RubyGems - workos - Versions diffs - 7.1.1 → 8.0.0 - Mend

workos 7.1.1 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

checksums.yaml +4 -4
data/.github/workflows/docs.yml +46 -0
data/.gitignore +2 -0
data/.last-synced-sha +1 -1
data/.oagen-manifest.json +61 -40
data/.release-please-manifest.json +1 -1
data/.yardopts +6 -0
data/CHANGELOG.md +38 -0
data/Gemfile +6 -0
data/Gemfile.lock +33 -2
data/lib/workos/api_keys/api_key.rb +1 -1
data/lib/workos/api_keys/api_key_created_data.rb +1 -1
data/lib/workos/api_keys/organization_api_key.rb +43 -0
data/lib/workos/{types/events_order.rb → api_keys/organization_api_key_owner.rb} +1 -3
data/lib/workos/api_keys/organization_api_key_with_value.rb +46 -0
data/lib/workos/{types/audit_logs_order.rb → api_keys/organization_api_key_with_value_owner.rb} +1 -3
data/lib/workos/api_keys.rb +46 -46
data/lib/workos/audit_logs.rb +6 -6
data/lib/workos/authorization/user_organization_membership_base_list_data.rb +5 -2
data/lib/workos/authorization/{role_assignment.rb → user_role_assignment.rb} +5 -2
data/lib/workos/authorization/{role_assignment_resource.rb → user_role_assignment_resource.rb} +1 -1
data/lib/workos/authorization.rb +250 -138
data/lib/workos/base_client.rb +6 -1
data/lib/workos/client.rb +4 -4
data/lib/workos/connect.rb +2 -2
data/lib/workos/directory_sync/directory_user.rb +3 -0
data/lib/workos/directory_sync/directory_user_with_groups.rb +4 -1
data/lib/workos/directory_sync/dsync_user_updated_data.rb +3 -0
data/lib/workos/directory_sync.rb +6 -6
data/lib/workos/encryptors/aes_gcm.rb +35 -3
data/lib/workos/events.rb +2 -2
data/lib/workos/feature_flags.rb +6 -6
data/lib/workos/groups.rb +5 -5
data/lib/workos/multi_factor_auth.rb +3 -3
data/lib/workos/organization_domains.rb +1 -1
data/lib/workos/organizations.rb +2 -2
data/lib/workos/radar.rb +2 -2
data/lib/workos/sso/profile.rb +3 -0
data/lib/workos/sso.rb +4 -4
data/lib/workos/types/event_context_actor_source.rb +2 -1
data/lib/workos/types/{applications_order.rb → pagination_order.rb} +1 -1
data/lib/workos/types/{vault_byok_key_verification_completed_data_key_provider.rb → vault_byok_key_provider.rb} +1 -1
data/lib/workos/user_management/create_user_api_key.rb +25 -0
data/lib/workos/user_management/organization_membership.rb +5 -2
data/lib/workos/user_management/user_api_key.rb +43 -0
data/lib/workos/user_management/user_api_key_created_data_owner.rb +25 -0
data/lib/workos/{api_keys/api_key_with_value_owner.rb → user_management/user_api_key_owner.rb} +1 -1
data/lib/workos/{types/webhooks_order.rb → user_management/user_api_key_revoked_data_owner.rb} +1 -3
data/lib/workos/{api_keys/api_key_with_value.rb → user_management/user_api_key_with_value.rb} +2 -2
data/lib/workos/{types/groups_order.rb → user_management/user_api_key_with_value_owner.rb} +1 -3
data/lib/workos/user_management/user_organization_membership.rb +5 -2
data/lib/workos/user_management.rb +181 -75
data/lib/workos/user_management_organization_membership_groups.rb +2 -2
data/lib/workos/vault/vault_byok_key_deleted.rb +34 -0
data/lib/workos/vault/vault_byok_key_deleted_data.rb +22 -0
data/lib/workos/version.rb +1 -1
data/lib/workos/webhooks.rb +3 -3
data/rbi/workos/api_key.rbi +2 -2
data/rbi/workos/api_key_created_data.rbi +2 -2
data/rbi/workos/api_key_revoked_data.rbi +2 -2
data/rbi/workos/api_keys.rbi +17 -17
data/rbi/workos/authorization.rbi +127 -27
data/rbi/workos/client.rbi +3 -3
data/rbi/workos/create_user_api_key.rbi +36 -0
data/rbi/workos/directory_user.rbi +6 -0
data/rbi/workos/directory_user_with_groups.rbi +6 -0
data/rbi/workos/dsync_user_updated_data.rbi +6 -0
data/rbi/workos/organization_api_key.rbi +72 -0
data/rbi/workos/{api_key_with_value_owner.rbi → organization_api_key_owner.rbi} +1 -1
data/rbi/workos/organization_api_key_with_value.rbi +78 -0
data/rbi/workos/organization_api_key_with_value_owner.rbi +30 -0
data/rbi/workos/organization_membership.rbi +6 -0
data/rbi/workos/profile.rbi +6 -0
data/rbi/workos/user_api_key.rbi +72 -0
data/rbi/workos/user_api_key_created_data_owner.rbi +36 -0
data/rbi/workos/user_api_key_owner.rbi +36 -0
data/rbi/workos/user_api_key_revoked_data_owner.rbi +36 -0
data/rbi/workos/{api_key_with_value.rbi → user_api_key_with_value.rbi} +3 -3
data/rbi/workos/user_api_key_with_value_owner.rbi +36 -0
data/rbi/workos/user_management.rbi +91 -14
data/rbi/workos/user_organization_membership.rbi +6 -0
data/rbi/workos/user_organization_membership_base_list_data.rbi +6 -0
data/rbi/workos/{role_assignment.rbi → user_role_assignment.rbi} +9 -3
