Merge branch 'main' into upload-artifact-v4

README.md

@@ -958,7 +958,7 @@ You can create, update, delete or load access keys, as well as search according
 // If customClaims is supplied, then those claims will be present in the JWT returned by calls to ExchangeAccessKey.
 // If description is supplied, then the access key will hold a descriptive text.
 // If permittedIPs is supplied, then we will only allow using the access key from those IP addresses or CIDR ranges.
-res, err := descopeClient.Management.AccessKey().Create(context.Background(), "access-key-1", 0, nil, []*descope.AssociatedTenant{
+res, err := descopeClient.Management.AccessKey().Create(context.Background(), "access-key-1", "key-description", 0, nil, []*descope.AssociatedTenant{
 		{TenantID: "tenant-ID1", RoleNames: []string{"role-name1"}},
     	{TenantID: "tenant-ID2"},
     },
@@ -977,8 +977,10 @@ if err == nil {
     }
 }
 
-// Update will override all fields as is. Use carefully.
-res, err := descopeClient.Management.AccessKey().Update(context.Background(), "access-key-id", "updated-name")
+// Update access key
+// If description, roles, tenants, customClaims, or permittedIPs are nil, their existing values will be preserved. If you want to remove them, pass an empty slice or map.
+updatedDescription := "Updated description"
+res, err := descopeClient.Management.AccessKey().Update(context.Background(), "access-key-id", "updated-name", &updatedDescription, []string{"role"}, nil, map[string]any{"k1": "v1"}, []string{"1.2.3.4"})
 
 // Access keys can be deactivated to prevent usage. This can be undone using "activate".
 err := descopeClient.Management.AccessKey().Deactivate(context.Background(), "access-key-id")

descope/internal/mgmt/accesskey.go

@@ -15,11 +15,11 @@ type accessKey struct {
 
 var _ sdk.AccessKey = &accessKey{}
 
-func (a *accessKey) Create(ctx context.Context, name string, description string, expireTime int64, roleNames []string, keyTenants []*descope.AssociatedTenant, userID string, customClaims map[string]any, permittedIPs []string) (string, *descope.AccessKeyResponse, error) {
+func (a *accessKey) Create(ctx context.Context, name string, description string, expireTime int64, roleNames []string, tenants []*descope.AssociatedTenant, userID string, customClaims map[string]any, permittedIPs []string) (string, *descope.AccessKeyResponse, error) {
 	if name == "" {
 		return "", nil, utils.NewInvalidArgumentError("name")
 	}
-	body := makeCreateAccessKeyBody(name, expireTime, roleNames, keyTenants, userID, customClaims, description, permittedIPs)
+	body := makeCreateAccessKeyBody(name, expireTime, roleNames, tenants, userID, customClaims, description, permittedIPs)
 	res, err := a.client.DoPostRequest(ctx, api.Routes.ManagementAccessKeyCreate(), body, nil, a.conf.ManagementKey)
 	if err != nil {
 		return "", nil, err
@@ -50,7 +50,7 @@ func (a *accessKey) SearchAll(ctx context.Context, tenantIDs []string) ([]*desco
 	return unmarshalAccessKeySearchAllResponse(res)
 }
 
-func (a *accessKey) Update(ctx context.Context, id, name string, description *string) (*descope.AccessKeyResponse, error) {
+func (a *accessKey) Update(ctx context.Context, id, name string, description *string, roles []string, tenants []*descope.AssociatedTenant, customClaims map[string]any, permittedIPs []string) (*descope.AccessKeyResponse, error) {
 	if id == "" {
 		return nil, utils.NewInvalidArgumentError("id")
 	}
@@ -61,6 +61,18 @@ func (a *accessKey) Update(ctx context.Context, id, name string, description *st
 	if description != nil {
 		body["description"] = *description
 	}
+	if roles != nil {
+		body["roleNames"] = roles
+	}
+	if tenants != nil {
+		body["keyTenants"] = makeAssociatedTenantList(tenants)
+	}
+	if customClaims != nil {
+		body["customClaims"] = customClaims
+	}
+	if permittedIPs != nil {
+		body["permittedIps"] = permittedIPs
+	}
 	res, err := a.client.DoPostRequest(ctx, api.Routes.ManagementAccessKeyUpdate(), body, nil, a.conf.ManagementKey)
 	if err != nil {
 		return nil, err

descope/internal/mgmt/accesskey_test.go

@@ -5,6 +5,7 @@ import (
 	"net/http"
 	"testing"
 
