Summary
PR #3232 introduced convenience constructors (ForToken, WithRequestToken, ForClientID, ForEmail, ForUserName) in the authorizationv2 package. This issue tracks replacing eligible inline EntityIdentifier struct literals across the codebase with calls to these helpers.
Background
Raised in PR #3232 review comment: #3232 (comment)
Requested by: @marythought
Candidate sites (directly replaceable)
WithRequestToken()
service/authorization/v2/authorization_test.go — any site constructing EntityIdentifier_WithRequestToken{WithRequestToken: wrapperspb.Bool(true)} can be replaced with authzV2.WithRequestToken()
Sites that are NOT directly replaceable by current helpers
The following sites use proto fields not covered by the current helpers and should be left as-is (or addressed in a separate effort if new helpers are added):
service/kas/access/accessPdp.go (Lines 95–97 and 112–114): passes an existing *entity.Token object (not a raw JWT string), so ForToken(jwt string) does not substitute directly.tests-bdd/cukes/steps_obligations.go and tests-bdd/cukes/steps_authorization.go: pass a fully-constructed *entity.EntityChain object with multiple entities; no current helper covers this pattern.service/authorization/v2/authorization_test.go (majority of sites): use EphemeralId on entity.Token or entity.EntityChain, which is not exposed by any current helper.examples/cmd/benchmark_decision_v2.go: uses entity.EntityChain{EphemeralId: ...}.
Acceptance Criteria
Summary
PR #3232 introduced convenience constructors (
ForToken,WithRequestToken,ForClientID,ForEmail,ForUserName) in theauthorizationv2package. This issue tracks replacing eligible inlineEntityIdentifierstruct literals across the codebase with calls to these helpers.Background
Raised in PR #3232 review comment: #3232 (comment)
Requested by: @marythought
Candidate sites (directly replaceable)
WithRequestToken()service/authorization/v2/authorization_test.go— any site constructingEntityIdentifier_WithRequestToken{WithRequestToken: wrapperspb.Bool(true)}can be replaced withauthzV2.WithRequestToken()Sites that are NOT directly replaceable by current helpers
The following sites use proto fields not covered by the current helpers and should be left as-is (or addressed in a separate effort if new helpers are added):
service/kas/access/accessPdp.go(Lines 95–97 and 112–114): passes an existing*entity.Tokenobject (not a raw JWT string), soForToken(jwt string)does not substitute directly.tests-bdd/cukes/steps_obligations.goandtests-bdd/cukes/steps_authorization.go: pass a fully-constructed*entity.EntityChainobject with multiple entities; no current helper covers this pattern.service/authorization/v2/authorization_test.go(majority of sites): useEphemeralIdonentity.Tokenorentity.EntityChain, which is not exposed by any current helper.examples/cmd/benchmark_decision_v2.go: usesentity.EntityChain{EphemeralId: ...}.Acceptance Criteria
WithRequestTokeninline constructions inservice/authorization/v2/authorization_test.gowithauthzV2.WithRequestToken()service/kas/access/accessPdp.gopattern warrants a new overload (e.g., accepting a*entity.Tokendirectly) — if so, add helper and refactorEphemeralId-based test constructions as-is (test-only ephemeral identifiers are unlikely to need a public helper)