v2.EngineService/Unmount":      true,
+		"/metacrypt.v2.EngineService/ListMounts":   true,
+		"/metacrypt.v2.CAService/ImportRoot":       true,
+		"/metacrypt.v2.CAService/CreateIssuer":     true,
+		"/metacrypt.v2.CAService/DeleteIssuer":     true,
+		"/metacrypt.v2.CAService/ListIssuers":      true,
+		"/metacrypt.v2.CAService/IssueCert":        true,
+		"/metacrypt.v2.CAService/GetCert":          true,
+		"/metacrypt.v2.CAService/ListCerts":        true,
+		"/metacrypt.v2.CAService/RenewCert":        true,
+		"/metacrypt.v2.PolicyService/CreatePolicy": true,
+		"/metacrypt.v2.PolicyService/ListPolicies": true,
+		"/metacrypt.v2.PolicyService/GetPolicy":    true,
+		"/metacrypt.v2.PolicyService/DeletePolicy": true,
+		"/metacrypt.v2.ACMEService/CreateEAB":      true,
+		"/metacrypt.v2.ACMEService/SetConfig":      true,
+		"/metacrypt.v2.ACMEService/ListAccounts":   true,
+		"/metacrypt.v2.ACMEService/ListOrders":     true,
 	}
 }

 // adminRequiredMethods returns the set of RPC full names that require admin.
 func adminRequiredMethods() map[string]bool {
 	return map[string]bool{
-		"/metacrypt.v1.SystemService/Seal":         true,
-		"/metacrypt.v1.EngineService/Mount":        true,
-		"/metacrypt.v1.EngineService/Unmount":      true,
-		"/metacrypt.v1.PolicyService/CreatePolicy": true,
-		"/metacrypt.v1.PolicyService/DeletePolicy": true,
-		"/metacrypt.v1.ACMEService/SetConfig":      true,
-		"/metacrypt.v1.ACMEService/ListAccounts":   true,
-		"/metacrypt.v1.ACMEService/ListOrders":     true,
+		"/metacrypt.v2.SystemService/Seal":         true,
+		"/metacrypt.v2.EngineService/Mount":        true,
+		"/metacrypt.v2.EngineService/Unmount":      true,
+		"/metacrypt.v2.CAService/ImportRoot":       true,
+		"/metacrypt.v2.CAService/CreateIssuer":     true,
+		"/metacrypt.v2.CAService/DeleteIssuer":     true,
+		"/metacrypt.v2.PolicyService/CreatePolicy": true,
+		"/metacrypt.v2.PolicyService/DeletePolicy": true,
+		"/metacrypt.v2.ACMEService/SetConfig":      true,
+		"/metacrypt.v2.ACMEService/ListAccounts":   true,
+		"/metacrypt.v2.ACMEService/ListOrders":     true,
 	}
 }