data/rbi/workos/{role_assignment_resource.rbi → user_role_assignment_resource.rbi} +1 -1
data/rbi/workos/vault_byok_key_deleted.rbi +54 -0
data/rbi/workos/vault_byok_key_deleted_data.rbi +30 -0
data/script/docs +16 -0
data/script/docs-serve +12 -0
data/script/llms-txt +37 -0
data/test/workos/test_api_keys.rb +17 -17
data/test/workos/test_audit_logs.rb +2 -2
data/test/workos/test_authorization.rb +102 -20
data/test/workos/test_encryptors_aes_gcm.rb +21 -0
data/test/workos/test_model_round_trip.rb +278 -83
data/test/workos/test_session.rb +68 -0
data/test/workos/test_user_management.rb +69 -9
data/test/workos/test_webhooks.rb +2 -2
metadata +39 -33
data/lib/workos/types/authorization_order.rb +0 -9
data/lib/workos/types/connections_order.rb +0 -9
data/lib/workos/types/directories_order.rb +0 -9
data/lib/workos/types/directory_groups_order.rb +0 -9
data/lib/workos/types/directory_users_order.rb +0 -9
data/lib/workos/types/feature_flags_order.rb +0 -9
data/lib/workos/types/organizations_api_keys_order.rb +0 -9
data/lib/workos/types/organizations_feature_flags_order.rb +0 -9
data/lib/workos/types/organizations_order.rb +0 -9
data/lib/workos/types/permissions_order.rb +0 -9
data/lib/workos/types/user_management_invitations_order.rb +0 -9
data/lib/workos/types/user_management_multi_factor_authentication_order.rb +0 -9
data/lib/workos/types/user_management_organization_membership_groups_order.rb +0 -9
data/lib/workos/types/user_management_organization_membership_order.rb +0 -9
data/lib/workos/types/user_management_users_authorized_applications_order.rb +0 -9
data/lib/workos/types/user_management_users_feature_flags_order.rb +0 -9
data/lib/workos/types/user_management_users_order.rb +0 -9

data/test/workos/test_audit_logs.rb CHANGED Viewed

@@ -42,7 +42,7 @@ class AuditLogsTest < Minitest::Test
   def test_create_schema_returns_expected_result
     stub_request(:post, %r{\Ahttps://api\.workos\.com/audit_logs/actions/stub/schemas(\?|\z)})
       .to_return(body: "{}", status: 200)
-    result = @client.audit_logs.create_schema(action_name: "stub", targets: [])
+    result = @client.audit_logs.create_schema(action_name: "stub", targets: [{}])
     refute_nil result
   end
@@ -73,7 +73,7 @@ class AuditLogsTest < Minitest::Test
     {name: :update_organization_audit_logs_retention, verb: :put, url: %r{\Ahttps://api\.workos\.com/organizations/stub/audit_logs_retention(\?|\z)}, args: {id: "stub", retention_period_in_days: 1}},
     {name: :list_actions, verb: :get, url: %r{\Ahttps://api\.workos\.com/audit_logs/actions(\?|\z)}},
     {name: :list_action_schemas, verb: :get, url: %r{\Ahttps://api\.workos\.com/audit_logs/actions/stub/schemas(\?|\z)}, args: {action_name: "stub"}},
-    {name: :create_schema, verb: :post, url: %r{\Ahttps://api\.workos\.com/audit_logs/actions/stub/schemas(\?|\z)}, args: {action_name: "stub", targets: []}},
+    {name: :create_schema, verb: :post, url: %r{\Ahttps://api\.workos\.com/audit_logs/actions/stub/schemas(\?|\z)}, args: {action_name: "stub", targets: [{}]}},
     {name: :create_event, verb: :post, url: %r{\Ahttps://api\.workos\.com/audit_logs/events(\?|\z)}, args: {organization_id: "stub", event: {}}},
     {name: :create_export, verb: :post, url: %r{\Ahttps://api\.workos\.com/audit_logs/exports(\?|\z)}, args: {organization_id: "stub", range_start: "stub", range_end: "stub"}},
     {name: :get_export, verb: :get, url: %r{\Ahttps://api\.workos\.com/audit_logs/exports/stub(\?|\z)}, args: {audit_log_export_id: "stub"}}

data/test/workos/test_authorization.rb CHANGED Viewed

@@ -13,15 +13,31 @@ class AuthorizationTest < Minitest::Test
   def test_check_returns_expected_result
     stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)})
+      .with(body: hash_including("permission_slug" => "stub", "resource_id" => "stub"))
       .to_return(body: "{}", status: 200)
-    result = @client.authorization.check(organization_membership_id: "stub", permission_slug: "stub", resource_target: {type: "by_id"})
+    result = @client.authorization.check(organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetById.new(resource_id: "stub"))
+    refute_nil result
+  end
+  def test_check_with_resource_target_by_external_id_returns_expected_result
+    stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)})
+      .with(body: hash_including("permission_slug" => "stub", "resource_external_id" => "stub", "resource_type_slug" => "stub"))
+      .to_return(body: "{}", status: 200)
+    result = @client.authorization.check(organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetByExternalId.new(resource_external_id: "stub", resource_type_slug: "stub"))
