From 5d4fe45dd7559d4738103042067534c7eefafdce Mon Sep 17 00:00:00 2001 From: "Garen J. Torikian" Date: Thu, 30 Apr 2026 11:40:06 -0400 Subject: [PATCH 1/7] fix: replace parameter-group hashes with typed variant classes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `UserManagement#create_user` and `#update_user` raised `TypeError: no implicit conversion of Symbol into Integer` whenever a caller passed `password:` because the generated method advertised `password:` as a flat `String` kwarg AND ran a hash dispatcher (`password[:type]`) on it. The String/hash collision was a fluke of the spec — `password` happens to be both the group name and one of its variant leaf params — but it bypassed the SDK before the request hit the wire. Each `x-mutually-exclusive-(body|parameter)-groups` group now emits a `Data.define` variant class per variant under `lib/workos/`, with matching Sorbet sigs in `rbi/workos/`. Method signatures take `T.any(VariantA, VariantB)` and dispatch on class identity instead of a `:type` symbol. This matches how Python, Kotlin, .NET, and PHP already expose these groups. BREAKING: callers that previously passed a hash with a `:type` discriminator must instantiate the variant class: # Before create_user(email: "…", password: { type: "plaintext", password: "x" }) authorization.check(…, resource_target: { type: "by_id", resource_id: "r" }) # After create_user(email: "…", password: WorkOS::PasswordPlaintext.new(password: "x")) authorization.check(…, resource_target: WorkOS::ResourceTargetById.new(resource_id: "r")) Callers that passed leaf params as flat kwargs (e.g. `resource_id:`, `parent_resource_id:`, `password_hash:`) must move them into the variant constructor. Those kwargs were redundant for required groups and silently let optional-group calls violate the spec's mutual-exclusivity contract. Co-Authored-By: Claude Opus 4.7 (1M context) --- .oagen-manifest.json | 22 ++- lib/workos/authorization.rb | 170 +++++++----------- lib/workos/parent_by_external_id.rb | 13 ++ lib/workos/parent_by_id.rb | 11 ++ lib/workos/parent_resource_by_external_id.rb | 13 ++ lib/workos/parent_resource_by_id.rb | 11 ++ lib/workos/password_hashed.rb | 13 ++ lib/workos/password_plaintext.rb | 11 ++ lib/workos/resource_target_by_external_id.rb | 13 ++ lib/workos/resource_target_by_id.rb | 11 ++ lib/workos/role_multiple.rb | 11 ++ lib/workos/role_single.rb | 11 ++ lib/workos/user_management.rb | 83 +++------ rbi/workos/authorization.rbi | 42 ++--- rbi/workos/parent_by_external_id.rbi | 23 +++ rbi/workos/parent_by_id.rbi | 19 ++ rbi/workos/parent_resource_by_external_id.rbi | 23 +++ rbi/workos/parent_resource_by_id.rbi | 19 ++ rbi/workos/password_hashed.rbi | 23 +++ rbi/workos/password_plaintext.rbi | 19 ++ rbi/workos/resource_target_by_external_id.rbi | 23 +++ rbi/workos/resource_target_by_id.rbi | 19 ++ rbi/workos/role_multiple.rbi | 19 ++ rbi/workos/role_single.rbi | 19 ++ rbi/workos/user_management.rbi | 22 +-- test/workos/test_authorization.rb | 16 +- 26 files changed, 463 insertions(+), 216 deletions(-) create mode 100644 lib/workos/parent_by_external_id.rb create mode 100644 lib/workos/parent_by_id.rb create mode 100644 lib/workos/parent_resource_by_external_id.rb create mode 100644 lib/workos/parent_resource_by_id.rb create mode 100644 lib/workos/password_hashed.rb create mode 100644 lib/workos/password_plaintext.rb create mode 100644 lib/workos/resource_target_by_external_id.rb create mode 100644 lib/workos/resource_target_by_id.rb create mode 100644 lib/workos/role_multiple.rb create mode 100644 lib/workos/role_single.rb create mode 100644 rbi/workos/parent_by_external_id.rbi create mode 100644 rbi/workos/parent_by_id.rbi create mode 100644 rbi/workos/parent_resource_by_external_id.rbi create mode 100644 rbi/workos/parent_resource_by_id.rbi create mode 100644 rbi/workos/password_hashed.rbi create mode 100644 rbi/workos/password_plaintext.rbi create mode 100644 rbi/workos/resource_target_by_external_id.rbi create mode 100644 rbi/workos/resource_target_by_id.rbi create mode 100644 rbi/workos/role_multiple.rbi create mode 100644 rbi/workos/role_single.rbi diff --git a/.oagen-manifest.json b/.oagen-manifest.json index 4da8af4f..4d7019d9 100644 --- a/.oagen-manifest.json +++ b/.oagen-manifest.json @@ -1,7 +1,7 @@ { "version": 2, "language": "ruby", - "generatedAt": "2026-04-27T20:55:49.741Z", + "generatedAt": "2026-04-30T15:37:06.621Z", "files": [ "lib/workos.rb", "lib/workos/admin_portal.rb", @@ -225,6 +225,12 @@ "lib/workos/organizations/organization_updated_data_domain.rb", "lib/workos/organizations/update_audit_logs_retention.rb", "lib/workos/organizations/update_organization.rb", + "lib/workos/parent_by_external_id.rb", + "lib/workos/parent_by_id.rb", + "lib/workos/parent_resource_by_external_id.rb", + "lib/workos/parent_resource_by_id.rb", + "lib/workos/password_hashed.rb", + "lib/workos/password_plaintext.rb", "lib/workos/pipes.rb", "lib/workos/pipes/connected_account.rb", "lib/workos/pipes/data_integration_access_token_response.rb", @@ -242,6 +248,10 @@ "lib/workos/radar/radar_standalone_response.rb", "lib/workos/radar/radar_standalone_update_radar_attempt_request.rb", "lib/workos/radar/radar_standalone_update_radar_list_request.rb", + "lib/workos/resource_target_by_external_id.rb", + "lib/workos/resource_target_by_id.rb", + "lib/workos/role_multiple.rb", + "lib/workos/role_single.rb", "lib/workos/shared/event_context.rb", "lib/workos/shared/event_context_actor.rb", "lib/workos/shared/event_context_google_analytics_session.rb", @@ -896,6 +906,12 @@ "rbi/workos/organization_updated_data.rbi", "rbi/workos/organization_updated_data_domain.rbi", "rbi/workos/organizations.rbi", + "rbi/workos/parent_by_external_id.rbi", + "rbi/workos/parent_by_id.rbi", + "rbi/workos/parent_resource_by_external_id.rbi", + "rbi/workos/parent_resource_by_id.rbi", + "rbi/workos/password_hashed.rbi", + "rbi/workos/password_plaintext.rbi", "rbi/workos/password_reset.rbi", "rbi/workos/password_reset_created.rbi", "rbi/workos/password_reset_created_data.rbi", @@ -925,6 +941,8 @@ "rbi/workos/remove_role.rbi", "rbi/workos/resend_user_invite_options.rbi", "rbi/workos/reset_password_response.rbi", + "rbi/workos/resource_target_by_external_id.rbi", + "rbi/workos/resource_target_by_id.rbi", "rbi/workos/revoke_session.rbi", "rbi/workos/role.rbi", "rbi/workos/role_assignment.rbi", @@ -934,6 +952,8 @@ "rbi/workos/role_deleted.rbi", "rbi/workos/role_deleted_data.rbi", "rbi/workos/role_list.rbi", + "rbi/workos/role_multiple.rbi", + "rbi/workos/role_single.rbi", "rbi/workos/role_updated.rbi", "rbi/workos/role_updated_data.rbi", "rbi/workos/send_email_change.rbi", diff --git a/lib/workos/authorization.rb b/lib/workos/authorization.rb index c651908c..ace91afd 100644 --- a/lib/workos/authorization.rb +++ b/lib/workos/authorization.rb @@ -13,32 +13,24 @@ def initialize(client) # Check authorization # @param organization_membership_id [String] The ID of the organization membership to check. # @param permission_slug [String] The slug of the permission to check. - # @param resource_id [String, nil] The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. - # @param resource_external_id [String, nil] The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. - # @param resource_type_slug [String, nil] The slug of the resource type. Required with `resource_external_id`. Mutually exclusive with `resource_id`. + # @param resource_target [WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId] Identifies the resource target. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::AuthorizationCheck] def check( organization_membership_id:, permission_slug:, resource_target:, - resource_id: nil, - resource_external_id: nil, - resource_type_slug: nil, request_options: {} ) body = { - "permission_slug" => permission_slug, - "resource_id" => resource_id, - "resource_external_id" => resource_external_id, - "resource_type_slug" => resource_type_slug + "permission_slug" => permission_slug }.compact - case resource_target[:type] - when "by_id" - body["resource_id"] = resource_target[:resource_id] - when "by_external_id" - body["resource_external_id"] = resource_target[:resource_external_id] - body["resource_type_slug"] = resource_target[:resource_type_slug] + case resource_target + when WorkOS::ResourceTargetById + body["resource_id"] = resource_target.resource_id + when WorkOS::ResourceTargetByExternalId + body["resource_external_id"] = resource_target.resource_external_id + body["resource_type_slug"] = resource_target.resource_type_slug end response = @client.request( method: :post, @@ -59,6 +51,7 @@ def check( # @param limit [Integer, nil] Upper limit on the number of objects to return, between `1` and `100`. # @param order [WorkOS::Types::AuthorizationOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending. # @param permission_slug [String] The permission slug to filter by. Only child resources where the organization membership has this permission are returned. + # @param parent_resource [WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId] Identifies the parent resource. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::Types::ListStruct] def list_resources_for_membership( @@ -78,12 +71,12 @@ def list_resources_for_membership( "order" => order, "permission_slug" => permission_slug }.compact - case parent_resource[:type] - when "by_id" - params["parent_resource_id"] = parent_resource[:parent_resource_id] - when "by_external_id" - params["parent_resource_type_slug"] = parent_resource[:parent_resource_type_slug] - params["parent_resource_external_id"] = parent_resource[:parent_resource_external_id] + case parent_resource + when WorkOS::ParentResourceById + params["parent_resource_id"] = parent_resource.parent_resource_id + when WorkOS::ParentResourceByExternalId + params["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug + params["parent_resource_external_id"] = parent_resource.parent_resource_external_id end response = @client.request( method: :get, @@ -265,32 +258,24 @@ def list_role_assignments( # Assign a role # @param organization_membership_id [String] The ID of the organization membership. # @param role_slug [String] The slug of the role to assign. - # @param resource_id [String, nil] The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. - # @param resource_external_id [String, nil] The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. - # @param resource_type_slug [String, nil] The resource type slug. Required with `resource_external_id`. Mutually exclusive with `resource_id`. + # @param resource_target [WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId] Identifies the resource target. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::RoleAssignment] def assign_role( organization_membership_id:, role_slug:, resource_target:, - resource_id: nil, - resource_external_id: nil, - resource_type_slug: nil, request_options: {} ) body = { - "role_slug" => role_slug, - "resource_id" => resource_id, - "resource_external_id" => resource_external_id, - "resource_type_slug" => resource_type_slug + "role_slug" => role_slug }.compact - case resource_target[:type] - when "by_id" - body["resource_id"] = resource_target[:resource_id] - when "by_external_id" - body["resource_external_id"] = resource_target[:resource_external_id] - body["resource_type_slug"] = resource_target[:resource_type_slug] + case resource_target + when WorkOS::ResourceTargetById + body["resource_id"] = resource_target.resource_id + when WorkOS::ResourceTargetByExternalId + body["resource_external_id"] = resource_target.resource_external_id + body["resource_type_slug"] = resource_target.resource_type_slug end response = @client.request( method: :post, @@ -307,33 +292,25 @@ def assign_role( # Remove a role assignment # @param organization_membership_id [String] The ID of the organization membership. # @param role_slug [String] The slug of the role to remove. - # @param resource_id [String, nil] The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. - # @param resource_external_id [String, nil] The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. - # @param resource_type_slug [String, nil] The resource type slug. Required with `resource_external_id`. Mutually exclusive with `resource_id`. + # @param resource_target [WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId] Identifies the resource target. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [void] def remove_role( organization_membership_id:, role_slug:, resource_target:, - resource_id: nil, - resource_external_id: nil, - resource_type_slug: nil, request_options: {} ) params = {}.compact - case resource_target[:type] - when "by_id" - params["resource_id"] = resource_target[:resource_id] - when "by_external_id" - params["resource_external_id"] = resource_target[:resource_external_id] - params["resource_type_slug"] = resource_target[:resource_type_slug] + case resource_target + when WorkOS::ResourceTargetById + params["resource_id"] = resource_target.resource_id + when WorkOS::ResourceTargetByExternalId + params["resource_external_id"] = resource_target.resource_external_id + params["resource_type_slug"] = resource_target.resource_type_slug end body = { - "role_slug" => role_slug, - "resource_id" => resource_id, - "resource_external_id" => resource_external_id, - "resource_type_slug" => resource_type_slug + "role_slug" => role_slug }.compact @client.request( method: :delete, @@ -594,9 +571,7 @@ def get_resource_by_external_id( # @param external_id [String] An identifier you provide to reference the resource in your system. # @param name [String, nil] A display name for the resource. # @param description [String, nil] An optional description of the resource. - # @param parent_resource_id [String, nil] The ID of the parent resource. Mutually exclusive with `parent_resource_external_id` and `parent_resource_type_slug`. - # @param parent_resource_external_id [String, nil] The external ID of the parent resource. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`. - # @param parent_resource_type_slug [String, nil] The resource type slug of the parent resource. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`. + # @param parent_resource [WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, nil] Identifies the parent resource. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::AuthorizationResource] def update_resource_by_external_id( @@ -605,26 +580,20 @@ def update_resource_by_external_id( external_id:, name: nil, description: nil, - parent_resource_id: nil, - parent_resource_external_id: nil, - parent_resource_type_slug: nil, parent_resource: nil, request_options: {} ) body = { "name" => name, - "description" => description, - "parent_resource_id" => parent_resource_id, - "parent_resource_external_id" => parent_resource_external_id, - "parent_resource_type_slug" => parent_resource_type_slug + "description" => description }.compact if parent_resource - case parent_resource[:type] - when "by_id" - body["parent_resource_id"] = parent_resource[:parent_resource_id] - when "by_external_id" - body["parent_resource_external_id"] = parent_resource[:parent_resource_external_id] - body["parent_resource_type_slug"] = parent_resource[:parent_resource_type_slug] + case parent_resource + when WorkOS::ParentResourceById + body["parent_resource_id"] = parent_resource.parent_resource_id + when WorkOS::ParentResourceByExternalId + body["parent_resource_external_id"] = parent_resource.parent_resource_external_id + body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug end end response = @client.request( @@ -736,6 +705,7 @@ def list_memberships_for_resource_by_external_id( # @param resource_type_slug [String, nil] Filter resources by resource type slug. # @param resource_external_id [String, nil] Filter resources by external ID. # @param search [String, nil] Search resources by name. + # @param parent [WorkOS::ParentById, WorkOS::ParentByExternalId, nil] Identifies the parent. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::Types::ListStruct] def list_resources( @@ -761,12 +731,12 @@ def list_resources( "search" => search }.compact if parent - case parent[:type] - when "by_id" - params["parent_resource_id"] = parent[:parent_resource_id] - when "by_external_id" - params["parent_resource_type_slug"] = parent[:parent_resource_type_slug] - params["parent_external_id"] = parent[:parent_external_id] + case parent + when WorkOS::ParentById + params["parent_resource_id"] = parent.parent_resource_id + when WorkOS::ParentByExternalId + params["parent_resource_type_slug"] = parent.parent_resource_type_slug + params["parent_external_id"] = parent.parent_external_id end end response = @client.request( @@ -804,9 +774,7 @@ def list_resources( # @param description [String, nil] An optional description of the resource. # @param resource_type_slug [String] The slug of the resource type. # @param organization_id [String] The ID of the organization this resource belongs to. - # @param parent_resource_id [String, nil] The ID of the parent resource. Mutually exclusive with `parent_resource_external_id` and `parent_resource_type_slug`. - # @param parent_resource_external_id [String, nil] The external ID of the parent resource. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`. - # @param parent_resource_type_slug [String, nil] The resource type slug of the parent resource. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`. + # @param parent_resource [WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, nil] Identifies the parent resource. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::AuthorizationResource] def create_resource( @@ -815,9 +783,6 @@ def create_resource( resource_type_slug:, organization_id:, description: nil, - parent_resource_id: nil, - parent_resource_external_id: nil, - parent_resource_type_slug: nil, parent_resource: nil, request_options: {} ) @@ -826,18 +791,15 @@ def create_resource( "name" => name, "description" => description, "resource_type_slug" => resource_type_slug, - "organization_id" => organization_id, - "parent_resource_id" => parent_resource_id, - "parent_resource_external_id" => parent_resource_external_id, - "parent_resource_type_slug" => parent_resource_type_slug + "organization_id" => organization_id }.compact if parent_resource - case parent_resource[:type] - when "by_id" - body["parent_resource_id"] = parent_resource[:parent_resource_id] - when "by_external_id" - body["parent_resource_external_id"] = parent_resource[:parent_resource_external_id] - body["parent_resource_type_slug"] = parent_resource[:parent_resource_type_slug] + case parent_resource + when WorkOS::ParentResourceById + body["parent_resource_id"] = parent_resource.parent_resource_id + when WorkOS::ParentResourceByExternalId + body["parent_resource_external_id"] = parent_resource.parent_resource_external_id + body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug end end response = @client.request( @@ -875,35 +837,27 @@ def get_resource( # @param resource_id [String] The ID of the authorization resource. # @param name [String, nil] A display name for the resource. # @param description [String, nil] An optional description of the resource. - # @param parent_resource_id [String, nil] The ID of the parent resource. Mutually exclusive with `parent_resource_external_id` and `parent_resource_type_slug`. - # @param parent_resource_external_id [String, nil] The external ID of the parent resource. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`. - # @param parent_resource_type_slug [String, nil] The resource type slug of the parent resource. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`. + # @param parent_resource [WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, nil] Identifies the parent resource. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::AuthorizationResource] def update_resource( resource_id:, name: nil, description: nil, - parent_resource_id: nil, - parent_resource_external_id: nil, - parent_resource_type_slug: nil, parent_resource: nil, request_options: {} ) body = { "name" => name, - "description" => description, - "parent_resource_id" => parent_resource_id, - "parent_resource_external_id" => parent_resource_external_id, - "parent_resource_type_slug" => parent_resource_type_slug + "description" => description }.compact if parent_resource - case parent_resource[:type] - when "by_id" - body["parent_resource_id"] = parent_resource[:parent_resource_id] - when "by_external_id" - body["parent_resource_external_id"] = parent_resource[:parent_resource_external_id] - body["parent_resource_type_slug"] = parent_resource[:parent_resource_type_slug] + case parent_resource + when WorkOS::ParentResourceById + body["parent_resource_id"] = parent_resource.parent_resource_id + when WorkOS::ParentResourceByExternalId + body["parent_resource_external_id"] = parent_resource.parent_resource_external_id + body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug end end response = @client.request( diff --git a/lib/workos/parent_by_external_id.rb b/lib/workos/parent_by_external_id.rb new file mode 100644 index 00000000..ef800bdc --- /dev/null +++ b/lib/workos/parent_by_external_id.