feat: implement resource metadata management API (issue #12)

Add API endpoints to manage ResourceMetadata (ownership, groups, permissions) for KV resources. This enables administrators to configure granular access control for stored data. Changes: - Add GetResourceMetadataResponse and UpdateResourceMetadataRequest types - Add GetResourceMetadata and SetResourceMetadata methods to AuthService - Add GET /kv/{path}/metadata endpoint (requires admin:users:read) - Add PUT /kv/{path}/metadata endpoint (requires admin:users:update) - Both endpoints protected by JWT authentication - Metadata routes registered before general KV routes to prevent pattern conflicts 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-02 23:00:53 +03:00
parent 852275945c
commit 377af163f0
5 changed files with 251 additions and 1 deletions
--- a/integration_test.sh
+++ b/integration_test.sh
@@ -444,6 +444,95 @@ EOF
    fi
 }

+# Test 6: Resource Metadata Management (Issue #12)
+test_metadata_management() {
+    test_start "Resource Metadata Management test (Issue #12)"
+
+    # Create metadata test config
+    cat > metadata_test.yaml <<EOF
+node_id: "metadata-test"
+bind_address: "127.0.0.1"
+port: 8096
+data_dir: "./metadata_test_data"
+seed_nodes: []
+log_level: "error"
+auth_enabled: true
+allow_anonymous_read: false
+allow_anonymous_write: false
+EOF
+
+    # Start node
+    $BINARY metadata_test.yaml >metadata_test.log 2>&1 &
+    local pid=$!
+
+    if wait_for_service 8096; then
+        sleep 2  # Allow root account creation
+
+        # Extract the token from logs
+        local token=$(grep "Token:" metadata_test.log | sed 's/.*Token: //' | tr -d '\n\r')
+
+        if [ -z "$token" ]; then
+            log_error "Failed to extract authentication token from logs"
+            kill $pid 2>/dev/null || true
+            return
+        fi
+
+        # First, create a KV resource
+        curl -s -X PUT http://localhost:8096/kv/test/resource -H "Content-Type: application/json" -H "Authorization: Bearer $token" -d '{"data":"test"}' >/dev/null
+        sleep 1
+
+        # Test 1: Get metadata should fail for non-existent metadata (initially no metadata exists)
+        local get_response=$(curl -s -w "\n%{http_code}" -X GET http://localhost:8096/kv/test/resource/metadata -H "Authorization: Bearer $token")
+        local get_body=$(echo "$get_response" | head -n -1)
+        local get_code=$(echo "$get_response" | tail -n 1)
+
+        if [ "$get_code" = "404" ]; then
+            log_success "GET metadata returns 404 for non-existent metadata"
+        else
+            log_error "GET metadata should return 404 for non-existent metadata, got code: $get_code, body: $get_body"
+        fi
+
+        # Test 2: Update metadata should create new metadata
+        local update_response=$(curl -s -X PUT http://localhost:8096/kv/test/resource/metadata -H "Content-Type: application/json" -H "Authorization: Bearer $token" -d '{"owner_uuid":"test-owner-123","permissions":3840}')
+        if echo "$update_response" | grep -q "owner_uuid"; then
+            log_success "PUT metadata creates metadata successfully"
+        else
+            log_error "PUT metadata should create metadata, got: $update_response"
+        fi
+
+        # Test 3: Get metadata should now return the created metadata
+        local get_response2=$(curl -s -X GET http://localhost:8096/kv/test/resource/metadata -H "Authorization: Bearer $token")
+        if echo "$get_response2" | grep -q "test-owner-123" && echo "$get_response2" | grep -q "3840"; then
+            log_success "GET metadata returns created metadata"
+        else
+            log_error "GET metadata should return created metadata, got: $get_response2"
+        fi
+
+        # Test 4: Update metadata should modify existing metadata
+        local update_response2=$(curl -s -X PUT http://localhost:8096/kv/test/resource/metadata -H "Content-Type: application/json" -H "Authorization: Bearer $token" -d '{"owner_uuid":"new-owner-456"}')
+        if echo "$update_response2" | grep -q "new-owner-456"; then
+            log_success "PUT metadata updates existing metadata"
+        else
+            log_error "PUT metadata should update metadata, got: $update_response2"
+        fi
+
+        # Test 5: Metadata endpoints should require authentication
+        local no_auth=$(curl -s -w "\n%{http_code}" -X GET http://localhost:8096/kv/test/resource/metadata)
+        local no_auth_code=$(echo "$no_auth" | tail -n 1)
+        if [ "$no_auth_code" = "401" ]; then
+            log_success "Metadata endpoints properly require authentication"
+        else
+            log_error "Metadata endpoints should require authentication, got code: $no_auth_code"
+        fi
+
+        kill $pid 2>/dev/null || true
+        sleep 2
+    else
+        log_error "Metadata test node failed to start"
+        kill $pid 2>/dev/null || true
+    fi
+}
+
 # Main test execution
 main() {
    echo "=================================================="
@@ -462,7 +551,8 @@ main() {
    test_cluster_formation
    test_conflict_resolution
    test_authentication_middleware
-    
+    test_metadata_management
+
    # Results
    echo "=================================================="
    echo "              Test Results"