Skip to content

fix: close round-2 strict-proto config-field gaps (v0.2.3) #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
intel352 merged 2 commits into from
May 13, 2026
Merged

fix: close round-2 strict-proto config-field gaps (v0.2.3) #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e916046
fix: close round-2 strict-proto config-field gaps (v0.2.3)
intel352 May 13, 2026
a988899
fix: remove duplicate tenant_id key in workflow-compat fixture
intel352 May 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions .github/fixtures/workflow-compat.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,12 +58,12 @@ workflows:
policy_step: methods_policy
signing_secret: "test-secret"
jwt_secret: "test-jwt-secret"
# tenant_id added in v0.2.2:
tenant_id: "tenant-smoke"
required_runtime_keys:
- tenant_id
oauth_supported_providers:
- google
# Added in v0.2.2:
tenant_id: "tenant-smoke"

- name: methods_response
type: step.auth_methods_response
Expand Down Expand Up @@ -127,6 +127,10 @@ workflows:

- name: challenge_generate
type: step.auth_challenge_generate
config:
# Fields added in v0.2.3 (replaced EmptyConfig with AuthChallengeGenerateConfig):
signing_secret: "test-secret"
ttl_minutes: 10

- name: challenge_verify
type: step.auth_challenge_verify
Expand Down
26 changes: 26 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,31 @@
# Changelog

## v0.2.3 (2026-05-13)

### Strict-proto config-field gaps closed (BMW local smoke vs workflow v0.51.5, round 2)

Round 2 closes two gaps the v0.2.2 sweep missed:

- `step.auth_challenge_generate`: replaced `EmptyConfig` with new
`AuthChallengeGenerateConfig { string signing_secret = 1; int32 ttl_minutes = 2; }`.
BMW passes both fields in the step's `config:` block; under v0.2.2 they were
rejected by strict-proto validation because the contract was `EmptyConfig`.
The handler now falls back to `config.signing_secret` and `config.ttl_minutes`
when the corresponding input field is empty/zero.
- `AuthPolicyGateConfig`: verified all four BMW-supplied fields (`policy_step`,
`signing_secret`, `tenant_id`, `required_runtime_keys`) are present and round-trip
through strict-proto validation. Added `TestAuthPolicyGateConfig_AcceptsAllBMWFields`
as a regression guard against future field drift.

### Tests

- Added `TestAuthChallengeGenerateConfig_AcceptsSigningSecretAndTTL` (strict-proto
validation accepts the new config message).
- Added `TestChallengeGenerate_FallsBackToConfigSigningSecret` and
`TestChallengeGenerate_FallsBackToConfigTTL` (handler honors config fallbacks
when input does not carry the value).
- Added `TestAuthPolicyGateConfig_AcceptsAllBMWFields` exhaustiveness regression test.

## v0.2.2 (2026-05-13)

### Strict-proto config-field gaps closed (BMW local smoke vs workflow v0.51.5)
Expand Down
Loading
Loading