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +module WorkOS + # Identifies the parent (by external id variant). + # + # @!attribute [r] parent_resource_type_slug + # @return [String] + # @!attribute [r] parent_external_id + # @return [String] + ParentByExternalId = Data.define(:parent_resource_type_slug, :parent_external_id) +end diff --git a/lib/workos/parent_by_id.rb b/lib/workos/parent_by_id.rb new file mode 100644 index 00000000..9d7c42d2 --- /dev/null +++ b/lib/workos/parent_by_id.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +module WorkOS + # Identifies the parent (by id variant). + # + # @!attribute [r] parent_resource_id + # @return [String] + ParentById = Data.define(:parent_resource_id) +end diff --git a/lib/workos/parent_resource_by_external_id.rb b/lib/workos/parent_resource_by_external_id.rb new file mode 100644 index 00000000..2eb73f6a --- /dev/null +++ b/lib/workos/parent_resource_by_external_id.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +module WorkOS + # Identifies the parent resource (by external id variant). + # + # @!attribute [r] parent_resource_type_slug + # @return [String] + # @!attribute [r] parent_resource_external_id + # @return [String] + ParentResourceByExternalId = Data.define(:parent_resource_type_slug, :parent_resource_external_id) +end diff --git a/lib/workos/parent_resource_by_id.rb b/lib/workos/parent_resource_by_id.rb new file mode 100644 index 00000000..96bb35ca --- /dev/null +++ b/lib/workos/parent_resource_by_id.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +module WorkOS + # Identifies the parent resource (by id variant). + # + # @!attribute [r] parent_resource_id + # @return [String] + ParentResourceById = Data.define(:parent_resource_id) +end diff --git a/lib/workos/password_hashed.rb b/lib/workos/password_hashed.rb new file mode 100644 index 00000000..d68dd0ad --- /dev/null +++ b/lib/workos/password_hashed.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +module WorkOS + # Identifies the password (hashed variant). + # + # @!attribute [r] password_hash + # @return [String] + # @!attribute [r] password_hash_type + # @return [WorkOS::Types::CreateUserPasswordHashType] + PasswordHashed = Data.define(:password_hash, :password_hash_type) +end diff --git a/lib/workos/password_plaintext.rb b/lib/workos/password_plaintext.rb new file mode 100644 index 00000000..a11d2b2f --- /dev/null +++ b/lib/workos/password_plaintext.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +module WorkOS + # Identifies the password (plaintext variant). + # + # @!attribute [r] password + # @return [String, nil] + PasswordPlaintext = Data.define(:password) +end diff --git a/lib/workos/resource_target_by_external_id.rb b/lib/workos/resource_target_by_external_id.rb new file mode 100644 index 00000000..bd10dda2 --- /dev/null +++ b/lib/workos/resource_target_by_external_id.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +module WorkOS + # Identifies the resource target (by external id variant). + # + # @!attribute [r] resource_external_id + # @return [String] + # @!attribute [r] resource_type_slug + # @return [String] + ResourceTargetByExternalId = Data.define(:resource_external_id, :resource_type_slug) +end diff --git a/lib/workos/resource_target_by_id.rb b/lib/workos/resource_target_by_id.rb new file mode 100644 index 00000000..624a7eb8 --- /dev/null +++ b/lib/workos/resource_target_by_id.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +module WorkOS + # Identifies the resource target (by id variant). + # + # @!attribute [r] resource_id + # @return [String] + ResourceTargetById = Data.define(:resource_id) +end diff --git a/lib/workos/role_multiple.rb b/lib/workos/role_multiple.rb new file mode 100644 index 00000000..e4453202 --- /dev/null +++ b/lib/workos/role_multiple.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +module WorkOS + # Identifies the role (multiple variant). + # + # @!attribute [r] role_slugs + # @return [Array] + RoleMultiple = Data.define(:role_slugs) +end diff --git a/lib/workos/role_single.rb b/lib/workos/role_single.rb new file mode 100644 index 00000000..aef3185e --- /dev/null +++ b/lib/workos/role_single.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +module WorkOS + # Identifies the role (single variant). + # + # @!attribute [r] role_slug + # @return [String] + RoleSingle = Data.define(:role_slug) +end diff --git a/lib/workos/user_management.rb b/lib/workos/user_management.rb index d1dd282e..1b2091a4 100644 --- a/lib/workos/user_management.rb +++ b/lib/workos/user_management.rb @@ -613,9 +613,7 @@ def list_users( # @param email_verified [Boolean, nil] Whether the user's email has been verified. # @param metadata [Hash{String => String}, nil] Object containing metadata key/value pairs associated with the user. # @param external_id [String, nil] The external ID of the user. - # @param password [String, nil] The password to set for the user. Mutually exclusive with `password_hash` and `password_hash_type`. - # @param password_hash [String, nil] The hashed password to set for the user. Required with `password_hash_type`. Mutually exclusive with `password`. - # @param password_hash_type [WorkOS::Types::CreateUserPasswordHashType, nil] The algorithm originally used to hash the password, used when providing a `password_hash`. Required with `password_hash`. Mutually exclusive with `password`. + # @param password [WorkOS::PasswordPlaintext, WorkOS::PasswordHashed, nil] Identifies the password. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::User] def create_user( @@ -626,8 +624,6 @@ def create_user( metadata: nil, external_id: nil, password: nil, - password_hash: nil, - password_hash_type: nil, request_options: {} ) body = { @@ -636,18 +632,15 @@ def create_user( "last_name" => last_name, "email_verified" => email_verified, "metadata" => metadata, - "external_id" => external_id, - "password" => password, - "password_hash" => password_hash, - "password_hash_type" => password_hash_type + "external_id" => external_id }.compact if password - case password[:type] - when "plaintext" - body["password"] = password[:password] - when "hashed" - body["password_hash"] = password[:password_hash] - body["password_hash_type"] = password[:password_hash_type] + case password + when WorkOS::PasswordPlaintext + body["password"] = password.password + when WorkOS::PasswordHashed + body["password_hash"] = password.password_hash + body["password_hash_type"] = password.password_hash_type end end response = @client.request( @@ -709,9 +702,7 @@ def get_user( # @param metadata [Hash{String => String}, nil] Object containing metadata key/value pairs associated with the user. # @param external_id [String, nil] The external ID of the user. # @param locale [String, nil] The user's preferred locale. - # @param password [String, nil] The password to set for the user. Mutually exclusive with `password_hash` and `password_hash_type`. - # @param password_hash [String, nil] The hashed password to set for the user. Required with `password_hash_type`. Mutually exclusive with `password`. - # @param password_hash_type [WorkOS::Types::UpdateUserPasswordHashType, nil] The algorithm originally used to hash the password, used when providing a `password_hash`. Required with `password_hash`. Mutually exclusive with `password`. + # @param password [WorkOS::PasswordPlaintext, WorkOS::PasswordHashed, nil] Identifies the password. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::User] def update_user( @@ -724,8 +715,6 @@ def update_user( external_id: nil, locale: nil, password: nil, - password_hash: nil, - password_hash_type: nil, request_options: {} ) body = { @@ -735,18 +724,15 @@ def update_user( "email_verified" => email_verified, "metadata" => metadata, "external_id" => external_id, - "locale" => locale, - "password" => password, - "password_hash" => password_hash, - "password_hash_type" => password_hash_type + "locale" => locale }.compact if password - case password[:type] - when "plaintext" - body["password"] = password[:password] - when "hashed" - body["password_hash"] = password[:password_hash] - body["password_hash_type"] = password[:password_hash_type] + case password + when WorkOS::PasswordPlaintext + body["password"] = password.password + when WorkOS::PasswordHashed + body["password_hash"] = password.password_hash + body["password_hash_type"] = password.password_hash_type end end response = @client.request( @@ -1255,30 +1241,25 @@ def list_organization_memberships( # Create an organization membership # @param user_id [String] The ID of the [user](https://workos.com/docs/reference/authkit/user). # @param organization_id [String] The ID of the [organization](https://workos.com/docs/reference/organization) which the user belongs to. - # @param role_slug [String, nil] A single role identifier. Defaults to `member` or the explicit default role. Mutually exclusive with `role_slugs`. - # @param role_slugs [Array, nil] An array of role identifiers. Limited to one role when Multiple Roles is disabled. Mutually exclusive with `role_slug`. + # @param role [WorkOS::RoleSingle, WorkOS::RoleMultiple, nil] Identifies the role. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::OrganizationMembership] def create_organization_membership( user_id:, organization_id:, - role_slug: nil, - role_slugs: nil, role: nil, request_options: {} ) body = { "user_id" => user_id, - "organization_id" => organization_id, - "role_slug" => role_slug, - "role_slugs" => role_slugs + "organization_id" => organization_id }.compact if role - case role[:type] - when "single" - body["role_slug"] = role[:role_slug] - when "multiple" - body["role_slugs"] = role[:role_slugs] + case role + when WorkOS::RoleSingle + body["role_slug"] = role.role_slug + when WorkOS::RoleMultiple + body["role_slugs"] = role.role_slugs end end response = @client.request( @@ -1314,34 +1295,18 @@ def get_organization_membership( # Update an organization membership # @param id [String] The unique ID of the organization membership. - # @param role_slug [String, nil] A single role identifier. Defaults to `member` or the explicit default role. Mutually exclusive with `role_slugs`. - # @param role_slugs [Array, nil] An array of role identifiers. Limited to one role when Multiple Roles is disabled. Mutually exclusive with `role_slug`. + # @param role [WorkOS::RoleSingle, WorkOS::RoleMultiple, nil] Identifies the role. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::UserOrganizationMembership] def update_organization_membership( id:, - role_slug: nil, - role_slugs: nil, role: nil, request_options: {} ) - body = { - "role_slug" => role_slug, - "role_slugs" => role_slugs - }.compact - if role - case role[:type] - when "single" - body["role_slug"] = role[:role_slug] - when "multiple" - body["role_slugs"] = role[:role_slugs] - end - end response = @client.request( method: :put, path: "/user_management/organization_memberships/#{WorkOS::Util.encode_path(id)}", auth: true, - body: body, request_options: request_options ) result = WorkOS::UserOrganizationMembership.new(response.body) diff --git a/rbi/workos/authorization.rbi b/rbi/workos/authorization.rbi index 3089a0ef..719a2138 100644 --- a/rbi/workos/authorization.rbi +++ b/rbi/workos/authorization.rbi @@ -13,18 +13,17 @@ module WorkOS params( organization_membership_id: String, permission_slug: String, - resource_id: T.nilable(String), - resource_external_id: T.nilable(String), - resource_type_slug: T.nilable(String), + resource_target: T.any(WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::AuthorizationCheck) end - def check(organization_membership_id:, permission_slug:, resource_id:, resource_external_id:, resource_type_slug:, request_options:); end + def check(organization_membership_id:, permission_slug:, resource_target:, request_options:); end sig do params( organization_membership_id: String, permission_slug: String, + parent_resource: T.any(WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId), before: T.nilable(String), after: T.nilable(String), limit: T.nilable(Integer), @@ -32,7 +31,7 @@ module WorkOS request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::Types::ListStruct) end - def list_resources_for_membership(organization_membership_id:, permission_slug:, before:, after:, limit:, order:, request_options:); end + def list_resources_for_membership(organization_membership_id:, permission_slug:, parent_resource:, before:, after:, limit:, order:, request_options:); end sig do params( @@ -77,25 +76,21 @@ module WorkOS params( organization_membership_id: String, role_slug: String, - resource_id: T.nilable(String), - resource_external_id: T.nilable(String), - resource_type_slug: T.nilable(String), + resource_target: T.any(WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::RoleAssignment) end - def assign_role(organization_membership_id:, role_slug:, resource_id:, resource_external_id:, resource_type_slug:, request_options:); end + def assign_role(organization_membership_id:, role_slug:, resource_target:, request_options:); end sig do params( organization_membership_id: String, role_slug: String, - resource_id: T.nilable(String), - resource_external_id: T.nilable(String), - resource_type_slug: T.nilable(String), + resource_target: T.any(WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId), request_options: T::Hash[Symbol, T.untyped] ).returns(NilClass) end - def remove_role(organization_membership_id:, role_slug:, resource_id:, resource_external_id:, resource_type_slug:, request_options:); end + def remove_role(organization_membership_id:, role_slug:, resource_target:, request_options:); end sig do params( @@ -201,13 +196,11 @@ module WorkOS external_id: String, name: T.nilable(String), description: T.nilable(String), - parent_resource_id: T.nilable(String), - parent_resource_external_id: T.nilable(String), - parent_resource_type_slug: T.nilable(String), + parent_resource: T.nilable(T.any(WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::AuthorizationResource) end - def update_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, name:, description:, parent_resource_id:, parent_resource_external_id:, parent_resource_type_slug:, request_options:); end + def update_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, name:, description:, parent_resource:, request_options:); end sig do params( @@ -246,10 +239,11 @@ module WorkOS resource_type_slug: T.nilable(String), resource_external_id: T.nilable(String), search: T.nilable(String), + parent: T.nilable(T.any(WorkOS::ParentById, WorkOS::ParentByExternalId)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::Types::ListStruct) end - def list_resources(before:, after:, limit:, order:, organization_id:, resource_type_slug:, resource_external_id:, search:, request_options:); end + def list_resources(before:, after:, limit:, order:, organization_id:, resource_type_slug:, resource_external_id:, search:, parent:, request_options:); end sig do params( @@ -258,13 +252,11 @@ module WorkOS resource_type_slug: String, organization_id: String, description: T.nilable(String), - parent_resource_id: T.nilable(String), - parent_resource_external_id: T.nilable(String), - parent_resource_type_slug: T.nilable(String), + parent_resource: T.nilable(T.any(WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::AuthorizationResource) end - def create_resource(external_id:, name:, resource_type_slug:, organization_id:, description:, parent_resource_id:, parent_resource_external_id:, parent_resource_type_slug:, request_options:); end + def create_resource(external_id:, name:, resource_type_slug:, organization_id:, description:, parent_resource:, request_options:); end sig do params( @@ -279,13 +271,11 @@ module WorkOS resource_id: String, name: T.nilable(String), description: T.nilable(String), - parent_resource_id: T.nilable(String), - parent_resource_external_id: T.nilable(String), - parent_resource_type_slug: T.nilable(String), + parent_resource: T.nilable(T.any(WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::AuthorizationResource) end - def update_resource(resource_id:, name:, description:, parent_resource_id:, parent_resource_external_id:, parent_resource_type_slug:, request_options:); end + def update_resource(resource_id:, name:, description:, parent_resource:, request_options:); end sig do params( diff --git a/rbi/workos/parent_by_external_id.rbi b/rbi/workos/parent_by_external_id.rbi new file mode 100644 index 00000000..07e6a912 --- /dev/null +++ b/rbi/workos/parent_by_external_id.rbi @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +# typed: strong + +module WorkOS + class ParentByExternalId + sig { returns(String) } + def parent_resource_type_slug; end + + sig { returns(String) } + def parent_external_id; end + + sig do + params( + parent_resource_type_slug: String, + parent_external_id: String + ).returns(WorkOS::ParentByExternalId) + end + def self.new(parent_resource_type_slug:, parent_external_id:); end + end +end diff --git a/rbi/workos/parent_by_id.rbi b/rbi/workos/parent_by_id.rbi new file mode 100644 index 00000000..d5787e96 --- /dev/null +++ b/rbi/workos/parent_by_id.rbi @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +# typed: strong + +module WorkOS + class ParentById + sig { returns(String) } + def parent_resource_id; end + + sig do + params( + parent_resource_id: String + ).returns(WorkOS::ParentById) + end + def self.new(parent_resource_id:); end + end +end diff --git a/rbi/workos/parent_resource_by_external_id.rbi b/rbi/workos/parent_resource_by_external_id.rbi new file mode 100644 index 00000000..c23027f7 --- /dev/null +++ b/rbi/workos/parent_resource_by_external_id.rbi @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +# typed: strong + +module WorkOS + class ParentResourceByExternalId + sig { returns(String) } + def parent_resource_type_slug; end + + sig { returns(String) } + def parent_resource_external_id; end + + sig do + params( + parent_resource_type_slug: String, + parent_resource_external_id: String + ).returns(WorkOS::ParentResourceByExternalId) + end + def self.new(parent_resource_type_slug:, parent_resource_external_id:); end + end +end diff --git a/rbi/workos/parent_resource_by_id.rbi b/rbi/workos/parent_resource_by_id.rbi new file mode 100644 index 00000000..50c3d7b0 --- /dev/null +++ b/rbi/workos/parent_resource_by_id.rbi @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +# typed: strong + +module WorkOS + class ParentResourceById + sig { returns(String) } + def parent_resource_id; end + + sig do + params( + parent_resource_id: String + ).returns(WorkOS::ParentResourceById) + end + def self.new(parent_resource_id:); end + end +end diff --git a/rbi/workos/password_hashed.rbi b/rbi/workos/password_hashed.rbi new file mode 100644 index 00000000..4763f69f --- /dev/null +++ b/rbi/workos/password_hashed.rbi @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +# typed: strong + +module WorkOS + class PasswordHashed + sig { returns(String) } + def password_hash; end + + sig { returns(String) } + def password_hash_type; end + + sig do + params( + password_hash: String, + password_hash_type: String + ).returns(WorkOS::PasswordHashed) + end + def self.new(password_hash:, password_hash_type:); end + end +end diff --git a/rbi/workos/password_plaintext.rbi b/rbi/workos/password_plaintext.rbi new file mode 100644 index 00000000..b8c54e2e --- /dev/null +++ b/rbi/workos/password_plaintext.rbi @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +# typed: strong + +module WorkOS + class PasswordPlaintext + sig { returns(T.nilable(String)) } + def password; end + + sig do + params( + password: T.nilable(String) + ).returns(WorkOS::PasswordPlaintext) + end + def self.new(password:); end + end +end diff --git a/rbi/workos/resource_target_by_external_id.rbi b/rbi/workos/resource_target_by_external_id.rbi new file mode 100644 index 00000000..1732bac4 --- /dev/null +++ b/rbi/workos/resource_target_by_external_id.rbi @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +# typed: strong + +module WorkOS + class ResourceTargetByExternalId + sig { returns(String) } + def resource_external_id; end + + sig { returns(String) } + def resource_type_slug; end + + sig do + params( + resource_external_id: String, + resource_type_slug: String + ).returns(WorkOS::ResourceTargetByExternalId) + end + def self.new(resource_external_id:, resource_type_slug:); end + end +end diff --git a/rbi/workos/resource_target_by_id.rbi b/rbi/workos/resource_target_by_id.rbi new file mode 100644 index 00000000..a9f5ff02 --- /dev/null +++ b/rbi/workos/resource_target_by_id.rbi @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +# typed: strong + +module WorkOS + class ResourceTargetById + sig { returns(String) } + def resource_id; end + + sig do + params( + resource_id: String + ).returns(WorkOS::ResourceTargetById) + end + def self.new(resource_id:); end + end +end diff --git a/rbi/workos/role_multiple.rbi b/rbi/workos/role_multiple.rbi new file mode 100644 index 00000000..25ef81eb --- /dev/null +++ b/rbi/workos/role_multiple.rbi @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +# typed: strong + +module WorkOS + class RoleMultiple + sig { returns(T::Array[String]) } + def role_slugs; end + + sig do + params( + role_slugs: T::Array[String] + ).returns(WorkOS::RoleMultiple) + end + def self.new(role_slugs:); end + end +end diff --git a/rbi/workos/role_single.rbi b/rbi/workos/role_single.rbi new file mode 100644 index 00000000..153240b6 --- /dev/null +++ b/rbi/workos/role_single.rbi @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +# This file is auto-generated by oagen. Do not edit. + +# typed: strong + +module WorkOS + class RoleSingle + sig { returns(String) } + def role_slug; end + + sig do + params( + role_slug: String + ).returns(WorkOS::RoleSingle) + end + def self.new(role_slug:); end + end +end diff --git a/rbi/workos/user_management.rbi b/rbi/workos/user_management.rbi index 53d746e7..ca013e20 100644 --- a/rbi/workos/user_management.rbi +++ b/rbi/workos/user_management.rbi @@ -113,13 +113,11 @@ module WorkOS email_verified: T.nilable(T::Boolean), metadata: T.nilable(T::Hash[String, String]), external_id: T.nilable(String), - password: T.nilable(String), - password_hash: T.nilable(String), - password_hash_type: T.nilable(String), + password: T.nilable(T.any(WorkOS::PasswordPlaintext, WorkOS::PasswordHashed)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::User) end - def create_user(email:, first_name:, last_name:, email_verified:, metadata:, external_id:, password:, password_hash:, password_hash_type:, request_options:); end + def create_user(email:, first_name:, last_name:, email_verified:, metadata:, external_id:, password:, request_options:); end sig do params( @@ -147,13 +145,11 @@ module WorkOS metadata: T.nilable(T::Hash[String, String]), external_id: T.nilable(String), locale: T.nilable(String), - password: T.nilable(String), - password_hash: T.nilable(String), - password_hash_type: T.nilable(String), + password: T.nilable(T.any(WorkOS::PasswordPlaintext, WorkOS::PasswordHashed)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::User) end - def update_user(id:, email:, first_name:, last_name:, email_verified:, metadata:, external_id:, locale:, password:, password_hash:, password_hash_type:, request_options:); end + def update_user(id:, email:, first_name:, last_name:, email_verified:, metadata:, external_id:, locale:, password:, request_options:); end sig do params( @@ -328,12 +324,11 @@ module WorkOS params( user_id: String, organization_id: String, - role_slug: T.nilable(String), - role_slugs: T.nilable(T::Array[String]), + role: T.nilable(T.any(WorkOS::RoleSingle, WorkOS::RoleMultiple)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::OrganizationMembership) end - def create_organization_membership(user_id:, organization_id:, role_slug:, role_slugs:, request_options:); end + def create_organization_membership(user_id:, organization_id:, role:, request_options:); end sig do params( @@ -346,12 +341,11 @@ module WorkOS sig do params( id: String, - role_slug: T.nilable(String), - role_slugs: T.nilable(T::Array[String]), + role: T.nilable(T.any(WorkOS::RoleSingle, WorkOS::RoleMultiple)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::UserOrganizationMembership) end - def update_organization_membership(id:, role_slug:, role_slugs:, request_options:); end + def update_organization_membership(id:, role:, request_options:); end sig do params( diff --git a/test/workos/test_authorization.rb b/test/workos/test_authorization.rb index 56c1dfcc..0f807af9 100644 --- a/test/workos/test_authorization.rb +++ b/test/workos/test_authorization.rb @@ -14,14 +14,14 @@ def setup def test_check_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)}) .to_return(body: "{}", status: 200) - result = @client.authorization.check(organization_membership_id: "stub", permission_slug: "stub", resource_target: {type: "by_id"}) + result = @client.authorization.check(organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")) refute_nil result end def test_list_resources_for_membership_returns_expected_result stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)}) .to_return(body: '{"data": [], "list_metadata": {}}', status: 200) - result = @client.authorization.list_resources_for_membership(organization_membership_id: "stub", permission_slug: "stub", parent_resource: {type: "by_id"}) + result = @client.authorization.list_resources_for_membership(organization_membership_id: "stub", permission_slug: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")) assert_kind_of WorkOS::Types::ListStruct, result end @@ -49,14 +49,14 @@ def test_list_role_assignments_returns_expected_result def test_assign_role_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}) .to_return(body: "{}", status: 200) - result = @client.authorization.assign_role(organization_membership_id: "stub", role_slug: "stub", resource_target: {type: "by_id"}) + result = @client.authorization.assign_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")) refute_nil result end def test_remove_role_returns_expected_result stub_request(:delete, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}) .to_return(body: "{}", status: 200) - result = @client.authorization.remove_role(organization_membership_id: "stub", role_slug: "stub", resource_target: {type: "by_id"}) + result = @client.authorization.remove_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")) assert_nil result end @@ -272,13 +272,13 @@ def test_delete_permission_returns_expected_result # Parameterized authentication error tests (one per endpoint). [ - {name: :check, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)}, args: {organization_membership_id: "stub", permission_slug: "stub", resource_target: {type: "by_id"}}}, - {name: :list_resources_for_membership, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)}, args: {organization_membership_id: "stub", permission_slug: "stub", parent_resource: {type: "by_id"}}}, + {name: :check, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)}, args: {organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")}}, + {name: :list_resources_for_membership, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)}, args: {organization_membership_id: "stub", permission_slug: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")}}, {name: :list_effective_permissions, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources/stub/permissions(\?|\z)}, args: {organization_membership_id: "stub", resource_id: "stub"}}, {name: :list_effective_permissions_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources/stub/stub/permissions(\?|\z)}, args: {organization_membership_id: "stub", resource_type_slug: "stub", external_id: "stub"}}, {name: :list_role_assignments, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub"}}, - {name: :assign_role, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub", role_slug: "stub", resource_target: {type: "by_id"}}}, - {name: :remove_role, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub", role_slug: "stub", resource_target: {type: "by_id"}}}, + {name: :assign_role, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")}}, + {name: :remove_role, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")}}, {name: :remove_role_assignment, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments/stub(\?|\z)}, args: {organization_membership_id: "stub", role_assignment_id: "stub"}}, {name: :list_organization_roles, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles(\?|\z)}, args: {organization_id: "stub"}}, {name: :create_organization_role, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles(\?|\z)}, args: {organization_id: "stub", name: "stub"}}, From 154b3508e300abec5bf0ee061199ba0dedb1cb0c Mon Sep 17 00:00:00 2001 From: "Garen J. Torikian" Date: Thu, 30 Apr 2026 11:46:10 -0400 Subject: [PATCH 2/7] fix: send body on update_organization_membership MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous regen dropped the request body from `update_organization_membership` because its body is exclusively managed by the `role` parameter group, and the new variant-class filter left `bodyFields` empty — which the emitter (incorrectly) treated as "no body at all," skipping both the dispatcher and the `body:` request kwarg. Any `role:` argument was silently lost. Caught by Greptile review. Emitter fix in workos/oagen-emitters#66 (commit b87038b). Co-Authored-By: Claude Opus 4.7 (1M context) --- .oagen-manifest.json | 2 +- lib/workos/user_management.rb | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.oagen-manifest.json b/.oagen-manifest.json index 4d7019d9..d4bb31c1 100644 --- a/.oagen-manifest.json +++ b/.oagen-manifest.json @@ -1,7 +1,7 @@ { "version": 2, "language": "ruby", - "generatedAt": "2026-04-30T15:37:06.621Z", + "generatedAt": "2026-04-30T15:44:59.965Z", "files": [ "lib/workos.rb", "lib/workos/admin_portal.rb", diff --git a/lib/workos/user_management.rb b/lib/workos/user_management.rb index 1b2091a4..ba1fe865 100644 --- a/lib/workos/user_management.rb +++ b/lib/workos/user_management.rb @@ -1303,10 +1303,20 @@ def update_organization_membership( role: nil, request_options: {} ) + body = {}.compact + if role + case role + when WorkOS::RoleSingle + body["role_slug"] = role.role_slug + when WorkOS::RoleMultiple + body["role_slugs"] = role.role_slugs + end + end response = @client.request( method: :put, path: "/user_management/organization_memberships/#{WorkOS::Util.encode_path(id)}", auth: true, + body: body, request_options: request_options ) result = WorkOS::UserOrganizationMembership.new(response.body) From 205b77e2dcf80bcc96002d3a8311e4139ee4b2c4 Mon Sep 17 00:00:00 2001 From: "Garen J. Torikian" Date: Thu, 30 Apr 2026 11:54:52 -0400 Subject: [PATCH 3/7] test: assert request body for parameter-group dispatchers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Regenerated tests now pass optional parameter groups (e.g. `role:`, `password:`, `parent_resource:`) and assert the wire body via webmock's `hash_including` matcher for any operation whose body is constructed by a group dispatcher. Catches silent-drop regressions like the one fixed in 154b350 — without this, `test_update_organization_membership` was calling with `id:` only, never exercising the role dispatcher. Emitter change: workos/oagen-emitters@a8bba55 on workos/oagen-emitters#66. Co-Authored-By: Claude Opus 4.7 (1M context) --- .oagen-manifest.json | 2 +- test/workos/test_authorization.rb | 21 +++++++++++++-------- test/workos/test_user_management.rb | 20 ++++++++++++-------- 3 files changed, 26 insertions(+), 17 deletions(-) diff --git a/.oagen-manifest.json b/.oagen-manifest.json index d4bb31c1..a275275c 100644 --- a/.oagen-manifest.json +++ b/.oagen-manifest.json @@ -1,7 +1,7 @@ { "version": 2, "language": "ruby", - "generatedAt": "2026-04-30T15:44:59.965Z", + "generatedAt": "2026-04-30T15:54:03.080Z", "files": [ "lib/workos.rb", "lib/workos/admin_portal.rb", diff --git a/test/workos/test_authorization.rb b/test/workos/test_authorization.rb index 0f807af9..3caba398 100644 --- a/test/workos/test_authorization.rb +++ b/test/workos/test_authorization.rb @@ -13,6 +13,7 @@ def setup def test_check_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)}) + .with(body: hash_including("permission_slug" => "stub", "resource_id" => "stub")) .to_return(body: "{}", status: 200) result = @client.authorization.check(organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")) refute_nil result @@ -48,6 +49,7 @@ def test_list_role_assignments_returns_expected_result def test_assign_role_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}) + .with(body: hash_including("role_slug" => "stub", "resource_id" => "stub")) .to_return(body: "{}", status: 200) result = @client.authorization.assign_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")) refute_nil result @@ -132,8 +134,9 @@ def test_get_resource_by_external_id_returns_expected_result def test_update_resource_by_external_id_returns_expected_result stub_request(:patch, %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}) + .with(body: hash_including("parent_resource_id" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.update_resource_by_external_id(organization_id: "stub", resource_type_slug: "stub", external_id: "stub") + result = @client.authorization.update_resource_by_external_id(organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")) refute_nil result end @@ -154,14 +157,15 @@ def test_list_memberships_for_resource_by_external_id_returns_expected_result def test_list_resources_returns_expected_result stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}) .to_return(body: '{"data": [], "list_metadata": {}}', status: 200) - result = @client.authorization.list_resources + result = @client.authorization.list_resources(parent: WorkOS::ParentById.new(parent_resource_id: "stub")) assert_kind_of WorkOS::Types::ListStruct, result end def test_create_resource_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}) + .with(body: hash_including("external_id" => "stub", "name" => "stub", "resource_type_slug" => "stub", "organization_id" => "stub", "parent_resource_id" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.create_resource(external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub") + result = @client.authorization.create_resource(external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")) refute_nil result end @@ -174,8 +178,9 @@ def test_get_resource_returns_expected_result def test_update_resource_returns_expected_result stub_request(:patch, %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}) + .with(body: hash_including("parent_resource_id" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.update_resource(resource_id: "stub") + result = @client.authorization.update_resource(resource_id: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")) refute_nil result end @@ -289,13 +294,13 @@ def test_delete_permission_returns_expected_result {name: :set_organization_role_permissions, verb: :put, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions(\?|\z)}, args: {organization_id: "stub", slug: "stub", permissions: []}}, {name: :remove_organization_role_permission, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions/stub(\?|\z)}, args: {organization_id: "stub", slug: "stub", permission_slug: "stub"}}, {name: :get_resource_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub"}}, - {name: :update_resource_by_external_id, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub"}}, + {name: :update_resource_by_external_id, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")}}, {name: :delete_resource_by_external_id, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub"}}, {name: :list_memberships_for_resource_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub/organization_memberships(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub", permission_slug: "stub"}}, - {name: :list_resources, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}}, - {name: :create_resource, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}, args: {external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub"}}, + {name: :list_resources, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}, args: {parent: WorkOS::ParentById.new(parent_resource_id: "stub")}}, + {name: :create_resource, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}, args: {external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")}}, {name: :get_resource, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}, args: {resource_id: "stub"}}, - {name: :update_resource, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}, args: {resource_id: "stub"}}, + {name: :update_resource, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}, args: {resource_id: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")}}, {name: :delete_resource, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}, args: {resource_id: "stub"}}, {name: :list_memberships_for_resource, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub/organization_memberships(\?|\z)}, args: {resource_id: "stub", permission_slug: "stub"}}, {name: :list_environment_roles, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/roles(\?|\z)}}, diff --git a/test/workos/test_user_management.rb b/test/workos/test_user_management.rb index 6456408a..4ad10ce2 100644 --- a/test/workos/test_user_management.rb +++ b/test/workos/test_user_management.rb @@ -203,8 +203,9 @@ def test_list_users_returns_expected_result def test_create_user_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/user_management/users(\?|\z)}) + .with(body: hash_including("email" => "stub", "password" => "stub")) .to_return(body: "{}", status: 200) - result = @client.user_management.create_user(email: "stub") + result = @client.user_management.create_user(email: "stub", password: WorkOS::PasswordPlaintext.new(password: "stub")) refute_nil result end @@ -224,8 +225,9 @@ def test_get_user_returns_expected_result def test_update_user_returns_expected_result stub_request(:put, %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}) + .with(body: hash_including("password" => "stub")) .to_return(body: "{}", status: 200) - result = @client.user_management.update_user(id: "stub") + result = @client.user_management.update_user(id: "stub", password: WorkOS::PasswordPlaintext.new(password: "stub")) refute_nil result end @@ -357,8 +359,9 @@ def test_list_organization_memberships_returns_expected_result def test_create_organization_membership_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships(\?|\z)}) + .with(body: hash_including("user_id" => "stub", "organization_id" => "stub", "role_slug" => "stub")) .to_return(body: "{}", status: 200) - result = @client.user_management.create_organization_membership(user_id: "stub", organization_id: "stub") + result = @client.user_management.create_organization_membership(user_id: "stub", organization_id: "stub", role: WorkOS::RoleSingle.new(role_slug: "stub")) refute_nil result end @@ -371,8 +374,9 @@ def test_get_organization_membership_returns_expected_result def test_update_organization_membership_returns_expected_result stub_request(:put, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}) + .with(body: hash_including("role_slug" => "stub")) .to_return(body: "{}", status: 200) - result = @client.user_management.update_organization_membership(id: "stub") + result = @client.user_management.update_organization_membership(id: "stub", role: WorkOS::RoleSingle.new(role_slug: "stub")) refute_nil result end @@ -430,10 +434,10 @@ def test_delete_user_authorized_application_returns_expected_result {name: :confirm_password_reset, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/password_reset/confirm(\?|\z)}, args: {token: "stub", new_password: "stub"}}, {name: :get_password_reset, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/password_reset/stub(\?|\z)}, args: {id: "stub"}}, {name: :list_users, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/users(\?|\z)}}, - {name: :create_user, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/users(\?|\z)}, args: {email: "stub"}}, + {name: :create_user, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/users(\?|\z)}, args: {email: "stub", password: WorkOS::PasswordPlaintext.new(password: "stub")}}, {name: :get_user_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/users/external_id/stub(\?