Fix Heimdall principal claims pattern for client IDs (LFXV2-922)#32
Open
emsearcy wants to merge 2 commits into
Open
Fix Heimdall principal claims pattern for client IDs (LFXV2-922)#32emsearcy wants to merge 2 commits into
emsearcy wants to merge 2 commits into
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (2)
WalkthroughSwitches machine user detection from prefix-based ( Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Pull request overview
This PR corrects the Heimdall principal claims pattern for machine users from a prefix-based approach (clients@{client_id}) to a suffix-based approach ({client_id}@clients) to align with Auth0's standard convention.
- Renamed constant from
MachineUserPrefixtoMachineUserSuffixwith updated value"@clients" - Updated detection logic throughout the codebase to use
HasSuffixinstead ofHasPrefix - Modified tests to reflect the corrected pattern
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
pkg/constants/auth.go |
Renamed constant and changed value from "clients@" to "@clients" |
internal/infrastructure/auth/auth_repository.go |
Updated machine user detection to use suffix-based pattern matching and updated log field names |
internal/infrastructure/auth/auth_repository_test.go |
Updated test case to use correct suffix pattern with the renamed constant |
README.md |
Updated documentation to reflect suffix-based machine user identification |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
emsearcy
added a commit
to emsearcy/lfx-v2-indexer-service
that referenced
this pull request
Feb 3, 2026
Machine users are not personal information and should be logged in full for debugging purposes. This change updates safePrincipalLog to check if a principal is a machine user before applying email redaction logic. Also adds test coverage for machine user principal logging behavior. Addresses Copilot review comments in PR linuxfoundation#32. 🤖 Generated with [GitHub Copilot](https://github.com/features/copilot) (via Zed) Signed-off-by: Eric Searcy <eric@linuxfoundation.org>
Change the client ID pattern from 'clients@{client_id}' to '{client_id}@Clients'
to match the Auth0 convention used in the platform.
- Renamed MachineUserPrefix to MachineUserSuffix constant for accuracy
- Updated machine user detection logic to use HasSuffix instead of HasPrefix
- Fixed test cases to use the correct suffix pattern
- Updated README documentation to reflect suffix identification
Related: LFXV2-922
🤖 Generated with [GitHub Copilot](https://github.com/features/copilot) (via Zed)
Signed-off-by: Eric Searcy <eric@linuxfoundation.org>
Machine users are not personal information and should be logged in full for debugging purposes. This change updates safePrincipalLog to check if a principal is a machine user before applying email redaction logic. Also adds test coverage for machine user principal logging behavior. Addresses Copilot review comments in PR linuxfoundation#32. 🤖 Generated with [GitHub Copilot](https://github.com/features/copilot) (via Zed) Signed-off-by: Eric Searcy <eric@linuxfoundation.org>
emsearcy
force-pushed
the
fix/heimdall-principal-claims-pattern
branch
from
3989554 to
2075679
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes the Heimdall principal claims pattern for client IDs to match the Auth0 convention.
Changes
MachineUserPrefixtoMachineUserSuffixand changed value from"clients@"to"@clients"strings.HasSuffixinstead ofstrings.HasPrefix"test-machine@clients")Background
While working on the mock data loader and v1 meetings, it was discovered that the PoC implementation had reversed the
{client_id}@clientspattern used by Auth0. This change corrects the pattern to align with Auth0's expected format across the indexer service.Files Modified
pkg/constants/auth.go- Updated constant name and valueinternal/infrastructure/auth/auth_repository.go- Updated detection logicinternal/infrastructure/auth/auth_repository_test.go- Updated test casesREADME.md- Updated documentationTesting
All existing tests continue to pass with the updated logic.
Related Issues