test(grpc): grant admin role to alice_token in GrpcServiceSmoke#32
Merged
Conversation
PR #30 added an admin-role gate on CreateSession + SetChannel (and the other 4 destructive RPCs). The two existing OTASim integration tests were updated for the new gate (test_otasim_serve_smoke uses an admin token for capture RPCs, test_auth_allowlist exercises the role parser) but test_grpc_service_smoke was missed — it calls both CreateSession and SetChannel with the previously-flat alice_token, which is now operator-role by default and gets PERMISSION_DENIED. CI on post-merge main caught it (Linux + macOS + Coverage + Sanitizer all failed on this one test). Fix: alice_token gets the explicit :admin role so the smoke flow can exercise the admin RPCs. bob_token stays operator-only to keep mirroring a normal joined station. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hotfix for PR #30 fallout. PR #30 added the operator/admin RBAC gate
on `CreateSession` + `SetChannel` + 4 other destructive RPCs.
`test_otasim_serve_smoke` was updated to mint an admin token for
its capture RPCs. `test_auth_allowlist` was updated to cover role
parsing. But `test_grpc_service_smoke` was missed — it calls
`CreateSession` and `SetChannel` with the previously-flat
`alice_token`, which now defaults to operator-role and gets
`PERMISSION_DENIED`.
CI on post-merge main caught it: Linux + macOS + Coverage + Sanitizer
all failed on this single test (`Test #13: GrpcServiceSmoke
Subprocess aborted`).
Change
`tests/test_grpc_service_smoke.cpp` — grant `alice_token` the
explicit `:admin` role so the smoke flow can exercise the admin
RPCs. `bob_token` stays operator-only.
Test plan
🤖 Generated with Claude Code