+	"github.com/descope/go-sdk/descope"
 	"github.com/descope/go-sdk/descope/tests/helpers"
 	"github.com/stretchr/testify/require"
 )
@@ -123,7 +124,8 @@ func TestAccessKeyUpdateSuccess(t *testing.T) {
 				"tenantId":  "t1",
 				"roleNames": []string{"role"},
 			}},
-			"description": "desc",
+			"description":  "desc",
+			"permittedIps": []string{"1.2.3.4"},
 		}}
 	mgmt := newTestMgmt(nil, helpers.DoOkWithBody(func(r *http.Request) {
 		require.Equal(t, r.Header.Get("Authorization"), "Bearer a:key")
@@ -132,15 +134,23 @@ func TestAccessKeyUpdateSuccess(t *testing.T) {
 		require.Equal(t, "ak1", req["id"])
 		require.Equal(t, "abc", req["name"])
 		require.Equal(t, desc, req["description"])
+		require.EqualValues(t, []any{"role"}, req["roleNames"])
+		require.Len(t, req["keyTenants"].([]any), 1)
+		require.EqualValues(t, "t1", req["keyTenants"].([]any)[0].(map[string]any)["tenantId"])
+		require.EqualValues(t, []any{"role"}, req["keyTenants"].([]any)[0].(map[string]any)["roleNames"])
+		require.EqualValues(t, map[string]any{"k1": "v1"}, req["customClaims"])
+		require.EqualValues(t, []any{"1.2.3.4"}, req["permittedIps"])
 	}, response))
-	res, err := mgmt.AccessKey().Update(context.Background(), "ak1", "abc", &desc)
+	res, err := mgmt.AccessKey().Update(context.Background(), "ak1", "abc", &desc, []string{"role"}, []*descope.AssociatedTenant{{TenantID: "t1", Roles: []string{"role"}}}, map[string]any{"k1": "v1"}, []string{"1.2.3.4"})
 	require.NoError(t, err)
 	require.Equal(t, "ak1", res.ID)
 	require.Equal(t, "abc", res.Name)
 	require.Equal(t, desc, res.Description)
 	require.Len(t, res.KeyTenants, 1)
 	require.Equal(t, "t1", res.KeyTenants[0].TenantID)
 	require.Equal(t, "role", res.KeyTenants[0].Roles[0])
+	require.Len(t, res.PermittedIPs, 1)
+	require.Equal(t, "1.2.3.4", res.PermittedIPs[0])
 }
 
 func TestAccessKeyUpdateWontChangeSuccess(t *testing.T) {
@@ -164,7 +174,7 @@ func TestAccessKeyUpdateWontChangeSuccess(t *testing.T) {
 		_, ok := req["description"]
 		require.False(t, ok)
 	}, response))
-	res, err := mgmt.AccessKey().Update(context.Background(), "ak1", "abc", nil)
+	res, err := mgmt.AccessKey().Update(context.Background(), "ak1", "abc", nil, nil, nil, nil, nil)
 	require.NoError(t, err)
 	require.Equal(t, "ak1", res.ID)
 	require.Equal(t, "abc", res.Name)
@@ -176,9 +186,9 @@ func TestAccessKeyUpdateWontChangeSuccess(t *testing.T) {
 
 func TestAccessKeyUpdateError(t *testing.T) {
 	mgmt := newTestMgmt(nil, helpers.DoOk(nil))
-	_, err := mgmt.AccessKey().Update(context.Background(), "", "abc", nil)
+	_, err := mgmt.AccessKey().Update(context.Background(), "", "abc", nil, nil, nil, nil, nil)
 	require.Error(t, err)
-	_, err = mgmt.AccessKey().Update(context.Background(), "ak1", "", nil)
+	_, err = mgmt.AccessKey().Update(context.Background(), "ak1", "", nil, nil, nil, nil, nil)
 	require.Error(t, err)
 }
 

descope/sdk/mgmt.go

@@ -412,7 +412,7 @@ type AccessKey interface {
 	// or 0 to make it indefinite.
 	//
 	// The roles parameter is an optional list of the access key's roles for access keys that
-	// aren't associated with a tenant, while the keyTenants parameter can be used
+	// aren't associated with a tenant, while the tenants parameter can be used
 	// to specify which tenants to associate the access key with and what roles the
 	// access key has in each one.
 	// If userID is supplied, then authorization would be ignored, and access key would be bound to the users authorization
@@ -421,7 +421,7 @@ type AccessKey interface {
 	// The description parameter is an optional text providing a brief summary about the access key.
 	// The permittedIPs parameter is an optional list of IP addresses or CIDR ranges that are allowed to use this access key.
 	// If not provided, all IPs are allowed.
-	Create(ctx context.Context, name string, description string, expireTime int64, roles []string, keyTenants []*descope.AssociatedTenant, userID string, customClaims map[string]any, permittedIPs []string) (string, *descope.AccessKeyResponse, error)
+	Create(ctx context.Context, name string, description string, expireTime int64, roles []string, tenants []*descope.AssociatedTenant, userID string, customClaims map[string]any, permittedIPs []string) (string, *descope.AccessKeyResponse, error)
 