|\z)}, args: {external_id: "stub"}}, {name: :get_user, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}, args: {id: "stub"}}, - {name: :update_user, verb: :put, url: %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}, args: {id: "stub"}}, + {name: :update_user, verb: :put, url: %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}, args: {id: "stub", password: WorkOS::PasswordPlaintext.new(password: "stub")}}, {name: :delete_user, verb: :delete, url: %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}, args: {id: "stub"}}, {name: :confirm_email_change, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/users/stub/email_change/confirm(\?|\z)}, args: {id: "stub", code: "stub"}}, {name: :send_email_change, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/users/stub/email_change/send(\?|\z)}, args: {id: "stub", new_email: "stub"}}, @@ -452,9 +456,9 @@ def test_delete_user_authorized_application_returns_expected_result {name: :create_magic_auth, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/magic_auth(\?|\z)}, args: {email: "stub"}}, {name: :get_magic_auth, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/magic_auth/stub(\?|\z)}, args: {id: "stub"}}, {name: :list_organization_memberships, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships(\?|\z)}}, - {name: :create_organization_membership, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships(\?|\z)}, args: {user_id: "stub", organization_id: "stub"}}, + {name: :create_organization_membership, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships(\?|\z)}, args: {user_id: "stub", organization_id: "stub", role: WorkOS::RoleSingle.new(role_slug: "stub")}}, {name: :get_organization_membership, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}, args: {id: "stub"}}, - {name: :update_organization_membership, verb: :put, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}, args: {id: "stub"}}, + {name: :update_organization_membership, verb: :put, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}, args: {id: "stub", role: WorkOS::RoleSingle.new(role_slug: "stub")}}, {name: :delete_organization_membership, verb: :delete, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}, args: {id: "stub"}}, {name: :deactivate_organization_membership, verb: :put, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub/deactivate(\?|\z)}, args: {id: "stub"}}, {name: :reactivate_organization_membership, verb: :put, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub/reactivate(\?|\z)}, args: {id: "stub"}}, From 5ede3bec7e4365a125fc4e535c25b226795e3bce Mon Sep 17 00:00:00 2001 From: "Garen J. Torikian" Date: Thu, 30 Apr 2026 12:51:01 -0400 Subject: [PATCH 4/7] fix: type PasswordPlaintext.password as required String Regenerated against oagen-emitters fix that stops the variant emitter from inheriting the parent group's nullability. `PasswordPlaintext.password` is now `String` instead of `T.nilable(String)`, so callers can no longer construct `WorkOS::PasswordPlaintext.new(password: nil)` and emit a literal `"password": null`. Caught by Greptile review. Emitter fix in workos/oagen-emitters@83cd567. Co-Authored-By: Claude Opus 4.7 (1M context) --- .oagen-manifest.json | 2 +- lib/workos/password_plaintext.rb | 2 +- rbi/workos/password_plaintext.rbi | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.oagen-manifest.json b/.oagen-manifest.json index a275275c..b769533a 100644 --- a/.oagen-manifest.json +++ b/.oagen-manifest.json @@ -1,7 +1,7 @@ { "version": 2, "language": "ruby", - "generatedAt": "2026-04-30T15:54:03.080Z", + "generatedAt": "2026-04-30T16:49:22.538Z", "files": [ "lib/workos.rb", "lib/workos/admin_portal.rb", diff --git a/lib/workos/password_plaintext.rb b/lib/workos/password_plaintext.rb index a11d2b2f..4cd64b34 100644 --- a/lib/workos/password_plaintext.rb +++ b/lib/workos/password_plaintext.rb @@ -6,6 +6,6 @@ module WorkOS # Identifies the password (plaintext variant). # # @!attribute [r] password - # @return [String, nil] + # @return [String] PasswordPlaintext = Data.define(:password) end diff --git a/rbi/workos/password_plaintext.rbi b/rbi/workos/password_plaintext.rbi index b8c54e2e..b26bec5c 100644 --- a/rbi/workos/password_plaintext.rbi +++ b/rbi/workos/password_plaintext.rbi @@ -6,12 +6,12 @@ module WorkOS class PasswordPlaintext - sig { returns(T.nilable(String)) } + sig { returns(String) } def password; end sig do params( - password: T.nilable(String) + password: String ).returns(WorkOS::PasswordPlaintext) end def self.new(password:); end From e93da86d6b931f319e3ff2b38f4875fa273b426b Mon Sep 17 00:00:00 2001 From: "Garen J. Torikian" Date: Thu, 30 Apr 2026 13:18:40 -0400 Subject: [PATCH 5/7] fix: harden parameter-group dispatchers and broaden test coverage Regenerated against three oagen-emitters fixes: - workos/oagen-emitters@8379c04: every `case prop / when WorkOS::Variant` dispatcher in user_management and authorization gains an `else raise ArgumentError` arm. Plain Ruby callers that pass a stale hash, a `nil`, or an unknown variant now fail fast locally with the expected variant classes named, instead of silently sending a request with the dispatcher's wire fields missing and getting a less-helpful 4xx. - workos/oagen-emitters@a1be4c9: ~10 dead `body = {}.compact` and `body = { "x" => x }.compact` calls disappear from operations whose body is built entirely from required kwargs. Cosmetic only. - workos/oagen-emitters@a53154c: 12 new `test__with__returns_expected_result` tests cover the second/third arm of every parameter-group dispatcher (ResourceTargetByExternalId, ParentResourceByExternalId, ParentByExternalId, PasswordHashed, RoleMultiple). Body matchers track the selected variant's wire-name leaves via `hash_including`. bundle exec rake test: 870 runs / 4395 assertions / 0 failures (up from 858 / 4383). Co-Authored-By: Claude Opus 4.7 (1M context) --- .oagen-manifest.json | 2 +- lib/workos/api_keys.rb | 2 +- lib/workos/audit_logs.rb | 4 +- lib/workos/authorization.rb | 32 +++++++++++---- lib/workos/groups.rb | 2 +- lib/workos/multi_factor_auth.rb | 2 +- lib/workos/organization_domains.rb | 2 +- lib/workos/radar.rb | 4 +- lib/workos/sso.rb | 4 +- lib/workos/user_management.rb | 30 ++++++++------ lib/workos/webhooks.rb | 2 +- test/workos/test_authorization.rb | 61 +++++++++++++++++++++++++++++ test/workos/test_user_management.rb | 32 +++++++++++++++ 13 files changed, 148 insertions(+), 31 deletions(-) diff --git a/.oagen-manifest.json b/.oagen-manifest.json index b769533a..3e22d2d9 100644 --- a/.oagen-manifest.json +++ b/.oagen-manifest.json @@ -1,7 +1,7 @@ { "version": 2, "language": "ruby", - "generatedAt": "2026-04-30T16:49:22.538Z", + "generatedAt": "2026-04-30T17:14:57.030Z", "files": [ "lib/workos.rb", "lib/workos/admin_portal.rb", diff --git a/lib/workos/api_keys.rb b/lib/workos/api_keys.rb index 746f4899..5fb3a995 100644 --- a/lib/workos/api_keys.rb +++ b/lib/workos/api_keys.rb @@ -20,7 +20,7 @@ def create_validation( ) body = { "value" => value - }.compact + } response = @client.request( method: :post, path: "/api_keys/validations", diff --git a/lib/workos/audit_logs.rb b/lib/workos/audit_logs.rb index 7f21d0c7..45226db3 100644 --- a/lib/workos/audit_logs.rb +++ b/lib/workos/audit_logs.rb @@ -41,7 +41,7 @@ def update_organization_audit_logs_retention( ) body = { "retention_period_in_days" => retention_period_in_days - }.compact + } response = @client.request( method: :put, path: "/organizations/#{WorkOS::Util.encode_path(id)}/audit_logs_retention", @@ -189,7 +189,7 @@ def create_event( body = { "organization_id" => organization_id, "event" => event - }.compact + } response = @client.request( method: :post, path: "/audit_logs/events", diff --git a/lib/workos/authorization.rb b/lib/workos/authorization.rb index ace91afd..483aae35 100644 --- a/lib/workos/authorization.rb +++ b/lib/workos/authorization.rb @@ -24,13 +24,15 @@ def check( ) body = { "permission_slug" => permission_slug - }.compact + } case resource_target when WorkOS::ResourceTargetById body["resource_id"] = resource_target.resource_id when WorkOS::ResourceTargetByExternalId body["resource_external_id"] = resource_target.resource_external_id body["resource_type_slug"] = resource_target.resource_type_slug + else + raise ArgumentError, "expected resource_target to be one of: WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId, got #{resource_target.class}" end response = @client.request( method: :post, @@ -77,6 +79,8 @@ def list_resources_for_membership( when WorkOS::ParentResourceByExternalId params["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug params["parent_resource_external_id"] = parent_resource.parent_resource_external_id + else + raise ArgumentError, "expected parent_resource to be one of: WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, got #{parent_resource.class}" end response = @client.request( method: :get, @@ -269,13 +273,15 @@ def assign_role( ) body = { "role_slug" => role_slug - }.compact + } case resource_target when WorkOS::ResourceTargetById body["resource_id"] = resource_target.resource_id when WorkOS::ResourceTargetByExternalId body["resource_external_id"] = resource_target.resource_external_id body["resource_type_slug"] = resource_target.resource_type_slug + else + raise ArgumentError, "expected resource_target to be one of: WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId, got #{resource_target.class}" end response = @client.request( method: :post, @@ -301,17 +307,19 @@ def remove_role( resource_target:, request_options: {} ) - params = {}.compact + params = {} case resource_target when WorkOS::ResourceTargetById params["resource_id"] = resource_target.resource_id when WorkOS::ResourceTargetByExternalId params["resource_external_id"] = resource_target.resource_external_id params["resource_type_slug"] = resource_target.resource_type_slug + else + raise ArgumentError, "expected resource_target to be one of: WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId, got #{resource_target.class}" end body = { "role_slug" => role_slug - }.compact + } @client.request( method: :delete, path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments", @@ -479,7 +487,7 @@ def add_organization_role_permission( ) body = { "slug" => body_slug - }.compact + } response = @client.request( method: :post, path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}/permissions", @@ -506,7 +514,7 @@ def set_organization_role_permissions( ) body = { "permissions" => permissions - }.compact + } response = @client.request( method: :put, path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}/permissions", @@ -594,6 +602,8 @@ def update_resource_by_external_id( when WorkOS::ParentResourceByExternalId body["parent_resource_external_id"] = parent_resource.parent_resource_external_id body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug + else + raise ArgumentError, "expected parent_resource to be one of: WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, got #{parent_resource.class}" end end response = @client.request( @@ -737,6 +747,8 @@ def list_resources( when WorkOS::ParentByExternalId params["parent_resource_type_slug"] = parent.parent_resource_type_slug params["parent_external_id"] = parent.parent_external_id + else + raise ArgumentError, "expected parent to be one of: WorkOS::ParentById, WorkOS::ParentByExternalId, got #{parent.class}" end end response = @client.request( @@ -800,6 +812,8 @@ def create_resource( when WorkOS::ParentResourceByExternalId body["parent_resource_external_id"] = parent_resource.parent_resource_external_id body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug + else + raise ArgumentError, "expected parent_resource to be one of: WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, got #{parent_resource.class}" end end response = @client.request( @@ -858,6 +872,8 @@ def update_resource( when WorkOS::ParentResourceByExternalId body["parent_resource_external_id"] = parent_resource.parent_resource_external_id body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug + else + raise ArgumentError, "expected parent_resource to be one of: WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, got #{parent_resource.class}" end end response = @client.request( @@ -1056,7 +1072,7 @@ def add_environment_role_permission( ) body = { "slug" => body_slug - }.compact + } response = @client.request( method: :post, path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}/permissions", @@ -1081,7 +1097,7 @@ def set_environment_role_permissions( ) body = { "permissions" => permissions - }.compact + } response = @client.request( method: :put, path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}/permissions", diff --git a/lib/workos/groups.rb b/lib/workos/groups.rb index 75d7ddb2..d506e1f9 100644 --- a/lib/workos/groups.rb +++ b/lib/workos/groups.rb @@ -219,7 +219,7 @@ def create_group_organization_membership( ) body = { "organization_membership_id" => organization_membership_id - }.compact + } response = @client.request( method: :post, path: "/organizations/#{WorkOS::Util.encode_path(organization_id)}/groups/#{WorkOS::Util.encode_path(group_id)}/organization-memberships", diff --git a/lib/workos/multi_factor_auth.rb b/lib/workos/multi_factor_auth.rb index 93f2f6ea..59b66850 100644 --- a/lib/workos/multi_factor_auth.rb +++ b/lib/workos/multi_factor_auth.rb @@ -22,7 +22,7 @@ def verify_challenge( ) body = { "code" => code - }.compact + } response = @client.request( method: :post, path: "/auth/challenges/#{WorkOS::Util.encode_path(id)}/verify", diff --git a/lib/workos/organization_domains.rb b/lib/workos/organization_domains.rb index 05f5861f..c0b9970d 100644 --- a/lib/workos/organization_domains.rb +++ b/lib/workos/organization_domains.rb @@ -23,7 +23,7 @@ def create_organization_domain( body = { "domain" => domain, "organization_id" => organization_id - }.compact + } response = @client.request( method: :post, path: "/organization_domains", diff --git a/lib/workos/radar.rb b/lib/workos/radar.rb index 6d0da00a..451f817f 100644 --- a/lib/workos/radar.rb +++ b/lib/workos/radar.rb @@ -91,7 +91,7 @@ def add_list_entry( ) body = { "entry" => entry - }.compact + } response = @client.request( method: :post, path: "/radar/lists/#{WorkOS::Util.encode_path(type)}/#{WorkOS::Util.encode_path(action)}", @@ -118,7 +118,7 @@ def remove_list_entry( ) body = { "entry" => entry - }.compact + } @client.request( method: :delete, path: "/radar/lists/#{WorkOS::Util.encode_path(type)}/#{WorkOS::Util.encode_path(action)}", diff --git a/lib/workos/sso.rb b/lib/workos/sso.rb index 9585b943..6f71c5ed 100644 --- a/lib/workos/sso.rb +++ b/lib/workos/sso.rb @@ -116,7 +116,7 @@ def authorize_logout( ) body = { "profile_id" => profile_id - }.compact + } response = @client.request( method: :post, path: "/sso/logout/authorize", @@ -157,7 +157,7 @@ def get_profile_and_token( "client_id" => request_options[:client_id] || @client.client_id, "client_secret" => request_options[:api_key] || @client.api_key, "code" => code - }.compact + } response = @client.request( method: :post, path: "/sso/token", diff --git a/lib/workos/user_management.rb b/lib/workos/user_management.rb index ba1fe865..d3f51439 100644 --- a/lib/workos/user_management.rb +++ b/lib/workos/user_management.rb @@ -403,7 +403,7 @@ def create_device( ) body = { "client_id" => client_id - }.compact + } response = @client.request( method: :post, path: "/user_management/authorize/device", @@ -450,7 +450,7 @@ def create_cors_origin( ) body = { "origin" => origin - }.compact + } response = @client.request( method: :post, path: "/user_management/cors_origins", @@ -492,7 +492,7 @@ def reset_password( ) body = { "email" => email - }.compact + } response = @client.request( method: :post, path: "/user_management/password_reset", @@ -518,7 +518,7 @@ def confirm_password_reset( body = { "token" => token, "new_password" => new_password - }.compact + } response = @client.request( method: :post, path: "/user_management/password_reset/confirm", @@ -641,6 +641,8 @@ def create_user( when WorkOS::PasswordHashed body["password_hash"] = password.password_hash body["password_hash_type"] = password.password_hash_type + else + raise ArgumentError, "expected password to be one of: WorkOS::PasswordPlaintext, WorkOS::PasswordHashed, got #{password.class}" end end response = @client.request( @@ -733,6 +735,8 @@ def update_user( when WorkOS::PasswordHashed body["password_hash"] = password.password_hash body["password_hash_type"] = password.password_hash_type + else + raise ArgumentError, "expected password to be one of: WorkOS::PasswordPlaintext, WorkOS::PasswordHashed, got #{password.class}" end end response = @client.request( @@ -776,7 +780,7 @@ def confirm_email_change( ) body = { "code" => code - }.compact + } response = @client.request( method: :post, path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_change/confirm", @@ -801,7 +805,7 @@ def send_email_change( ) body = { "new_email" => new_email - }.compact + } response = @client.request( method: :post, path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_change/send", @@ -826,7 +830,7 @@ def verify_email( ) body = { "code" => code - }.compact + } response = @client.request( method: :post, path: "/user_management/users/#{WorkOS::Util.encode_path(id)}/email_verification/confirm", @@ -1124,7 +1128,7 @@ def update_jwt_template( ) body = { "content" => content - }.compact + } response = @client.request( method: :put, path: "/user_management/jwt_template", @@ -1253,13 +1257,15 @@ def create_organization_membership( body = { "user_id" => user_id, "organization_id" => organization_id - }.compact + } if role case role when WorkOS::RoleSingle body["role_slug"] = role.role_slug when WorkOS::RoleMultiple body["role_slugs"] = role.role_slugs + else + raise ArgumentError, "expected role to be one of: WorkOS::RoleSingle, WorkOS::RoleMultiple, got #{role.class}" end end response = @client.request( @@ -1303,13 +1309,15 @@ def update_organization_membership( role: nil, request_options: {} ) - body = {}.compact + body = {} if role case role when WorkOS::RoleSingle body["role_slug"] = role.role_slug when WorkOS::RoleMultiple body["role_slugs"] = role.role_slugs + else + raise ArgumentError, "expected role to be one of: WorkOS::RoleSingle, WorkOS::RoleMultiple, got #{role.class}" end end response = @client.request( @@ -1389,7 +1397,7 @@ def create_redirect_uri( ) body = { "uri" => uri - }.compact + } response = @client.request( method: :post, path: "/user_management/redirect_uris", diff --git a/lib/workos/webhooks.rb b/lib/workos/webhooks.rb index d2303d53..8b86d12c 100644 --- a/lib/workos/webhooks.rb +++ b/lib/workos/webhooks.rb @@ -67,7 +67,7 @@ def create_webhook_endpoint( body = { "endpoint_url" => endpoint_url, "events" => events - }.compact + } response = @client.request( method: :post, path: "/webhook_endpoints", diff --git a/test/workos/test_authorization.rb b/test/workos/test_authorization.rb index 3caba398..ba8819cf 100644 --- a/test/workos/test_authorization.rb +++ b/test/workos/test_authorization.rb @@ -19,6 +19,14 @@ def test_check_returns_expected_result refute_nil result end + def test_check_with_resource_target_by_external_id_returns_expected_result + stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)}) + .with(body: hash_including("permission_slug" => "stub", "resource_external_id" => "stub", "resource_type_slug" => "stub")) + .to_return(body: "{}", status: 200) + result = @client.authorization.check(organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::ResourceTargetByExternalId.new(resource_external_id: "stub", resource_type_slug: "stub")) + refute_nil result + end + def test_list_resources_for_membership_returns_expected_result stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)}) .to_return(body: '{"data": [], "list_metadata": {}}', status: 200) @@ -26,6 +34,13 @@ def test_list_resources_for_membership_returns_expected_result assert_kind_of WorkOS::Types::ListStruct, result end + def test_list_resources_for_membership_with_parent_resource_by_external_id_returns_expected_result + stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)}) + .to_return(body: '{"data": [], "list_metadata": {}}', status: 200) + result = @client.authorization.list_resources_for_membership(organization_membership_id: "stub", permission_slug: "stub", parent_resource: WorkOS::ParentResourceByExternalId.new(parent_resource_type_slug: "stub", parent_resource_external_id: "stub")) + assert_kind_of WorkOS::Types::ListStruct, result + end + def test_list_effective_permissions_returns_expected_result stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources/stub/permissions(\?