     refute_nil result
   end
   def test_list_resources_for_membership_returns_expected_result
     stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)})
       .to_return(body: '{"data": [], "list_metadata": {}}', status: 200)
-    result = @client.authorization.list_resources_for_membership(organization_membership_id: "stub", permission_slug: "stub", parent_resource: {type: "by_id"})
+    result = @client.authorization.list_resources_for_membership(organization_membership_id: "stub", permission_slug: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub"))
+    assert_kind_of WorkOS::Types::ListStruct, result
+  end
+  def test_list_resources_for_membership_with_parent_resource_by_external_id_returns_expected_result
+    stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)})
+      .to_return(body: '{"data": [], "list_metadata": {}}', status: 200)
+    result = @client.authorization.list_resources_for_membership(organization_membership_id: "stub", permission_slug: "stub", parent_resource: WorkOS::Authorization::ParentResourceByExternalId.new(parent_resource_type_slug: "stub", parent_resource_external_id: "stub"))
     assert_kind_of WorkOS::Types::ListStruct, result
   end
@@ -48,15 +64,31 @@ class AuthorizationTest < Minitest::Test
   def test_assign_role_returns_expected_result
     stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)})
+      .with(body: hash_including("role_slug" => "stub", "resource_id" => "stub"))
+      .to_return(body: "{}", status: 200)
+    result = @client.authorization.assign_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetById.new(resource_id: "stub"))
+    refute_nil result
+  end
+  def test_assign_role_with_resource_target_by_external_id_returns_expected_result
+    stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)})
+      .with(body: hash_including("role_slug" => "stub", "resource_external_id" => "stub", "resource_type_slug" => "stub"))
       .to_return(body: "{}", status: 200)
-    result = @client.authorization.assign_role(organization_membership_id: "stub", role_slug: "stub", resource_target: {type: "by_id"})
+    result = @client.authorization.assign_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetByExternalId.new(resource_external_id: "stub", resource_type_slug: "stub"))
     refute_nil result
   end
   def test_remove_role_returns_expected_result
     stub_request(:delete, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)})
       .to_return(body: "{}", status: 200)
-    result = @client.authorization.remove_role(organization_membership_id: "stub", role_slug: "stub", resource_target: {type: "by_id"})
+    result = @client.authorization.remove_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetById.new(resource_id: "stub"))
+    assert_nil result
+  end
+  def test_remove_role_with_resource_target_by_external_id_returns_expected_result
+    stub_request(:delete, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)})
+      .to_return(body: "{}", status: 200)
+    result = @client.authorization.remove_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetByExternalId.new(resource_external_id: "stub", resource_type_slug: "stub"))
     assert_nil result
   end
@@ -112,7 +144,7 @@ class AuthorizationTest < Minitest::Test
   def test_set_organization_role_permissions_returns_expected_result
     stub_request(:put, %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions(\?|\z)})
       .to_return(body: "{}", status: 200)
-    result = @client.authorization.set_organization_role_permissions(organization_id: "stub", slug: "stub", permissions: [])
+    result = @client.authorization.set_organization_role_permissions(organization_id: "stub", slug: "stub", permissions: ["stub"])
     refute_nil result
   end
@@ -132,8 +164,17 @@ class AuthorizationTest < Minitest::Test
   def test_update_resource_by_external_id_returns_expected_result
     stub_request(:patch, %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)})
+      .with(body: hash_including("parent_resource_id" => "stub"))
+      .to_return(body: "{}", status: 200)
+    result = @client.authorization.update_resource_by_external_id(organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub"))
+    refute_nil result
+  end
+  def test_update_resource_by_external_id_with_parent_resource_by_external_id_returns_expected_result
+    stub_request(:patch, %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)})