 	// Load an existing access key.
 	//
@@ -436,10 +436,10 @@ type AccessKey interface {
 	// Update an existing access key.
 	//
 	// The parameters follow the same convention as those for the Create function.
-	// Only the name and description are settable for the time being.
+	// If description, roles, tenants, customClaims, or permittedIPs are nil, their existing values will be preserved.
 	//
 	// IMPORTANT: id and name are mandatory parameters.
-	Update(ctx context.Context, id, name string, description *string) (*descope.AccessKeyResponse, error)
+	Update(ctx context.Context, id, name string, description *string, roles []string, tenants []*descope.AssociatedTenant, customClaims map[string]any, permittedIPs []string) (*descope.AccessKeyResponse, error)
 
 	// Deactivate an existing access key.
 	//

descope/tests/mocks/mgmt/managementmock.go

@@ -740,7 +740,7 @@ func (m *MockUser) History(_ context.Context, userIDs []string) ([]*descope.User
 // Mock Access Key
 
 type MockAccessKey struct {
-	CreateAssert     func(name string, description string, expireTime int64, roles []string, keyTenants []*descope.AssociatedTenant, userID string, customClaims map[string]any, permittedIPs []string)
+	CreateAssert     func(name string, description string, expireTime int64, roles []string, tenants []*descope.AssociatedTenant, userID string, customClaims map[string]any, permittedIPs []string)
 	CreateResponseFn func() (string, *descope.AccessKeyResponse)
 	CreateError      error
 
@@ -752,7 +752,7 @@ type MockAccessKey struct {
 	SearchAllResponse []*descope.AccessKeyResponse
 	SearchAllError    error
 
-	UpdateAssert   func(id, name string, description *string)
+	UpdateAssert   func(id, name string, description *string, roles []string, tenants []*descope.AssociatedTenant, customClaims map[string]any, permittedIPs []string)
 	UpdateResponse *descope.AccessKeyResponse
 	UpdateError    error
 
@@ -766,9 +766,9 @@ type MockAccessKey struct {
 	DeleteError  error
 }
 
-func (m *MockAccessKey) Create(_ context.Context, name string, description string, expireTime int64, roles []string, keyTenants []*descope.AssociatedTenant, userID string, customClaims map[string]any, permittedIPs []string) (string, *descope.AccessKeyResponse, error) {
+func (m *MockAccessKey) Create(_ context.Context, name string, description string, expireTime int64, roles []string, tenants []*descope.AssociatedTenant, userID string, customClaims map[string]any, permittedIPs []string) (string, *descope.AccessKeyResponse, error) {
 	if m.CreateAssert != nil {
-		m.CreateAssert(name, description, expireTime, roles, keyTenants, userID, customClaims, permittedIPs)
+		m.CreateAssert(name, description, expireTime, roles, tenants, userID, customClaims, permittedIPs)
 	}
 	var cleartext string
 	var key *descope.AccessKeyResponse
@@ -792,9 +792,9 @@ func (m *MockAccessKey) SearchAll(_ context.Context, tenantIDs []string) ([]*des
 	return m.SearchAllResponse, m.SearchAllError
 }
 
-func (m *MockAccessKey) Update(_ context.Context, id, name string, description *string) (*descope.AccessKeyResponse, error) {
+func (m *MockAccessKey) Update(_ context.Context, id, name string, description *string, roles []string, tenants []*descope.AssociatedTenant, customClaims map[string]any, permittedIPs []string) (*descope.AccessKeyResponse, error) {
 	if m.UpdateAssert != nil {
-		m.UpdateAssert(id, name, description)
+		m.UpdateAssert(id, name, description, roles, tenants, customClaims, permittedIPs)
 	}
 	return m.UpdateResponse, m.UpdateError
 }

descope/types.go

@@ -525,8 +525,9 @@ type UsersFailedResponse struct {
 }
 
 type UsersBatchResponse struct {
-	CreatedUsers []*UserResponse        `json:"createdUsers,omitempty"`
-	FailedUsers  []*UsersFailedResponse `json:"failedUsers,omitempty"`
+	CreatedUsers     []*UserResponse        `json:"createdUsers,omitempty"`
+	FailedUsers      []*UsersFailedResponse `json:"failedUsers,omitempty"`
+	AdditionalErrors map[string]string      `json:"additionalErrors,omitempty"`
 }
 
 func (ur *UserResponse) GetCreatedTime() time.Time {