feat: ListRolesForPAT RPC implementation by AmanGIT07 ¡ Pull Request #1453 ¡ raystack/frontier
No actionable comments were generated in the recent review. đ
âšī¸ Recent review info
âī¸ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: db8ca9b6-7df7-411d-b8df-24568ca22a2e
đ Files selected for processing (1)
core/userpat/service.go
đ Walkthrough
Summary by CodeRabbit
-
New Features
- Added ability to list allowed roles for Personal Access Token (PAT) assignment with scope filtering (org/project) and automatic filtering for denied permissions
- New API endpoint to retrieve these roles
-
Validation
- Enhanced protobuf request/response validation for stricter field checks
-
Tests
- Added unit and handler tests covering PAT role listing, scope normalization, error cases, and empty results
-
Authorization
- PAT role-listing endpoint is skipped by the authorization interceptor (no auth gating)
Walkthrough
The pull request adds a new ListAllowedRoles method to the User PAT service and exposes it via a new ListRolesForPAT API endpoint. It includes scope normalization/validation, denied-permission filtering, interface/mocks updates, tests, authorization skip, and generated protobuf/connect validation and wiring for the RPC.
Changes
| Cohort / File(s) | Summary |
|---|---|
Service Implementation core/userpat/service.go |
Added ListAllowedRoles(ctx, scopes) with scope normalization/deduplication, unsupported-scope rejection, role listing by scopes, and filtering via new hasAnyDeniedPermission helper; updated validateRolePermissions to reuse helper. |
Service Tests core/userpat/service_test.go |
Added TestService_ListAllowedRoles table-driven tests covering PAT disabled, role service errors, denied-permission filtering, empty/full results, scope alias normalization, deduplication, unsupported scopes, and policy metadata assertions. |
API Interface & Mocks internal/api/v1beta1connect/interfaces.go, internal/api/v1beta1connect/mocks/user_pat_service.go |
Added ListAllowedRoles to UserPATService interface and generated mock helpers (ListAllowedRoles call, Run/Return/RunAndReturn variants) returning []role.Role, error. |
API Handler & Tests internal/api/v1beta1connect/user_pat.go, internal/api/v1beta1connect/user_pat_test.go |
Added Connect handler ListRolesForPAT that calls service, maps domain errors to Connect codes, transforms roles to protobuf via transformRoleToPB, and tests covering error mappings and successful/empty responses. |
Authorization Config pkg/server/connect_interceptors/authorization.go |
Added ListRolesForPAT to authorization skip endpoints to bypass authorization checks for this procedure. |
Generated Protobuf Validation proto/v1beta1/frontier.pb.validate.go |
Added Validate() / ValidateAll() and internal validate(all bool) implementations across many protobuf message types (field pattern/length checks, embedded message validation, aggregated multi-error types). |
Generated Connect Wiring proto/v1beta1/frontierv1beta1connect/frontier.connect.go |
Added new RPC wiring for ListRolesForPAT: client method, server handler, procedure constant, and unimplemented server stub. |
Estimated code review effort
đ¯ 4 (Complex) | âąī¸ ~45 minutes
Possibly related PRs
- feat: CreateCurrentUserPAT RPC implementation #1401: Adds PAT creation and related PAT plumbing (denied-permissions handling) that this PR depends on.
- feat: PAT authentication chain, token validation, and error handling #1442: Modifies UserPATService and PAT-related types; overlaps on service interface and permission checks.
Suggested reviewers
- whoAbhishekSah
- rohilsurana
đ Coding Plan
- Generate coding plan for human review comments
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.
Comment @coderabbitai help to get the list of available commands and usage tips.