+      .with(body: hash_including("parent_resource_external_id" => "stub", "parent_resource_type_slug" => "stub"))
       .to_return(body: "{}", status: 200)
-    result = @client.authorization.update_resource_by_external_id(organization_id: "stub", resource_type_slug: "stub", external_id: "stub")
+    result = @client.authorization.update_resource_by_external_id(organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceByExternalId.new(parent_resource_external_id: "stub", parent_resource_type_slug: "stub"))
     refute_nil result
   end
@@ -151,17 +192,40 @@ class AuthorizationTest < Minitest::Test
     assert_kind_of WorkOS::Types::ListStruct, result
   end
+  def test_list_role_assignments_for_resource_by_external_id_returns_expected_result
+    stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub/role_assignments(\?|\z)})
+      .to_return(body: '{"data": [], "list_metadata": {}}', status: 200)
+    result = @client.authorization.list_role_assignments_for_resource_by_external_id(organization_id: "stub", resource_type_slug: "stub", external_id: "stub")
+    assert_kind_of WorkOS::Types::ListStruct, result
+  end
   def test_list_resources_returns_expected_result
     stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)})
       .to_return(body: '{"data": [], "list_metadata": {}}', status: 200)
-    result = @client.authorization.list_resources
+    result = @client.authorization.list_resources(parent: WorkOS::Authorization::ParentById.new(parent_resource_id: "stub"))
+    assert_kind_of WorkOS::Types::ListStruct, result
+  end
+  def test_list_resources_with_parent_by_external_id_returns_expected_result
+    stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)})
+      .to_return(body: '{"data": [], "list_metadata": {}}', status: 200)
+    result = @client.authorization.list_resources(parent: WorkOS::Authorization::ParentByExternalId.new(parent_resource_type_slug: "stub", parent_external_id: "stub"))
     assert_kind_of WorkOS::Types::ListStruct, result
   end
   def test_create_resource_returns_expected_result
     stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)})
+      .with(body: hash_including("external_id" => "stub", "name" => "stub", "resource_type_slug" => "stub", "organization_id" => "stub", "parent_resource_id" => "stub"))
+      .to_return(body: "{}", status: 200)
+    result = @client.authorization.create_resource(external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub"))
+    refute_nil result
+  end
+  def test_create_resource_with_parent_resource_by_external_id_returns_expected_result
+    stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)})
+      .with(body: hash_including("external_id" => "stub", "name" => "stub", "resource_type_slug" => "stub", "organization_id" => "stub", "parent_resource_external_id" => "stub", "parent_resource_type_slug" => "stub"))
       .to_return(body: "{}", status: 200)
-    result = @client.authorization.create_resource(external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub")
+    result = @client.authorization.create_resource(external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceByExternalId.new(parent_resource_external_id: "stub", parent_resource_type_slug: "stub"))
     refute_nil result
   end
@@ -174,8 +238,17 @@ class AuthorizationTest < Minitest::Test
   def test_update_resource_returns_expected_result
     stub_request(:patch, %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)})
+      .with(body: hash_including("parent_resource_id" => "stub"))
+      .to_return(body: "{}", status: 200)
+    result = @client.authorization.update_resource(resource_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub"))
+    refute_nil result
+  end
+  def test_update_resource_with_parent_resource_by_external_id_returns_expected_result
+    stub_request(:patch, %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)})
+      .with(body: hash_including("parent_resource_external_id" => "stub", "parent_resource_type_slug" => "stub"))
       .to_return(body: "{}", status: 200)
-    result = @client.authorization.update_resource(resource_id: "stub")
+    result = @client.authorization.update_resource(resource_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceByExternalId.new(parent_resource_external_id: "stub", parent_resource_type_slug: "stub"))
     refute_nil result
   end
@@ -193,6 +266,13 @@ class AuthorizationTest < Minitest::Test
     assert_kind_of WorkOS::Types::ListStruct, result
   end
+  def test_list_role_assignments_for_resource_returns_expected_result
+    stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/resources/stub/role_assignments(\?|\z)})