|\z)}) .to_return(body: '{"data": [], "list_metadata": {}}', status: 200) @@ -55,6 +70,14 @@ def test_assign_role_returns_expected_result refute_nil result end + def test_assign_role_with_resource_target_by_external_id_returns_expected_result + stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}) + .with(body: hash_including("role_slug" => "stub", "resource_external_id" => "stub", "resource_type_slug" => "stub")) + .to_return(body: "{}", status: 200) + result = @client.authorization.assign_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetByExternalId.new(resource_external_id: "stub", resource_type_slug: "stub")) + refute_nil result + end + def test_remove_role_returns_expected_result stub_request(:delete, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}) .to_return(body: "{}", status: 200) @@ -62,6 +85,13 @@ def test_remove_role_returns_expected_result assert_nil result end + def test_remove_role_with_resource_target_by_external_id_returns_expected_result + stub_request(:delete, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}) + .to_return(body: "{}", status: 200) + result = @client.authorization.remove_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetByExternalId.new(resource_external_id: "stub", resource_type_slug: "stub")) + assert_nil result + end + def test_remove_role_assignment_returns_expected_result stub_request(:delete, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments/stub(\?|\z)}) .to_return(body: "{}", status: 200) @@ -140,6 +170,14 @@ def test_update_resource_by_external_id_returns_expected_result refute_nil result end + def test_update_resource_by_external_id_with_parent_resource_by_external_id_returns_expected_result + stub_request(:patch, %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}) + .with(body: hash_including("parent_resource_external_id" => "stub", "parent_resource_type_slug" => "stub")) + .to_return(body: "{}", status: 200) + result = @client.authorization.update_resource_by_external_id(organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::ParentResourceByExternalId.new(parent_resource_external_id: "stub", parent_resource_type_slug: "stub")) + refute_nil result + end + def test_delete_resource_by_external_id_returns_expected_result stub_request(:delete, %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}) .to_return(body: "{}", status: 200) @@ -161,6 +199,13 @@ def test_list_resources_returns_expected_result assert_kind_of WorkOS::Types::ListStruct, result end + def test_list_resources_with_parent_by_external_id_returns_expected_result + stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}) + .to_return(body: '{"data": [], "list_metadata": {}}', status: 200) + result = @client.authorization.list_resources(parent: WorkOS::ParentByExternalId.new(parent_resource_type_slug: "stub", parent_external_id: "stub")) + assert_kind_of WorkOS::Types::ListStruct, result + end + def test_create_resource_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}) .with(body: hash_including("external_id" => "stub", "name" => "stub", "resource_type_slug" => "stub", "organization_id" => "stub", "parent_resource_id" => "stub")) @@ -169,6 +214,14 @@ def test_create_resource_returns_expected_result refute_nil result end + def test_create_resource_with_parent_resource_by_external_id_returns_expected_result + stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}) + .with(body: hash_including("external_id" => "stub", "name" => "stub", "resource_type_slug" => "stub", "organization_id" => "stub", "parent_resource_external_id" => "stub", "parent_resource_type_slug" => "stub")) + .to_return(body: "{}", status: 200) + result = @client.authorization.create_resource(external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub", parent_resource: WorkOS::ParentResourceByExternalId.new(parent_resource_external_id: "stub", parent_resource_type_slug: "stub")) + refute_nil result + end + def test_get_resource_returns_expected_result stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}) .to_return(body: "{}", status: 200) @@ -184,6 +237,14 @@ def test_update_resource_returns_expected_result refute_nil result end + def test_update_resource_with_parent_resource_by_external_id_returns_expected_result + stub_request(:patch, %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}) + .with(body: hash_including("parent_resource_external_id" => "stub", "parent_resource_type_slug" => "stub")) + .to_return(body: "{}", status: 200) + result = @client.authorization.update_resource(resource_id: "stub", parent_resource: WorkOS::ParentResourceByExternalId.new(parent_resource_external_id: "stub", parent_resource_type_slug: "stub")) + refute_nil result + end + def test_delete_resource_returns_expected_result stub_request(:delete, %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}) .to_return(body: "{}", status: 200) diff --git a/test/workos/test_user_management.rb b/test/workos/test_user_management.rb index 4ad10ce2..20d565c5 100644 --- a/test/workos/test_user_management.rb +++ b/test/workos/test_user_management.rb @@ -209,6 +209,14 @@ def test_create_user_returns_expected_result refute_nil result end + def test_create_user_with_password_hashed_returns_expected_result + stub_request(:post, %r{\Ahttps://api\.workos\.com/user_management/users(\?|\z)}) + .with(body: hash_including("email" => "stub", "password_hash" => "stub", "password_hash_type" => "stub")) + .to_return(body: "{}", status: 200) + result = @client.user_management.create_user(email: "stub", password: WorkOS::PasswordHashed.new(password_hash: "stub", password_hash_type: "stub")) + refute_nil result + end + def test_get_user_by_external_id_returns_expected_result stub_request(:get, %r{\Ahttps://api\.workos\.com/user_management/users/external_id/stub(\?|\z)}) .to_return(body: "{}", status: 200) @@ -231,6 +239,14 @@ def test_update_user_returns_expected_result refute_nil result end + def test_update_user_with_password_hashed_returns_expected_result + stub_request(:put, %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}) + .with(body: hash_including("password_hash" => "stub", "password_hash_type" => "stub")) + .to_return(body: "{}", status: 200) + result = @client.user_management.update_user(id: "stub", password: WorkOS::PasswordHashed.new(password_hash: "stub", password_hash_type: "stub")) + refute_nil result + end + def test_delete_user_returns_expected_result stub_request(:delete, %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}) .to_return(body: "{}", status: 200) @@ -365,6 +381,14 @@ def test_create_organization_membership_returns_expected_result refute_nil result end + def test_create_organization_membership_with_role_multiple_returns_expected_result + stub_request(:post, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships(\?|\z)}) + .with(body: hash_including("user_id" => "stub", "organization_id" => "stub", "role_slugs" => "stub")) + .to_return(body: "{}", status: 200) + result = @client.user_management.create_organization_membership(user_id: "stub", organization_id: "stub", role: WorkOS::RoleMultiple.new(role_slugs: "stub")) + refute_nil result + end + def test_get_organization_membership_returns_expected_result stub_request(:get, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}) .to_return(body: "{}", status: 200) @@ -380,6 +404,14 @@ def test_update_organization_membership_returns_expected_result refute_nil result end + def test_update_organization_membership_with_role_multiple_returns_expected_result + stub_request(:put, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}) + .with(body: hash_including("role_slugs" => "stub")) + .to_return(body: "{}", status: 200) + result = @client.user_management.update_organization_membership(id: "stub", role: WorkOS::RoleMultiple.new(role_slugs: "stub")) + refute_nil result + end + def test_delete_organization_membership_returns_expected_result stub_request(:delete, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}) .to_return(body: "{}", status: 200) From 769a617054ad37c41fcb2a5d8f56249c87af206c Mon Sep 17 00:00:00 2001 From: "Garen J. Torikian" Date: Thu, 30 Apr 2026 13:30:33 -0400 Subject: [PATCH 6/7] fix(ruby): scope parameter-group variant classes under resource modules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Regenerated against workos/oagen-emitters@65932a5: variant classes now live inside their owning resource class instead of at WorkOS top level — matching how Python exposes them under `workos.`: Before After WorkOS::PasswordPlaintext → WorkOS::UserManagement::PasswordPlaintext WorkOS::PasswordHashed → WorkOS::UserManagement::PasswordHashed WorkOS::RoleSingle → WorkOS::UserManagement::RoleSingle WorkOS::RoleMultiple → WorkOS::UserManagement::RoleMultiple WorkOS::ResourceTargetById → WorkOS::Authorization::ResourceTargetById WorkOS::ResourceTargetByExternalId → WorkOS::Authorization::ResourceTargetByExternalId WorkOS::ParentById → WorkOS::Authorization::ParentById WorkOS::ParentByExternalId → WorkOS::Authorization::ParentByExternalId WorkOS::ParentResourceById → WorkOS::Authorization::ParentResourceById WorkOS::ParentResourceByExternalId → WorkOS::Authorization::ParentResourceByExternalId 20 separate top-level files (10 .rb + 10 .rbi) are deleted; their contents now appear as inline `Data.define` constants and inline RBI class blocks at the top of `lib/workos/.rb` and `rbi/workos/.rbi`. Inline placement is required by Zeitwerk: `lib/workos.rb` calls `loader.collapse("workos/")`, which flattens subdirectories so a separate file at `lib/workos/user_management/password_plaintext.rb` would still resolve to `WorkOS::PasswordPlaintext` (the very name we're trying to move away from). Defining the constants directly inside the already-existing `class UserManagement` body sidesteps the collapse and matches Python's per-resource layout. bundle exec rake test: 870 runs / 4395 assertions / 0 failures. This is breaking on top of the parameter-group refactor in 5d4fe45 — that one moved callers from hashes to typed variant classes; this one moves the same classes from `WorkOS::Foo` to `WorkOS::Service::Foo`. Both are part of the same major-version cut. Co-Authored-By: Claude Opus 4.7 (1M context) --- .oagen-manifest.json | 22 +--- lib/workos/authorization.rb | 106 ++++++++++++------ lib/workos/parent_by_external_id.rb | 13 --- lib/workos/parent_by_id.rb | 11 -- lib/workos/parent_resource_by_external_id.rb | 13 --- lib/workos/parent_resource_by_id.rb | 11 -- lib/workos/password_hashed.rb | 13 --- lib/workos/password_plaintext.rb | 11 -- lib/workos/resource_target_by_external_id.rb | 13 --- lib/workos/resource_target_by_id.rb | 11 -- lib/workos/role_multiple.rb | 11 -- lib/workos/role_single.rb | 11 -- lib/workos/user_management.rb | 58 +++++++--- rbi/workos/authorization.rbi | 100 +++++++++++++++-- rbi/workos/parent_by_external_id.rbi | 23 ---- rbi/workos/parent_by_id.rbi | 19 ---- rbi/workos/parent_resource_by_external_id.rbi | 23 ---- rbi/workos/parent_resource_by_id.rbi | 19 ---- rbi/workos/password_hashed.rbi | 23 ---- rbi/workos/password_plaintext.rbi | 19 ---- rbi/workos/resource_target_by_external_id.rbi | 23 ---- rbi/workos/resource_target_by_id.rbi | 19 ---- rbi/workos/role_multiple.rbi | 19 ---- rbi/workos/role_single.rbi | 19 ---- rbi/workos/user_management.rbi | 60 +++++++++- test/workos/test_authorization.rb | 48 ++++---- test/workos/test_user_management.rb | 24 ++-- 27 files changed, 301 insertions(+), 441 deletions(-) delete mode 100644 lib/workos/parent_by_external_id.rb delete mode 100644 lib/workos/parent_by_id.rb delete mode 100644 lib/workos/parent_resource_by_external_id.rb delete mode 100644 lib/workos/parent_resource_by_id.rb delete mode 100644 lib/workos/password_hashed.rb delete mode 100644 lib/workos/password_plaintext.rb delete mode 100644 lib/workos/resource_target_by_external_id.rb delete mode 100644 lib/workos/resource_target_by_id.rb delete mode 100644 lib/workos/role_multiple.rb delete mode 100644 lib/workos/role_single.rb delete mode 100644 rbi/workos/parent_by_external_id.rbi delete mode 100644 rbi/workos/parent_by_id.rbi delete mode 100644 rbi/workos/parent_resource_by_external_id.rbi delete mode 100644 rbi/workos/parent_resource_by_id.rbi delete mode 100644 rbi/workos/password_hashed.rbi delete mode 100644 rbi/workos/password_plaintext.rbi delete mode 100644 rbi/workos/resource_target_by_external_id.rbi delete mode 100644 rbi/workos/resource_target_by_id.rbi delete mode 100644 rbi/workos/role_multiple.rbi delete mode 100644 rbi/workos/role_single.rbi diff --git a/.oagen-manifest.json b/.oagen-manifest.json index 3e22d2d9..cff2bea5 100644 --- a/.oagen-manifest.json +++ b/.oagen-manifest.json @@ -1,7 +1,7 @@ { "version": 2, "language": "ruby", - "generatedAt": "2026-04-30T17:14:57.030Z", + "generatedAt": "2026-04-30T17:29:07.149Z", "files": [ "lib/workos.rb", "lib/workos/admin_portal.rb", @@ -225,12 +225,6 @@ "lib/workos/organizations/organization_updated_data_domain.rb", "lib/workos/organizations/update_audit_logs_retention.rb", "lib/workos/organizations/update_organization.rb", - "lib/workos/parent_by_external_id.rb", - "lib/workos/parent_by_id.rb", - "lib/workos/parent_resource_by_external_id.rb", - "lib/workos/parent_resource_by_id.rb", - "lib/workos/password_hashed.rb", - "lib/workos/password_plaintext.rb", "lib/workos/pipes.rb", "lib/workos/pipes/connected_account.rb", "lib/workos/pipes/data_integration_access_token_response.rb", @@ -248,10 +242,6 @@ "lib/workos/radar/radar_standalone_response.rb", "lib/workos/radar/radar_standalone_update_radar_attempt_request.rb", "lib/workos/radar/radar_standalone_update_radar_list_request.rb", - "lib/workos/resource_target_by_external_id.rb", - "lib/workos/resource_target_by_id.rb", - "lib/workos/role_multiple.rb", - "lib/workos/role_single.rb", "lib/workos/shared/event_context.rb", "lib/workos/shared/event_context_actor.rb", "lib/workos/shared/event_context_google_analytics_session.rb", @@ -906,12 +896,6 @@ "rbi/workos/organization_updated_data.rbi", "rbi/workos/organization_updated_data_domain.rbi", "rbi/workos/organizations.rbi", - "rbi/workos/parent_by_external_id.rbi", - "rbi/workos/parent_by_id.rbi", - "rbi/workos/parent_resource_by_external_id.rbi", - "rbi/workos/parent_resource_by_id.rbi", - "rbi/workos/password_hashed.rbi", - "rbi/workos/password_plaintext.rbi", "rbi/workos/password_reset.rbi", "rbi/workos/password_reset_created.rbi", "rbi/workos/password_reset_created_data.rbi", @@ -941,8 +925,6 @@ "rbi/workos/remove_role.rbi", "rbi/workos/resend_user_invite_options.rbi", "rbi/workos/reset_password_response.rbi", - "rbi/workos/resource_target_by_external_id.rbi", - "rbi/workos/resource_target_by_id.rbi", "rbi/workos/revoke_session.rbi", "rbi/workos/role.rbi", "rbi/workos/role_assignment.rbi", @@ -952,8 +934,6 @@ "rbi/workos/role_deleted.rbi", "rbi/workos/role_deleted_data.rbi", "rbi/workos/role_list.rbi", - "rbi/workos/role_multiple.rbi", - "rbi/workos/role_single.rbi", "rbi/workos/role_updated.rbi", "rbi/workos/role_updated_data.rbi", "rbi/workos/send_email_change.rbi", diff --git a/lib/workos/authorization.rb b/lib/workos/authorization.rb index 483aae35..fcdc09aa 100644 --- a/lib/workos/authorization.rb +++ b/lib/workos/authorization.rb @@ -6,6 +6,48 @@ module WorkOS class Authorization + # Identifies the resource target (by id variant). + # + # @!attribute [r] resource_id + # @return [String] + ResourceTargetById = Data.define(:resource_id) + + # Identifies the resource target (by external id variant). + # + # @!attribute [r] resource_external_id + # @return [String] + # @!attribute [r] resource_type_slug + # @return [String] + ResourceTargetByExternalId = Data.define(:resource_external_id, :resource_type_slug) + + # Identifies the parent resource (by id variant). + # + # @!attribute [r] parent_resource_id + # @return [String] + ParentResourceById = Data.define(:parent_resource_id) + + # Identifies the parent resource (by external id variant). + # + # @!attribute [r] parent_resource_type_slug + # @return [String] + # @!attribute [r] parent_resource_external_id + # @return [String] + ParentResourceByExternalId = Data.define(:parent_resource_type_slug, :parent_resource_external_id) + + # Identifies the parent (by id variant). + # + # @!attribute [r] parent_resource_id + # @return [String] + ParentById = Data.define(:parent_resource_id) + + # Identifies the parent (by external id variant). + # + # @!attribute [r] parent_resource_type_slug + # @return [String] + # @!attribute [r] parent_external_id + # @return [String] + ParentByExternalId = Data.define(:parent_resource_type_slug, :parent_external_id) + def initialize(client) @client = client end @@ -13,7 +55,7 @@ def initialize(client) # Check authorization # @param organization_membership_id [String] The ID of the organization membership to check. # @param permission_slug [String] The slug of the permission to check. - # @param resource_target [WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId] Identifies the resource target. + # @param resource_target [WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId] Identifies the resource target. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::AuthorizationCheck] def check( @@ -26,13 +68,13 @@ def check( "permission_slug" => permission_slug } case resource_target - when WorkOS::ResourceTargetById + when WorkOS::Authorization::ResourceTargetById body["resource_id"] = resource_target.resource_id - when WorkOS::ResourceTargetByExternalId + when WorkOS::Authorization::ResourceTargetByExternalId body["resource_external_id"] = resource_target.resource_external_id body["resource_type_slug"] = resource_target.resource_type_slug else - raise ArgumentError, "expected resource_target to be one of: WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId, got #{resource_target.class}" + raise ArgumentError, "expected resource_target to be one of: WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId, got #{resource_target.class}" end response = @client.request( method: :post, @@ -53,7 +95,7 @@ def check( # @param limit [Integer, nil] Upper limit on the number of objects to return, between `1` and `100`. # @param order [WorkOS::Types::AuthorizationOrder, nil] Order the results by the creation time. Supported values are `"asc"` (ascending), `"desc"` (descending), and `"normal"` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending. # @param permission_slug [String] The permission slug to filter by. Only child resources where the organization membership has this permission are returned. - # @param parent_resource [WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId] Identifies the parent resource. + # @param parent_resource [WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId] Identifies the parent resource. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::Types::ListStruct] def list_resources_for_membership( @@ -74,13 +116,13 @@ def list_resources_for_membership( "permission_slug" => permission_slug }.compact case parent_resource - when WorkOS::ParentResourceById + when WorkOS::Authorization::ParentResourceById params["parent_resource_id"] = parent_resource.parent_resource_id - when WorkOS::ParentResourceByExternalId + when WorkOS::Authorization::ParentResourceByExternalId params["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug params["parent_resource_external_id"] = parent_resource.parent_resource_external_id else - raise ArgumentError, "expected parent_resource to be one of: WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, got #{parent_resource.class}" + raise ArgumentError, "expected parent_resource to be one of: WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, got #{parent_resource.class}" end response = @client.request( method: :get, @@ -262,7 +304,7 @@ def list_role_assignments( # Assign a role # @param organization_membership_id [String] The ID of the organization membership. # @param role_slug [String] The slug of the role to assign. - # @param resource_target [WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId] Identifies the resource target. + # @param resource_target [WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId] Identifies the resource target. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::RoleAssignment] def assign_role( @@ -275,13 +317,13 @@ def assign_role( "role_slug" => role_slug } case resource_target - when WorkOS::ResourceTargetById + when WorkOS::Authorization::ResourceTargetById body["resource_id"] = resource_target.resource_id - when WorkOS::ResourceTargetByExternalId + when WorkOS::Authorization::ResourceTargetByExternalId body["resource_external_id"] = resource_target.resource_external_id body["resource_type_slug"] = resource_target.resource_type_slug else - raise ArgumentError, "expected resource_target to be one of: WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId, got #{resource_target.class}" + raise ArgumentError, "expected resource_target to be one of: WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId, got #{resource_target.class}" end response = @client.request( method: :post, @@ -298,7 +340,7 @@ def assign_role( # Remove a role assignment # @param organization_membership_id [String] The ID of the organization membership. # @param role_slug [String] The slug of the role to remove. - # @param resource_target [WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId] Identifies the resource target. + # @param resource_target [WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId] Identifies the resource target. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [void] def remove_role( @@ -309,13 +351,13 @@ def remove_role( ) params = {} case resource_target - when WorkOS::ResourceTargetById + when WorkOS::Authorization::ResourceTargetById params["resource_id"] = resource_target.resource_id - when WorkOS::ResourceTargetByExternalId + when WorkOS::Authorization::ResourceTargetByExternalId params["resource_external_id"] = resource_target.resource_external_id params["resource_type_slug"] = resource_target.resource_type_slug else - raise ArgumentError, "expected resource_target to be one of: WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId, got #{resource_target.class}" + raise ArgumentError, "expected resource_target to be one of: WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId, got #{resource_target.class}" end body = { "role_slug" => role_slug @@ -579,7 +621,7 @@ def get_resource_by_external_id( # @param external_id [String] An identifier you provide to reference the resource in your system. # @param name [String, nil] A display name for the resource. # @param description [String, nil] An optional description of the resource. - # @param parent_resource [WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, nil] Identifies the parent resource. + # @param parent_resource [WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, nil] Identifies the parent resource. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::AuthorizationResource] def update_resource_by_external_id( @@ -597,13 +639,13 @@ def update_resource_by_external_id( }.compact if parent_resource case parent_resource - when WorkOS::ParentResourceById + when WorkOS::Authorization::ParentResourceById body["parent_resource_id"] = parent_resource.parent_resource_id - when WorkOS::ParentResourceByExternalId + when WorkOS::Authorization::ParentResourceByExternalId body["parent_resource_external_id"] = parent_resource.parent_resource_external_id body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug else - raise ArgumentError, "expected parent_resource to be one of: WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, got #{parent_resource.class}" + raise ArgumentError, "expected parent_resource to be one of: WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, got #{parent_resource.class}" end end response = @client.request( @@ -715,7 +757,7 @@ def list_memberships_for_resource_by_external_id( # @param resource_type_slug [String, nil] Filter resources by resource type slug. # @param resource_external_id [String, nil] Filter resources by external ID. # @param search [String, nil] Search resources by name. - # @param parent [WorkOS::ParentById, WorkOS::ParentByExternalId, nil] Identifies the parent. + # @param parent [WorkOS::Authorization::ParentById, WorkOS::Authorization::ParentByExternalId, nil] Identifies the parent. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::Types::ListStruct] def list_resources( @@ -742,13 +784,13 @@ def list_resources( }.compact if parent case parent - when WorkOS::ParentById + when WorkOS::Authorization::ParentById params["parent_resource_id"] = parent.parent_resource_id - when WorkOS::ParentByExternalId + when WorkOS::Authorization::ParentByExternalId params["parent_resource_type_slug"] = parent.parent_resource_type_slug params["parent_external_id"] = parent.parent_external_id else - raise ArgumentError, "expected parent to be one of: WorkOS::ParentById, WorkOS::ParentByExternalId, got #{parent.class}" + raise ArgumentError, "expected parent to be one of: WorkOS::Authorization::ParentById, WorkOS::Authorization::ParentByExternalId, got #{parent.class}" end end response = @client.request( @@ -786,7 +828,7 @@ def list_resources( # @param description [String, nil] An optional description of the resource. # @param resource_type_slug [String] The slug of the resource type. # @param organization_id [String] The ID of the organization this resource belongs to. - # @param parent_resource [WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, nil] Identifies the parent resource. + # @param parent_resource [WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, nil] Identifies the parent resource. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::AuthorizationResource] def create_resource( @@ -807,13 +849,13 @@ def create_resource( }.compact if parent_resource case parent_resource - when WorkOS::ParentResourceById + when WorkOS::Authorization::ParentResourceById body["parent_resource_id"] = parent_resource.parent_resource_id - when WorkOS::ParentResourceByExternalId + when WorkOS::Authorization::ParentResourceByExternalId body["parent_resource_external_id"] = parent_resource.parent_resource_external_id body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug else - raise ArgumentError, "expected parent_resource to be one of: WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, got #{parent_resource.class}" + raise ArgumentError, "expected parent_resource to be one of: WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, got #{parent_resource.class}" end end response = @client.request( @@ -851,7 +893,7 @@ def get_resource( # @param resource_id [String] The ID of the authorization resource. # @param name [String, nil] A display name for the resource. # @param description [String, nil] An optional description of the resource. - # @param parent_resource [WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, nil] Identifies the parent resource. + # @param parent_resource [WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, nil] Identifies the parent resource. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::AuthorizationResource] def update_resource( @@ -867,13 +909,13 @@ def update_resource( }.compact if parent_resource case parent_resource - when WorkOS::ParentResourceById + when WorkOS::Authorization::ParentResourceById body["parent_resource_id"] = parent_resource.parent_resource_id - when WorkOS::ParentResourceByExternalId + when WorkOS::Authorization::ParentResourceByExternalId body["parent_resource_external_id"] = parent_resource.parent_resource_external_id body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug else - raise ArgumentError, "expected parent_resource to be one of: WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId, got #{parent_resource.class}" + raise ArgumentError, "expected parent_resource to be one of: WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, got #{parent_resource.class}" end end response = @client.request( diff --git a/lib/workos/parent_by_external_id.rb b/lib/workos/parent_by_external_id.rb deleted file mode 100644 index ef800bdc..00000000 --- a/lib/workos/parent_by_external_id.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -module WorkOS - # Identifies the parent (by external id variant). - # - # @!attribute [r] parent_resource_type_slug - # @return [String] - # @!attribute [r] parent_external_id - # @return [String] - ParentByExternalId = Data.define(:parent_resource_type_slug, :parent_external_id) -end diff --git a/lib/workos/parent_by_id.rb b/lib/workos/parent_by_id.rb deleted file mode 100644 index 9d7c42d2..00000000 --- a/lib/workos/parent_by_id.rb +++ /dev/null @@ -1,11 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -module WorkOS - # Identifies the parent (by id variant). - # - # @!attribute [r] parent_resource_id - # @return [String] - ParentById = Data.define(:parent_resource_id) -end diff --git a/lib/workos/parent_resource_by_external_id.rb b/lib/workos/parent_resource_by_external_id.rb deleted file mode 100644 index 2eb73f6a..00000000 --- a/lib/workos/parent_resource_by_external_id.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -module WorkOS - # Identifies the parent resource (by external id variant). - # - # @!attribute [r] parent_resource_type_slug - # @return [String] - # @!attribute [r] parent_resource_external_id - # @return [String] - ParentResourceByExternalId = Data.define(:parent_resource_type_slug, :parent_resource_external_id) -end diff --git a/lib/workos/parent_resource_by_id.rb b/lib/workos/parent_resource_by_id.rb deleted file mode 100644 index 96bb35ca..00000000 --- a/lib/workos/parent_resource_by_id.rb +++ /dev/null @@ -1,11 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -module WorkOS - # Identifies the parent resource (by id variant). - # - # @!attribute [r] parent_resource_id - # @return [String] - ParentResourceById = Data.define(:parent_resource_id) -end diff --git a/lib/workos/password_hashed.rb b/lib/workos/password_hashed.rb deleted file mode 100644 index d68dd0ad..00000000 --- a/lib/workos/password_hashed.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -module WorkOS - # Identifies the password (hashed variant). - # - # @!attribute [r] password_hash - # @return [String] - # @!attribute [r] password_hash_type - # @return [WorkOS::Types::CreateUserPasswordHashType] - PasswordHashed = Data.define(:password_hash, :password_hash_type) -end diff --git a/lib/workos/password_plaintext.rb b/lib/workos/password_plaintext.rb deleted file mode 100644 index 4cd64b34..00000000 --- a/lib/workos/password_plaintext.rb +++ /dev/null @@ -1,11 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -module WorkOS - # Identifies the password (plaintext variant). - # - # @!attribute [r] password - # @return [String] - PasswordPlaintext = Data.define(:password) -end diff --git a/lib/workos/resource_target_by_external_id.rb b/lib/workos/resource_target_by_external_id.rb deleted file mode 100644 index bd10dda2..00000000 --- a/lib/workos/resource_target_by_external_id.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -module WorkOS - # Identifies the resource target (by external id variant). - # - # @!attribute [r] resource_external_id - # @return [String] - # @!attribute [r] resource_type_slug - # @return [String] - ResourceTargetByExternalId = Data.define(:resource_external_id, :resource_type_slug) -end diff --git a/lib/workos/resource_target_by_id.rb b/lib/workos/resource_target_by_id.rb deleted file mode 100644 index 624a7eb8..00000000 --- a/lib/workos/resource_target_by_id.rb +++ /dev/null @@ -1,11 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -module WorkOS - # Identifies the resource target (by id variant). - # - # @!attribute [r] resource_id - # @return [String] - ResourceTargetById = Data.define(:resource_id) -end diff --git a/lib/workos/role_multiple.rb b/lib/workos/role_multiple.rb deleted file mode 100644 index e4453202..00000000 --- a/lib/workos/role_multiple.rb +++ /dev/null @@ -1,11 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -module WorkOS - # Identifies the role (multiple variant). - # - # @!attribute [r] role_slugs - # @return [Array] - RoleMultiple = Data.define(:role_slugs) -end diff --git a/lib/workos/role_single.rb b/lib/workos/role_single.rb deleted file mode 100644 index aef3185e..00000000 --- a/lib/workos/role_single.rb +++ /dev/null @@ -1,11 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -module WorkOS - # Identifies the role (single variant). - # - # @!attribute [r] role_slug - # @return [String] - RoleSingle = Data.define(:role_slug) -end diff --git a/lib/workos/user_management.rb b/lib/workos/user_management.rb index d3f51439..b76145fa 100644 --- a/lib/workos/user_management.rb +++ b/lib/workos/user_management.rb @@ -6,6 +6,32 @@ module WorkOS class UserManagement + # Identifies the password (plaintext variant). + # + # @!attribute [r] password + # @return [String] + PasswordPlaintext = Data.define(:password) + + # Identifies the password (hashed variant). + # + # @!attribute [r] password_hash + # @return [String] + # @!attribute [r] password_hash_type + # @return [WorkOS::Types::CreateUserPasswordHashType] + PasswordHashed = Data.define(:password_hash, :password_hash_type) + + # Identifies the role (single variant). + # + # @!attribute [r] role_slug + # @return [String] + RoleSingle = Data.define(:role_slug) + + # Identifies the role (multiple variant). + # + # @!attribute [r] role_slugs + # @return [Array] + RoleMultiple = Data.define(:role_slugs) + def initialize(client) @client = client end @@ -613,7 +639,7 @@ def list_users( # @param email_verified [Boolean, nil] Whether the user's email has been verified. # @param metadata [Hash{String => String}, nil] Object containing metadata key/value pairs associated with the user. # @param external_id [String, nil] The external ID of the user. - # @param password [WorkOS::PasswordPlaintext, WorkOS::PasswordHashed, nil] Identifies the password. + # @param password [WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed, nil] Identifies the password. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::User] def create_user( @@ -636,13 +662,13 @@ def create_user( }.compact if password case password - when WorkOS::PasswordPlaintext + when WorkOS::UserManagement::PasswordPlaintext body["password"] = password.password - when WorkOS::PasswordHashed + when WorkOS::UserManagement::PasswordHashed body["password_hash"] = password.password_hash body["password_hash_type"] = password.password_hash_type else - raise ArgumentError, "expected password to be one of: WorkOS::PasswordPlaintext, WorkOS::PasswordHashed, got #{password.class}" + raise ArgumentError, "expected password to be one of: WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed, got #{password.class}" end end response = @client.request( @@ -704,7 +730,7 @@ def get_user( # @param metadata [Hash{String => String}, nil] Object containing metadata key/value pairs associated with the user. # @param external_id [String, nil] The external ID of the user. # @param locale [String, nil] The user's preferred locale. - # @param password [WorkOS::PasswordPlaintext, WorkOS::PasswordHashed, nil] Identifies the password. + # @param password [WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed, nil] Identifies the password. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::User] def update_user( @@ -730,13 +756,13 @@ def update_user( }.compact if password case password - when WorkOS::PasswordPlaintext + when WorkOS::UserManagement::PasswordPlaintext body["password"] = password.password - when WorkOS::PasswordHashed + when WorkOS::UserManagement::PasswordHashed body["password_hash"] = password.password_hash body["password_hash_type"] = password.password_hash_type else - raise ArgumentError, "expected password to be one of: WorkOS::PasswordPlaintext, WorkOS::PasswordHashed, got #{password.class}" + raise ArgumentError, "expected password to be one of: WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed, got #{password.class}" end end response = @client.request( @@ -1245,7 +1271,7 @@ def list_organization_memberships( # Create an organization membership # @param user_id [String] The ID of the [user](https://workos.com/docs/reference/authkit/user). # @param organization_id [String] The ID of the [organization](https://workos.com/docs/reference/organization) which the user belongs to. - # @param role [WorkOS::RoleSingle, WorkOS::RoleMultiple, nil] Identifies the role. + # @param role [WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple, nil] Identifies the role. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::OrganizationMembership] def create_organization_membership( @@ -1260,12 +1286,12 @@ def create_organization_membership( } if role case role - when WorkOS::RoleSingle + when WorkOS::UserManagement::RoleSingle body["role_slug"] = role.role_slug - when WorkOS::RoleMultiple + when WorkOS::UserManagement::RoleMultiple body["role_slugs"] = role.role_slugs else - raise ArgumentError, "expected role to be one of: WorkOS::RoleSingle, WorkOS::RoleMultiple, got #{role.class}" + raise ArgumentError, "expected role to be one of: WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple, got #{role.class}" end end response = @client.request( @@ -1301,7 +1327,7 @@ def get_organization_membership( # Update an organization membership # @param id [String] The unique ID of the organization membership. - # @param role [WorkOS::RoleSingle, WorkOS::RoleMultiple, nil] Identifies the role. + # @param role [WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple, nil] Identifies the role. # @param request_options [Hash] (see WorkOS::Types::RequestOptions) # @return [WorkOS::UserOrganizationMembership] def update_organization_membership( @@ -1312,12 +1338,12 @@ def update_organization_membership( body = {} if role case role - when WorkOS::RoleSingle + when WorkOS::UserManagement::RoleSingle body["role_slug"] = role.role_slug - when WorkOS::RoleMultiple + when WorkOS::UserManagement::RoleMultiple body["role_slugs"] = role.role_slugs else - raise ArgumentError, "expected role to be one of: WorkOS::RoleSingle, WorkOS::RoleMultiple, got #{role.class}" + raise ArgumentError, "expected role to be one of: WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple, got #{role.class}" end end response = @client.request( diff --git a/rbi/workos/authorization.rbi b/rbi/workos/authorization.rbi index 719a2138..5e4eea64 100644 --- a/rbi/workos/authorization.rbi +++ b/rbi/workos/authorization.rbi @@ -6,6 +6,90 @@ module WorkOS class Authorization + class ResourceTargetById + sig { returns(String) } + def resource_id; end + + sig do + params( + resource_id: String + ).returns(WorkOS::Authorization::ResourceTargetById) + end + def self.new(resource_id:); end + end + + class ResourceTargetByExternalId + sig { returns(String) } + def resource_external_id; end + + sig { returns(String) } + def resource_type_slug; end + + sig do + params( + resource_external_id: String, + resource_type_slug: String + ).returns(WorkOS::Authorization::ResourceTargetByExternalId) + end + def self.new(resource_external_id:, resource_type_slug:); end + end + + class ParentResourceById + sig { returns(String) } + def parent_resource_id; end + + sig do + params( + parent_resource_id: String + ).returns(WorkOS::Authorization::ParentResourceById) + end + def self.new(parent_resource_id:); end + end + + class ParentResourceByExternalId + sig { returns(String) } + def parent_resource_type_slug; end + + sig { returns(String) } + def parent_resource_external_id; end + + sig do + params( + parent_resource_type_slug: String, + parent_resource_external_id: String + ).returns(WorkOS::Authorization::ParentResourceByExternalId) + end + def self.new(parent_resource_type_slug:, parent_resource_external_id:); end + end + + class ParentById + sig { returns(String) } + def parent_resource_id; end + + sig do + params( + parent_resource_id: String + ).returns(WorkOS::Authorization::ParentById) + end + def self.new(parent_resource_id:); end + end + + class ParentByExternalId + sig { returns(String) } + def parent_resource_type_slug; end + + sig { returns(String) } + def parent_external_id; end + + sig do + params( + parent_resource_type_slug: String, + parent_external_id: String + ).returns(WorkOS::Authorization::ParentByExternalId) + end + def self.new(parent_resource_type_slug:, parent_external_id:); end + end + sig { params(client: WorkOS::BaseClient).void } def initialize(client); end @@ -13,7 +97,7 @@ module WorkOS params( organization_membership_id: String, permission_slug: String, - resource_target: T.any(WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId), + resource_target: T.any(WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::AuthorizationCheck) end @@ -23,7 +107,7 @@ module WorkOS params( organization_membership_id: String, permission_slug: String, - parent_resource: T.any(WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId), + parent_resource: T.any(WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId), before: T.nilable(String), after: T.nilable(String), limit: T.nilable(Integer), @@ -76,7 +160,7 @@ module WorkOS params( organization_membership_id: String, role_slug: String, - resource_target: T.any(WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId), + resource_target: T.any(WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::RoleAssignment) end @@ -86,7 +170,7 @@ module WorkOS params( organization_membership_id: String, role_slug: String, - resource_target: T.any(WorkOS::ResourceTargetById, WorkOS::ResourceTargetByExternalId), + resource_target: T.any(WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId), request_options: T::Hash[Symbol, T.untyped] ).returns(NilClass) end @@ -196,7 +280,7 @@ module WorkOS external_id: String, name: T.nilable(String), description: T.nilable(String), - parent_resource: T.nilable(T.any(WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId)), + parent_resource: T.nilable(T.any(WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::AuthorizationResource) end @@ -239,7 +323,7 @@ module WorkOS resource_type_slug: T.nilable(String), resource_external_id: T.nilable(String), search: T.nilable(String), - parent: T.nilable(T.any(WorkOS::ParentById, WorkOS::ParentByExternalId)), + parent: T.nilable(T.any(WorkOS::Authorization::ParentById, WorkOS::Authorization::ParentByExternalId)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::Types::ListStruct) end @@ -252,7 +336,7 @@ module WorkOS resource_type_slug: String, organization_id: String, description: T.nilable(String), - parent_resource: T.nilable(T.any(WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId)), + parent_resource: T.nilable(T.any(WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::AuthorizationResource) end @@ -271,7 +355,7 @@ module WorkOS resource_id: String, name: T.nilable(String), description: T.nilable(String), - parent_resource: T.nilable(T.any(WorkOS::ParentResourceById, WorkOS::ParentResourceByExternalId)), + parent_resource: T.nilable(T.any(WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::AuthorizationResource) end diff --git a/rbi/workos/parent_by_external_id.rbi b/rbi/workos/parent_by_external_id.rbi deleted file mode 100644 index 07e6a912..00000000 --- a/rbi/workos/parent_by_external_id.rbi +++ /dev/null @@ -1,23 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -# typed: strong - -module WorkOS - class ParentByExternalId - sig { returns(String) } - def parent_resource_type_slug; end - - sig { returns(String) } - def parent_external_id; end - - sig do - params( - parent_resource_type_slug: String, - parent_external_id: String - ).returns(WorkOS::ParentByExternalId) - end - def self.new(parent_resource_type_slug:, parent_external_id:); end - end -end diff --git a/rbi/workos/parent_by_id.rbi b/rbi/workos/parent_by_id.rbi deleted file mode 100644 index d5787e96..00000000 --- a/rbi/workos/parent_by_id.rbi +++ /dev/null @@ -1,19 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -# typed: strong - -module WorkOS - class ParentById - sig { returns(String) } - def parent_resource_id; end - - sig do - params( - parent_resource_id: String - ).returns(WorkOS::ParentById) - end - def self.new(parent_resource_id:); end - end -end diff --git a/rbi/workos/parent_resource_by_external_id.rbi b/rbi/workos/parent_resource_by_external_id.rbi deleted file mode 100644 index c23027f7..00000000 --- a/rbi/workos/parent_resource_by_external_id.rbi +++ /dev/null @@ -1,23 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -# typed: strong - -module WorkOS - class ParentResourceByExternalId - sig { returns(String) } - def parent_resource_type_slug; end - - sig { returns(String) } - def parent_resource_external_id; end - - sig do - params( - parent_resource_type_slug: String, - parent_resource_external_id: String - ).returns(WorkOS::ParentResourceByExternalId) - end - def self.new(parent_resource_type_slug:, parent_resource_external_id:); end - end -end diff --git a/rbi/workos/parent_resource_by_id.rbi b/rbi/workos/parent_resource_by_id.rbi deleted file mode 100644 index 50c3d7b0..00000000 --- a/rbi/workos/parent_resource_by_id.rbi +++ /dev/null @@ -1,19 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -# typed: strong - -module WorkOS - class ParentResourceById - sig { returns(String) } - def parent_resource_id; end - - sig do - params( - parent_resource_id: String - ).returns(WorkOS::ParentResourceById) - end - def self.new(parent_resource_id:); end - end -end diff --git a/rbi/workos/password_hashed.rbi b/rbi/workos/password_hashed.rbi deleted file mode 100644 index 4763f69f..00000000 --- a/rbi/workos/password_hashed.rbi +++ /dev/null @@ -1,23 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -# typed: strong - -module WorkOS - class PasswordHashed - sig { returns(String) } - def password_hash; end - - sig { returns(String) } - def password_hash_type; end - - sig do - params( - password_hash: String, - password_hash_type: String - ).returns(WorkOS::PasswordHashed) - end - def self.new(password_hash:, password_hash_type:); end - end -end diff --git a/rbi/workos/password_plaintext.rbi b/rbi/workos/password_plaintext.rbi deleted file mode 100644 index b26bec5c..00000000 --- a/rbi/workos/password_plaintext.rbi +++ /dev/null @@ -1,19 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -# typed: strong - -module WorkOS - class PasswordPlaintext - sig { returns(String) } - def password; end - - sig do - params( - password: String - ).returns(WorkOS::PasswordPlaintext) - end - def self.new(password:); end - end -end diff --git a/rbi/workos/resource_target_by_external_id.rbi b/rbi/workos/resource_target_by_external_id.rbi deleted file mode 100644 index 1732bac4..00000000 --- a/rbi/workos/resource_target_by_external_id.rbi +++ /dev/null @@ -1,23 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -# typed: strong - -module WorkOS - class ResourceTargetByExternalId - sig { returns(String) } - def resource_external_id; end - - sig { returns(String) } - def resource_type_slug; end - - sig do - params( - resource_external_id: String, - resource_type_slug: String - ).returns(WorkOS::ResourceTargetByExternalId) - end - def self.new(resource_external_id:, resource_type_slug:); end - end -end diff --git a/rbi/workos/resource_target_by_id.rbi b/rbi/workos/resource_target_by_id.rbi deleted file mode 100644 index a9f5ff02..00000000 --- a/rbi/workos/resource_target_by_id.rbi +++ /dev/null @@ -1,19 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -# typed: strong - -module WorkOS - class ResourceTargetById - sig { returns(String) } - def resource_id; end - - sig do - params( - resource_id: String - ).returns(WorkOS::ResourceTargetById) - end - def self.new(resource_id:); end - end -end diff --git a/rbi/workos/role_multiple.rbi b/rbi/workos/role_multiple.rbi deleted file mode 100644 index 25ef81eb..00000000 --- a/rbi/workos/role_multiple.rbi +++ /dev/null @@ -1,19 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -# typed: strong - -module WorkOS - class RoleMultiple - sig { returns(T::Array[String]) } - def role_slugs; end - - sig do - params( - role_slugs: T::Array[String] - ).returns(WorkOS::RoleMultiple) - end - def self.new(role_slugs:); end - end -end diff --git a/rbi/workos/role_single.rbi b/rbi/workos/role_single.rbi deleted file mode 100644 index 153240b6..00000000 --- a/rbi/workos/role_single.rbi +++ /dev/null @@ -1,19 +0,0 @@ -# frozen_string_literal: true - -# This file is auto-generated by oagen. Do not edit. - -# typed: strong - -module WorkOS - class RoleSingle - sig { returns(String) } - def role_slug; end - - sig do - params( - role_slug: String - ).returns(WorkOS::RoleSingle) - end - def self.new(role_slug:); end - end -end diff --git a/rbi/workos/user_management.rbi b/rbi/workos/user_management.rbi index ca013e20..2d2c0bca 100644 --- a/rbi/workos/user_management.rbi +++ b/rbi/workos/user_management.rbi @@ -6,6 +6,58 @@ module WorkOS class UserManagement + class PasswordPlaintext + sig { returns(String) } + def password; end + + sig do + params( + password: String + ).returns(WorkOS::UserManagement::PasswordPlaintext) + end + def self.new(password:); end + end + + class PasswordHashed + sig { returns(String) } + def password_hash; end + + sig { returns(String) } + def password_hash_type; end + + sig do + params( + password_hash: String, + password_hash_type: String + ).returns(WorkOS::UserManagement::PasswordHashed) + end + def self.new(password_hash:, password_hash_type:); end + end + + class RoleSingle + sig { returns(String) } + def role_slug; end + + sig do + params( + role_slug: String + ).returns(WorkOS::UserManagement::RoleSingle) + end + def self.new(role_slug:); end + end + + class RoleMultiple + sig { returns(T::Array[String]) } + def role_slugs; end + + sig do + params( + role_slugs: T::Array[String] + ).returns(WorkOS::UserManagement::RoleMultiple) + end + def self.new(role_slugs:); end + end + sig { params(client: WorkOS::BaseClient).void } def initialize(client); end @@ -113,7 +165,7 @@ module WorkOS email_verified: T.nilable(T::Boolean), metadata: T.nilable(T::Hash[String, String]), external_id: T.nilable(String), - password: T.nilable(T.any(WorkOS::PasswordPlaintext, WorkOS::PasswordHashed)), + password: T.nilable(T.any(WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::User) end @@ -145,7 +197,7 @@ module WorkOS metadata: T.nilable(T::Hash[String, String]), external_id: T.nilable(String), locale: T.nilable(String), - password: T.nilable(T.any(WorkOS::PasswordPlaintext, WorkOS::PasswordHashed)), + password: T.nilable(T.any(WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::User) end @@ -324,7 +376,7 @@ module WorkOS params( user_id: String, organization_id: String, - role: T.nilable(T.any(WorkOS::RoleSingle, WorkOS::RoleMultiple)), + role: T.nilable(T.any(WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::OrganizationMembership) end @@ -341,7 +393,7 @@ module WorkOS sig do params( id: String, - role: T.nilable(T.any(WorkOS::RoleSingle, WorkOS::RoleMultiple)), + role: T.nilable(T.any(WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple)), request_options: T::Hash[Symbol, T.untyped] ).returns(WorkOS::UserOrganizationMembership) end diff --git a/test/workos/test_authorization.rb b/test/workos/test_authorization.rb index ba8819cf..057bcf2e 100644 --- a/test/workos/test_authorization.rb +++ b/test/workos/test_authorization.rb @@ -15,7 +15,7 @@ def test_check_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)}) .with(body: hash_including("permission_slug" => "stub", "resource_id" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.check(organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")) + result = @client.authorization.check(organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetById.new(resource_id: "stub")) refute_nil result end @@ -23,21 +23,21 @@ def test_check_with_resource_target_by_external_id_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)}) .with(body: hash_including("permission_slug" => "stub", "resource_external_id" => "stub", "resource_type_slug" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.check(organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::ResourceTargetByExternalId.new(resource_external_id: "stub", resource_type_slug: "stub")) + result = @client.authorization.check(organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetByExternalId.new(resource_external_id: "stub", resource_type_slug: "stub")) refute_nil result end def test_list_resources_for_membership_returns_expected_result stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)}) .to_return(body: '{"data": [], "list_metadata": {}}', status: 200) - result = @client.authorization.list_resources_for_membership(organization_membership_id: "stub", permission_slug: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")) + result = @client.authorization.list_resources_for_membership(organization_membership_id: "stub", permission_slug: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")) assert_kind_of WorkOS::Types::ListStruct, result end def test_list_resources_for_membership_with_parent_resource_by_external_id_returns_expected_result stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)}) .to_return(body: '{"data": [], "list_metadata": {}}', status: 200) - result = @client.authorization.list_resources_for_membership(organization_membership_id: "stub", permission_slug: "stub", parent_resource: WorkOS::ParentResourceByExternalId.new(parent_resource_type_slug: "stub", parent_resource_external_id: "stub")) + result = @client.authorization.list_resources_for_membership(organization_membership_id: "stub", permission_slug: "stub", parent_resource: WorkOS::Authorization::ParentResourceByExternalId.new(parent_resource_type_slug: "stub", parent_resource_external_id: "stub")) assert_kind_of WorkOS::Types::ListStruct, result end @@ -66,7 +66,7 @@ def test_assign_role_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}) .with(body: hash_including("role_slug" => "stub", "resource_id" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.assign_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")) + result = @client.authorization.assign_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetById.new(resource_id: "stub")) refute_nil result end @@ -74,21 +74,21 @@ def test_assign_role_with_resource_target_by_external_id_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}) .with(body: hash_including("role_slug" => "stub", "resource_external_id" => "stub", "resource_type_slug" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.assign_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetByExternalId.new(resource_external_id: "stub", resource_type_slug: "stub")) + result = @client.authorization.assign_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetByExternalId.new(resource_external_id: "stub", resource_type_slug: "stub")) refute_nil result end def test_remove_role_returns_expected_result stub_request(:delete, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}) .to_return(body: "{}", status: 200) - result = @client.authorization.remove_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")) + result = @client.authorization.remove_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetById.new(resource_id: "stub")) assert_nil result end def test_remove_role_with_resource_target_by_external_id_returns_expected_result stub_request(:delete, %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}) .to_return(body: "{}", status: 200) - result = @client.authorization.remove_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetByExternalId.new(resource_external_id: "stub", resource_type_slug: "stub")) + result = @client.authorization.remove_role(organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetByExternalId.new(resource_external_id: "stub", resource_type_slug: "stub")) assert_nil result end @@ -166,7 +166,7 @@ def test_update_resource_by_external_id_returns_expected_result stub_request(:patch, %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}) .with(body: hash_including("parent_resource_id" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.update_resource_by_external_id(organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")) + result = @client.authorization.update_resource_by_external_id(organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")) refute_nil result end @@ -174,7 +174,7 @@ def test_update_resource_by_external_id_with_parent_resource_by_external_id_retu stub_request(:patch, %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}) .with(body: hash_including("parent_resource_external_id" => "stub", "parent_resource_type_slug" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.update_resource_by_external_id(organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::ParentResourceByExternalId.new(parent_resource_external_id: "stub", parent_resource_type_slug: "stub")) + result = @client.authorization.update_resource_by_external_id(organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceByExternalId.new(parent_resource_external_id: "stub", parent_resource_type_slug: "stub")) refute_nil result end @@ -195,14 +195,14 @@ def test_list_memberships_for_resource_by_external_id_returns_expected_result def test_list_resources_returns_expected_result stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}) .to_return(body: '{"data": [], "list_metadata": {}}', status: 200) - result = @client.authorization.list_resources(parent: WorkOS::ParentById.new(parent_resource_id: "stub")) + result = @client.authorization.list_resources(parent: WorkOS::Authorization::ParentById.new(parent_resource_id: "stub")) assert_kind_of WorkOS::Types::ListStruct, result end def test_list_resources_with_parent_by_external_id_returns_expected_result stub_request(:get, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}) .to_return(body: '{"data": [], "list_metadata": {}}', status: 200) - result = @client.authorization.list_resources(parent: WorkOS::ParentByExternalId.new(parent_resource_type_slug: "stub", parent_external_id: "stub")) + result = @client.authorization.list_resources(parent: WorkOS::Authorization::ParentByExternalId.new(parent_resource_type_slug: "stub", parent_external_id: "stub")) assert_kind_of WorkOS::Types::ListStruct, result end @@ -210,7 +210,7 @@ def test_create_resource_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}) .with(body: hash_including("external_id" => "stub", "name" => "stub", "resource_type_slug" => "stub", "organization_id" => "stub", "parent_resource_id" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.create_resource(external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")) + result = @client.authorization.create_resource(external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")) refute_nil result end @@ -218,7 +218,7 @@ def test_create_resource_with_parent_resource_by_external_id_returns_expected_re stub_request(:post, %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}) .with(body: hash_including("external_id" => "stub", "name" => "stub", "resource_type_slug" => "stub", "organization_id" => "stub", "parent_resource_external_id" => "stub", "parent_resource_type_slug" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.create_resource(external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub", parent_resource: WorkOS::ParentResourceByExternalId.new(parent_resource_external_id: "stub", parent_resource_type_slug: "stub")) + result = @client.authorization.create_resource(external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceByExternalId.new(parent_resource_external_id: "stub", parent_resource_type_slug: "stub")) refute_nil result end @@ -233,7 +233,7 @@ def test_update_resource_returns_expected_result stub_request(:patch, %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}) .with(body: hash_including("parent_resource_id" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.update_resource(resource_id: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")) + result = @client.authorization.update_resource(resource_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")) refute_nil result end @@ -241,7 +241,7 @@ def test_update_resource_with_parent_resource_by_external_id_returns_expected_re stub_request(:patch, %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}) .with(body: hash_including("parent_resource_external_id" => "stub", "parent_resource_type_slug" => "stub")) .to_return(body: "{}", status: 200) - result = @client.authorization.update_resource(resource_id: "stub", parent_resource: WorkOS::ParentResourceByExternalId.new(parent_resource_external_id: "stub", parent_resource_type_slug: "stub")) + result = @client.authorization.update_resource(resource_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceByExternalId.new(parent_resource_external_id: "stub", parent_resource_type_slug: "stub")) refute_nil result end @@ -338,13 +338,13 @@ def test_delete_permission_returns_expected_result # Parameterized authentication error tests (one per endpoint). [ - {name: :check, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)}, args: {organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")}}, - {name: :list_resources_for_membership, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)}, args: {organization_membership_id: "stub", permission_slug: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")}}, + {name: :check, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/check(\?|\z)}, args: {organization_membership_id: "stub", permission_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetById.new(resource_id: "stub")}}, + {name: :list_resources_for_membership, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources(\?|\z)}, args: {organization_membership_id: "stub", permission_slug: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")}}, {name: :list_effective_permissions, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources/stub/permissions(\?