Skip to content

Add comprehensive IAM middleware tests#6

Merged
zooqueen merged 1 commit into
mainfrom
add-iam-middleware-tests
Feb 28, 2026
Merged

Add comprehensive IAM middleware tests#6
zooqueen merged 1 commit into
mainfrom
add-iam-middleware-tests

Conversation

@zooqueen
Copy link
Copy Markdown
Contributor

@zooqueen zooqueen commented Feb 28, 2026

Summary

  • Add E2E tests for iammiddleware.IAMTokenRequired() covering the full auth flow: JWT validation via test JWKS server, permission mapping for all role types (admin/owner/member/user), organization resolution from Owner claim, and fallthrough behavior for invalid tokens
  • Test TokenRequired() integration: IAM-authenticated requests bypass legacy org-token auth correctly, and invalid IAM tokens fall through to legacy auth (returns 401)

Test plan

  • CI passes (Go vet + test compilation)
  • All 19 test cases pass in the middleware/iammiddleware suite
  • Existing middleware tests unaffected

@zooqueen
Add comprehensive IAM middleware tests
a9c0e07 
Tests cover IAM token validation, permission mapping (admin/owner/member/user
roles → bit.Field), organization resolution from Owner claim, fallthrough
behavior for invalid/expired/wrong-audience tokens, IsIAMAuthenticated and
GetIAMClaims helpers, and TokenRequired integration (IAM auth bypasses
legacy token auth).

Uses a local RSA key pair and test JWKS server for full JWT signature
verification without external dependencies.
@zooqueen zooqueen merged commit 32c76f9 into main Feb 28, 2026
4 checks passed
@zooqueen zooqueen deleted the add-iam-middleware-tests branch February 28, 2026 18:23
hanzo-dev pushed a commit that referenced this pull request May 13, 2026
@zooqueen
Add comprehensive IAM middleware tests (#6)
be4c046 
Tests cover IAM token validation, permission mapping (admin/owner/member/user
roles → bit.Field), organization resolution from Owner claim, fallthrough
behavior for invalid/expired/wrong-audience tokens, IsIAMAuthenticated and
GetIAMClaims helpers, and TokenRequired integration (IAM auth bypasses
legacy token auth).

Uses a local RSA key pair and test JWKS server for full JWT signature
verification without external dependencies.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zooqueen