+      .to_return(body: '{"data": [], "list_metadata": {}}', status: 200)
+    result = @client.authorization.list_role_assignments_for_resource(resource_id: "stub")
+    assert_kind_of WorkOS::Types::ListStruct, result
+  end
   def test_list_environment_roles_returns_expected_result
     stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/roles(\?|\z)})
       .to_return(body: "{}", status: 200)
@@ -231,7 +311,7 @@ class AuthorizationTest < Minitest::Test
   def test_set_environment_role_permissions_returns_expected_result
     stub_request(:put, %r{\Ahttps://api\.workos\.com/authorization/roles/stub/permissions(\?|\z)})
       .to_return(body: "{}", status: 200)
-    result = @client.authorization.set_environment_role_permissions(slug: "stub", permissions: [])
+    result = @client.authorization.set_environment_role_permissions(slug: "stub", permissions: ["stub"])
     refute_nil result
   end
@@ -272,13 +352,13 @@ class AuthorizationTest < Minitest::Test
   # Parameterized authentication error tests (one per endpoint).
   [
-    {name: :check, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)}, args: {organization_membership_id: "stub", permission_slug: "stub", resource_target: {type: "by_id"}}},
-    {name: :list_resources_for_membership, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)}, args: {organization_membership_id: "stub", permission_slug: "stub", parent_resource: {type: "by_id"}}},
+    {name: :check, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)}, args: {organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetById.new(resource_id: "stub")}},
+    {name: :list_resources_for_membership, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)}, args: {organization_membership_id: "stub", permission_slug: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")}},
     {name: :list_effective_permissions, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources/stub/permissions(\?|\z)}, args: {organization_membership_id: "stub", resource_id: "stub"}},
     {name: :list_effective_permissions_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources/stub/stub/permissions(\?|\z)}, args: {organization_membership_id: "stub", resource_type_slug: "stub", external_id: "stub"}},
     {name: :list_role_assignments, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub"}},
-    {name: :assign_role, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub", role_slug: "stub", resource_target: {type: "by_id"}}},
-    {name: :remove_role, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub", role_slug: "stub", resource_target: {type: "by_id"}}},
+    {name: :assign_role, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetById.new(resource_id: "stub")}},
+    {name: :remove_role, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetById.new(resource_id: "stub")}},
     {name: :remove_role_assignment, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments/stub(\?|\z)}, args: {organization_membership_id: "stub", role_assignment_id: "stub"}},
     {name: :list_organization_roles, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles(\?|\z)}, args: {organization_id: "stub"}},
     {name: :create_organization_role, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles(\?|\z)}, args: {organization_id: "stub", name: "stub"}},
@@ -286,24 +366,26 @@ class AuthorizationTest < Minitest::Test
     {name: :update_organization_role, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub(\?|\z)}, args: {organization_id: "stub", slug: "stub"}},
     {name: :delete_organization_role, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub(\?|\z)}, args: {organization_id: "stub", slug: "stub"}},
     {name: :add_organization_role_permission, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions(\?|\z)}, args: {organization_id: "stub", slug: "stub", body_slug: "stub"}},
-    {name: :set_organization_role_permissions, verb: :put, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions(\?|\z)}, args: {organization_id: "stub", slug: "stub", permissions: []}},
+    {name: :set_organization_role_permissions, verb: :put, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions(\?|\z)}, args: {organization_id: "stub", slug: "stub", permissions: ["stub"]}},
     {name: :remove_organization_role_permission, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions/stub(\?|\z)}, args: {organization_id: "stub", slug: "stub", permission_slug: "stub"}},
     {name: :get_resource_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub"}},
