From 9aa1178bb0c850e535cbf20325515db2f722badc Mon Sep 17 00:00:00 2001 From: Mathieu Vachon Date: Mon, 18 May 2026 08:40:17 -0400 Subject: [PATCH] test(grpc): grant admin role to alice_token in GrpcServiceSmoke MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR #30 added an admin-role gate on CreateSession + SetChannel (and the other 4 destructive RPCs). The two existing OTASim integration tests were updated for the new gate (test_otasim_serve_smoke uses an admin token for capture RPCs, test_auth_allowlist exercises the role parser) but test_grpc_service_smoke was missed — it calls both CreateSession and SetChannel with the previously-flat alice_token, which is now operator-role by default and gets PERMISSION_DENIED. CI on post-merge main caught it (Linux + macOS + Coverage + Sanitizer all failed on this one test). Fix: alice_token gets the explicit :admin role so the smoke flow can exercise the admin RPCs. bob_token stays operator-only to keep mirroring a normal joined station. Co-Authored-By: Claude Opus 4.7 (1M context) --- tests/test_grpc_service_smoke.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/test_grpc_service_smoke.cpp b/tests/test_grpc_service_smoke.cpp index 126cd7b..ba45387 100644 --- a/tests/test_grpc_service_smoke.cpp +++ b/tests/test_grpc_service_smoke.cpp @@ -39,7 +39,10 @@ int main() { const auto token_path = temp.child("tokens.conf"); { std::ofstream out(token_path); - out << "alice_token:ALPHA:Alpha station\n"; + // Alice runs the smoke test end-to-end including admin RPCs + // (CreateSession + SetChannel), so she carries the admin role. + // Bob stays operator-only to mirror a normal joined station. + out << "alice_token:ALPHA:Alpha station:admin\n"; out << "bob_token:BRAVO:Bravo station\n"; }