feat(m2m): gRPC admin RPCs for ServiceAccount + TrustedIssuer [Phase 1 — PR 4/5]#645
Merged
lakhansamani merged 1 commit intoJul 6, 2026
Conversation
- 11 admin RPCs (create/update/delete/rotate/get/list service accounts, add/update/delete/get/list trusted issuers) over gRPC + REST gateway - client secret surfaced only via CreateServiceAccountResponse; the ServiceAccount proto message has no secret field so get/list/update cannot leak it - thin handlers delegate to the existing AdminProvider; projections mirror the webhook pattern
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the gRPC + REST (grpc-gateway) admin surface for
ServiceAccount/TrustedIssueron top of the service layer from #644. Mirrors the existing Webhook RPC pattern exactly.Chains on: #644 (merged into this integration branch)
What's in this PR
proto/authorizer/v1/admin.proto— 11 new RPCs (CreateServiceAccount,UpdateServiceAccount,DeleteServiceAccount,RotateServiceAccountSecret,GetServiceAccount,ServiceAccounts,AddTrustedIssuer,UpdateTrustedIssuer,DeleteTrustedIssuer,GetTrustedIssuer,TrustedIssuers), each with a REST mapping under/v1/admin/*andbuf.validateconstraints matching what the service layer already enforces.internal/grpcsrv/handlers/admin.go— 11 thin handler methods delegating to the already-mergedAdminProvider.internal/grpcsrv/handlers/admin_project.go— model→proto projection helpers.gen/(proto codegen + OpenAPI spec).admin_service_accounts_grpc_test.go,admin_trusted_issuers_grpc_test.go) using the existing bufconn test harness.Security-critical invariant
The
ServiceAccountproto message has noclient_secretfield — it's structurally impossible forGetServiceAccount/ServiceAccountsto leak it. The plaintext secret only ever appears onCreateServiceAccountResponse(reused by rotate), matching the GraphQL API's design in #644.CreateServiceAccountRequest.allowed_scopescarriesbuf.validatemin_items = 1, so an empty-scope create is rejected at the transport layer (InvalidArgument) before it reaches the service layer's own guard — same outcome, defense in depth.PR chain
Test plan
make proto-lint,make proto-gen(gen/ committed, not stale)go build ./...,go vet ./...make lint— lint-go: 0 issues (lint-ts fails on pre-existing unrelated frontend warnings)make test-sqlite— pass