-    {name: :update_resource_by_external_id, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub"}},
+    {name: :update_resource_by_external_id, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")}},
     {name: :delete_resource_by_external_id, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub"}},
     {name: :list_memberships_for_resource_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub/organization_memberships(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub", permission_slug: "stub"}},
-    {name: :list_resources, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}},
-    {name: :create_resource, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}, args: {external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub"}},
+    {name: :list_role_assignments_for_resource_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub/role_assignments(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub"}},
+    {name: :list_resources, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}, args: {parent: WorkOS::Authorization::ParentById.new(parent_resource_id: "stub")}},
+    {name: :create_resource, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}, args: {external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")}},
     {name: :get_resource, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}, args: {resource_id: "stub"}},
-    {name: :update_resource, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}, args: {resource_id: "stub"}},
+    {name: :update_resource, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}, args: {resource_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")}},
     {name: :delete_resource, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}, args: {resource_id: "stub"}},
     {name: :list_memberships_for_resource, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub/organization_memberships(\?|\z)}, args: {resource_id: "stub", permission_slug: "stub"}},
+    {name: :list_role_assignments_for_resource, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub/role_assignments(\?|\z)}, args: {resource_id: "stub"}},
     {name: :list_environment_roles, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/roles(\?|\z)}},
     {name: :create_environment_role, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/roles(\?|\z)}, args: {slug: "stub", name: "stub"}},
     {name: :get_environment_role, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/roles/stub(\?|\z)}, args: {slug: "stub"}},
     {name: :update_environment_role, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/roles/stub(\?|\z)}, args: {slug: "stub"}},
     {name: :add_environment_role_permission, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/roles/stub/permissions(\?|\z)}, args: {slug: "stub", body_slug: "stub"}},
-    {name: :set_environment_role_permissions, verb: :put, url: %r{\Ahttps://api\.workos\.com/authorization/roles/stub/permissions(\?|\z)}, args: {slug: "stub", permissions: []}},
+    {name: :set_environment_role_permissions, verb: :put, url: %r{\Ahttps://api\.workos\.com/authorization/roles/stub/permissions(\?|\z)}, args: {slug: "stub", permissions: ["stub"]}},
     {name: :list_permissions, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/permissions(\?|\z)}},
     {name: :create_permission, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/permissions(\?|\z)}, args: {slug: "stub", name: "stub"}},
     {name: :get_permission, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/permissions/stub(\?|\z)}, args: {slug: "stub"}},

data/test/workos/test_encryptors_aes_gcm.rb CHANGED Viewed

@@ -3,6 +3,9 @@
 # @oagen-ignore-file
 require "test_helper"
 require "base64"
+require "json"
+require "openssl"
+require "securerandom"
 class EncryptorsAesGcmTest < Minitest::Test
   PASSWORD = "test-cookie-password-at-least-32"
@@ -51,4 +54,22 @@ class EncryptorsAesGcmTest < Minitest::Test
     sealed2 = @enc.seal(data, PASSWORD)
     refute_equal sealed1, sealed2
   end
+  def test_unseal_reads_legacy_v6_payload
+    data = {"access_token" => "tok_abc", "refresh_token" => "ref_xyz"}
+    sealed = legacy_v6_seal(data, PASSWORD)
+    assert_equal data, @enc.unseal(sealed, PASSWORD)
+  end
+  private
+  def legacy_v6_seal(data, key)
+    cipher = OpenSSL::Cipher.new("aes-256-gcm").encrypt
+    iv = SecureRandom.random_bytes(12)
+    cipher.key = key
+    cipher.iv = iv
+    ciphertext = cipher.update(JSON.generate(data)) + cipher.final
+    Base64.encode64(iv + ciphertext + cipher.auth_tag)
+  end
 end