|\z)}, args: {organization_membership_id: "stub", resource_id: "stub"}}, {name: :list_effective_permissions_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/resources/stub/stub/permissions(\?|\z)}, args: {organization_membership_id: "stub", resource_type_slug: "stub", external_id: "stub"}}, {name: :list_role_assignments, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub"}}, - {name: :assign_role, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")}}, - {name: :remove_role, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::ResourceTargetById.new(resource_id: "stub")}}, + {name: :assign_role, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetById.new(resource_id: "stub")}}, + {name: :remove_role, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments(\?|\z)}, args: {organization_membership_id: "stub", role_slug: "stub", resource_target: WorkOS::Authorization::ResourceTargetById.new(resource_id: "stub")}}, {name: :remove_role_assignment, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organization_memberships/stub/role_assignments/stub(\?|\z)}, args: {organization_membership_id: "stub", role_assignment_id: "stub"}}, {name: :list_organization_roles, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles(\?|\z)}, args: {organization_id: "stub"}}, {name: :create_organization_role, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles(\?|\z)}, args: {organization_id: "stub", name: "stub"}}, @@ -355,13 +355,13 @@ def test_delete_permission_returns_expected_result {name: :set_organization_role_permissions, verb: :put, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions(\?|\z)}, args: {organization_id: "stub", slug: "stub", permissions: []}}, {name: :remove_organization_role_permission, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions/stub(\?|\z)}, args: {organization_id: "stub", slug: "stub", permission_slug: "stub"}}, {name: :get_resource_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub"}}, - {name: :update_resource_by_external_id, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")}}, + {name: :update_resource_by_external_id, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")}}, {name: :delete_resource_by_external_id, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub"}}, {name: :list_memberships_for_resource_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub/organization_memberships(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub", permission_slug: "stub"}}, - {name: :list_resources, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}, args: {parent: WorkOS::ParentById.new(parent_resource_id: "stub")}}, - {name: :create_resource, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}, args: {external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")}}, + {name: :list_resources, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}, args: {parent: WorkOS::Authorization::ParentById.new(parent_resource_id: "stub")}}, + {name: :create_resource, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/resources(\?|\z)}, args: {external_id: "stub", name: "stub", resource_type_slug: "stub", organization_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")}}, {name: :get_resource, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}, args: {resource_id: "stub"}}, - {name: :update_resource, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}, args: {resource_id: "stub", parent_resource: WorkOS::ParentResourceById.new(parent_resource_id: "stub")}}, + {name: :update_resource, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}, args: {resource_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")}}, {name: :delete_resource, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub(\?|\z)}, args: {resource_id: "stub"}}, {name: :list_memberships_for_resource, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/resources/stub/organization_memberships(\?|\z)}, args: {resource_id: "stub", permission_slug: "stub"}}, {name: :list_environment_roles, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/roles(\?|\z)}}, diff --git a/test/workos/test_user_management.rb b/test/workos/test_user_management.rb index 20d565c5..ae66af15 100644 --- a/test/workos/test_user_management.rb +++ b/test/workos/test_user_management.rb @@ -205,7 +205,7 @@ def test_create_user_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/user_management/users(\?|\z)}) .with(body: hash_including("email" => "stub", "password" => "stub")) .to_return(body: "{}", status: 200) - result = @client.user_management.create_user(email: "stub", password: WorkOS::PasswordPlaintext.new(password: "stub")) + result = @client.user_management.create_user(email: "stub", password: WorkOS::UserManagement::PasswordPlaintext.new(password: "stub")) refute_nil result end @@ -213,7 +213,7 @@ def test_create_user_with_password_hashed_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/user_management/users(\?|\z)}) .with(body: hash_including("email" => "stub", "password_hash" => "stub", "password_hash_type" => "stub")) .to_return(body: "{}", status: 200) - result = @client.user_management.create_user(email: "stub", password: WorkOS::PasswordHashed.new(password_hash: "stub", password_hash_type: "stub")) + result = @client.user_management.create_user(email: "stub", password: WorkOS::UserManagement::PasswordHashed.new(password_hash: "stub", password_hash_type: "stub")) refute_nil result end @@ -235,7 +235,7 @@ def test_update_user_returns_expected_result stub_request(:put, %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}) .with(body: hash_including("password" => "stub")) .to_return(body: "{}", status: 200) - result = @client.user_management.update_user(id: "stub", password: WorkOS::PasswordPlaintext.new(password: "stub")) + result = @client.user_management.update_user(id: "stub", password: WorkOS::UserManagement::PasswordPlaintext.new(password: "stub")) refute_nil result end @@ -243,7 +243,7 @@ def test_update_user_with_password_hashed_returns_expected_result stub_request(:put, %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}) .with(body: hash_including("password_hash" => "stub", "password_hash_type" => "stub")) .to_return(body: "{}", status: 200) - result = @client.user_management.update_user(id: "stub", password: WorkOS::PasswordHashed.new(password_hash: "stub", password_hash_type: "stub")) + result = @client.user_management.update_user(id: "stub", password: WorkOS::UserManagement::PasswordHashed.new(password_hash: "stub", password_hash_type: "stub")) refute_nil result end @@ -377,7 +377,7 @@ def test_create_organization_membership_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships(\?|\z)}) .with(body: hash_including("user_id" => "stub", "organization_id" => "stub", "role_slug" => "stub")) .to_return(body: "{}", status: 200) - result = @client.user_management.create_organization_membership(user_id: "stub", organization_id: "stub", role: WorkOS::RoleSingle.new(role_slug: "stub")) + result = @client.user_management.create_organization_membership(user_id: "stub", organization_id: "stub", role: WorkOS::UserManagement::RoleSingle.new(role_slug: "stub")) refute_nil result end @@ -385,7 +385,7 @@ def test_create_organization_membership_with_role_multiple_returns_expected_resu stub_request(:post, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships(\?|\z)}) .with(body: hash_including("user_id" => "stub", "organization_id" => "stub", "role_slugs" => "stub")) .to_return(body: "{}", status: 200) - result = @client.user_management.create_organization_membership(user_id: "stub", organization_id: "stub", role: WorkOS::RoleMultiple.new(role_slugs: "stub")) + result = @client.user_management.create_organization_membership(user_id: "stub", organization_id: "stub", role: WorkOS::UserManagement::RoleMultiple.new(role_slugs: "stub")) refute_nil result end @@ -400,7 +400,7 @@ def test_update_organization_membership_returns_expected_result stub_request(:put, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}) .with(body: hash_including("role_slug" => "stub")) .to_return(body: "{}", status: 200) - result = @client.user_management.update_organization_membership(id: "stub", role: WorkOS::RoleSingle.new(role_slug: "stub")) + result = @client.user_management.update_organization_membership(id: "stub", role: WorkOS::UserManagement::RoleSingle.new(role_slug: "stub")) refute_nil result end @@ -408,7 +408,7 @@ def test_update_organization_membership_with_role_multiple_returns_expected_resu stub_request(:put, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}) .with(body: hash_including("role_slugs" => "stub")) .to_return(body: "{}", status: 200) - result = @client.user_management.update_organization_membership(id: "stub", role: WorkOS::RoleMultiple.new(role_slugs: "stub")) + result = @client.user_management.update_organization_membership(id: "stub", role: WorkOS::UserManagement::RoleMultiple.new(role_slugs: "stub")) refute_nil result end @@ -466,10 +466,10 @@ def test_delete_user_authorized_application_returns_expected_result {name: :confirm_password_reset, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/password_reset/confirm(\?|\z)}, args: {token: "stub", new_password: "stub"}}, {name: :get_password_reset, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/password_reset/stub(\?|\z)}, args: {id: "stub"}}, {name: :list_users, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/users(\?|\z)}}, - {name: :create_user, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/users(\?|\z)}, args: {email: "stub", password: WorkOS::PasswordPlaintext.new(password: "stub")}}, + {name: :create_user, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/users(\?|\z)}, args: {email: "stub", password: WorkOS::UserManagement::PasswordPlaintext.new(password: "stub")}}, {name: :get_user_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/users/external_id/stub(\?|\z)}, args: {external_id: "stub"}}, {name: :get_user, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}, args: {id: "stub"}}, - {name: :update_user, verb: :put, url: %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}, args: {id: "stub", password: WorkOS::PasswordPlaintext.new(password: "stub")}}, + {name: :update_user, verb: :put, url: %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}, args: {id: "stub", password: WorkOS::UserManagement::PasswordPlaintext.new(password: "stub")}}, {name: :delete_user, verb: :delete, url: %r{\Ahttps://api\.workos\.com/user_management/users/stub(\?|\z)}, args: {id: "stub"}}, {name: :confirm_email_change, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/users/stub/email_change/confirm(\?|\z)}, args: {id: "stub", code: "stub"}}, {name: :send_email_change, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/users/stub/email_change/send(\?|\z)}, args: {id: "stub", new_email: "stub"}}, @@ -488,9 +488,9 @@ def test_delete_user_authorized_application_returns_expected_result {name: :create_magic_auth, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/magic_auth(\?|\z)}, args: {email: "stub"}}, {name: :get_magic_auth, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/magic_auth/stub(\?|\z)}, args: {id: "stub"}}, {name: :list_organization_memberships, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships(\?|\z)}}, - {name: :create_organization_membership, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships(\?|\z)}, args: {user_id: "stub", organization_id: "stub", role: WorkOS::RoleSingle.new(role_slug: "stub")}}, + {name: :create_organization_membership, verb: :post, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships(\?|\z)}, args: {user_id: "stub", organization_id: "stub", role: WorkOS::UserManagement::RoleSingle.new(role_slug: "stub")}}, {name: :get_organization_membership, verb: :get, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}, args: {id: "stub"}}, - {name: :update_organization_membership, verb: :put, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}, args: {id: "stub", role: WorkOS::RoleSingle.new(role_slug: "stub")}}, + {name: :update_organization_membership, verb: :put, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}, args: {id: "stub", role: WorkOS::UserManagement::RoleSingle.new(role_slug: "stub")}}, {name: :delete_organization_membership, verb: :delete, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}, args: {id: "stub"}}, {name: :deactivate_organization_membership, verb: :put, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub/deactivate(\?|\z)}, args: {id: "stub"}}, {name: :reactivate_organization_membership, verb: :put, url: %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub/reactivate(\?|\z)}, args: {id: "stub"}}, From 4e4c93f8b89b89e6a802070c9366a4a632a74b15 Mon Sep 17 00:00:00 2001 From: "Garen J. Torikian" Date: Thu, 30 Apr 2026 13:42:17 -0400 Subject: [PATCH 7/7] fix(ruby): regenerate test stubs with recovered array shapes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Regenerated against workos/oagen-emitters@e56acd8: test stubs for parameter-group variants now use the recovered (body-model) type instead of the raw IR leaf type, and array stubs produce single-element arrays instead of empty `[]`. Concretely fixes the RoleMultiple coverage gap flagged in review: Before @client.user_management.create_organization_membership( ..., role: WorkOS::UserManagement::RoleMultiple.new(role_slugs: "stub") ) .with(body: hash_including("role_slugs" => "stub")) After @client.user_management.create_organization_membership( ..., role: WorkOS::UserManagement::RoleMultiple.new(role_slugs: ["stub"]) ) .with(body: hash_including("role_slugs" => ["stub"])) The `RoleMultiple` class declares `role_slugs: T::Array[String]`; the old stub passed a String. Data.define doesn't validate at construction so the test passed, but the wire body the SDK was sending didn't match the API contract — and a regression that flipped serialization to a (correct) array would have failed that test. Other touched files (audit_logs.create_schema targets, webhooks.create_webhook_endpoint events) get the same single-element-array treatment for array body fields. bundle exec rake test: 870 runs / 4395 assertions / 0 failures. Co-Authored-By: Claude Opus 4.7 (1M context) --- .oagen-manifest.json | 2 +- test/workos/test_audit_logs.rb | 4 ++-- test/workos/test_authorization.rb | 8 ++++---- test/workos/test_user_management.rb | 8 ++++---- test/workos/test_webhooks.rb | 4 ++-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.oagen-manifest.json b/.oagen-manifest.json index cff2bea5..3dd2b3da 100644 --- a/.oagen-manifest.json +++ b/.oagen-manifest.json @@ -1,7 +1,7 @@ { "version": 2, "language": "ruby", - "generatedAt": "2026-04-30T17:29:07.149Z", + "generatedAt": "2026-04-30T17:41:02.756Z", "files": [ "lib/workos.rb", "lib/workos/admin_portal.rb", diff --git a/test/workos/test_audit_logs.rb b/test/workos/test_audit_logs.rb index c449bb40..764e2674 100644 --- a/test/workos/test_audit_logs.rb +++ b/test/workos/test_audit_logs.rb @@ -42,7 +42,7 @@ def test_list_action_schemas_returns_expected_result def test_create_schema_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/audit_logs/actions/stub/schemas(\?|\z)}) .to_return(body: "{}", status: 200) - result = @client.audit_logs.create_schema(action_name: "stub", targets: []) + result = @client.audit_logs.create_schema(action_name: "stub", targets: [{}]) refute_nil result end @@ -73,7 +73,7 @@ def test_get_export_returns_expected_result {name: :update_organization_audit_logs_retention, verb: :put, url: %r{\Ahttps://api\.workos\.com/organizations/stub/audit_logs_retention(\?|\z)}, args: {id: "stub", retention_period_in_days: 1}}, {name: :list_actions, verb: :get, url: %r{\Ahttps://api\.workos\.com/audit_logs/actions(\?|\z)}}, {name: :list_action_schemas, verb: :get, url: %r{\Ahttps://api\.workos\.com/audit_logs/actions/stub/schemas(\?|\z)}, args: {action_name: "stub"}}, - {name: :create_schema, verb: :post, url: %r{\Ahttps://api\.workos\.com/audit_logs/actions/stub/schemas(\?|\z)}, args: {action_name: "stub", targets: []}}, + {name: :create_schema, verb: :post, url: %r{\Ahttps://api\.workos\.com/audit_logs/actions/stub/schemas(\?|\z)}, args: {action_name: "stub", targets: [{}]}}, {name: :create_event, verb: :post, url: %r{\Ahttps://api\.workos\.com/audit_logs/events(\?|\z)}, args: {organization_id: "stub", event: {}}}, {name: :create_export, verb: :post, url: %r{\Ahttps://api\.workos\.com/audit_logs/exports(\?|\z)}, args: {organization_id: "stub", range_start: "stub", range_end: "stub"}}, {name: :get_export, verb: :get, url: %r{\Ahttps://api\.workos\.com/audit_logs/exports/stub(\?|\z)}, args: {audit_log_export_id: "stub"}} diff --git a/test/workos/test_authorization.rb b/test/workos/test_authorization.rb index 057bcf2e..56de8137 100644 --- a/test/workos/test_authorization.rb +++ b/test/workos/test_authorization.rb @@ -144,7 +144,7 @@ def test_add_organization_role_permission_returns_expected_result def test_set_organization_role_permissions_returns_expected_result stub_request(:put, %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions(\?|\z)}) .to_return(body: "{}", status: 200) - result = @client.authorization.set_organization_role_permissions(organization_id: "stub", slug: "stub", permissions: []) + result = @client.authorization.set_organization_role_permissions(organization_id: "stub", slug: "stub", permissions: ["stub"]) refute_nil result end @@ -297,7 +297,7 @@ def test_add_environment_role_permission_returns_expected_result def test_set_environment_role_permissions_returns_expected_result stub_request(:put, %r{\Ahttps://api\.workos\.com/authorization/roles/stub/permissions(\?|\z)}) .to_return(body: "{}", status: 200) - result = @client.authorization.set_environment_role_permissions(slug: "stub", permissions: []) + result = @client.authorization.set_environment_role_permissions(slug: "stub", permissions: ["stub"]) refute_nil result end @@ -352,7 +352,7 @@ def test_delete_permission_returns_expected_result {name: :update_organization_role, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub(\?|\z)}, args: {organization_id: "stub", slug: "stub"}}, {name: :delete_organization_role, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub(\?|\z)}, args: {organization_id: "stub", slug: "stub"}}, {name: :add_organization_role_permission, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions(\?|\z)}, args: {organization_id: "stub", slug: "stub", body_slug: "stub"}}, - {name: :set_organization_role_permissions, verb: :put, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions(\?|\z)}, args: {organization_id: "stub", slug: "stub", permissions: []}}, + {name: :set_organization_role_permissions, verb: :put, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions(\?|\z)}, args: {organization_id: "stub", slug: "stub", permissions: ["stub"]}}, {name: :remove_organization_role_permission, verb: :delete, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/roles/stub/permissions/stub(\?|\z)}, args: {organization_id: "stub", slug: "stub", permission_slug: "stub"}}, {name: :get_resource_by_external_id, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub"}}, {name: :update_resource_by_external_id, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/organizations/stub/resources/stub/stub(\?|\z)}, args: {organization_id: "stub", resource_type_slug: "stub", external_id: "stub", parent_resource: WorkOS::Authorization::ParentResourceById.new(parent_resource_id: "stub")}}, @@ -369,7 +369,7 @@ def test_delete_permission_returns_expected_result {name: :get_environment_role, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/roles/stub(\?|\z)}, args: {slug: "stub"}}, {name: :update_environment_role, verb: :patch, url: %r{\Ahttps://api\.workos\.com/authorization/roles/stub(\?|\z)}, args: {slug: "stub"}}, {name: :add_environment_role_permission, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/roles/stub/permissions(\?|\z)}, args: {slug: "stub", body_slug: "stub"}}, - {name: :set_environment_role_permissions, verb: :put, url: %r{\Ahttps://api\.workos\.com/authorization/roles/stub/permissions(\?|\z)}, args: {slug: "stub", permissions: []}}, + {name: :set_environment_role_permissions, verb: :put, url: %r{\Ahttps://api\.workos\.com/authorization/roles/stub/permissions(\?|\z)}, args: {slug: "stub", permissions: ["stub"]}}, {name: :list_permissions, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/permissions(\?|\z)}}, {name: :create_permission, verb: :post, url: %r{\Ahttps://api\.workos\.com/authorization/permissions(\?|\z)}, args: {slug: "stub", name: "stub"}}, {name: :get_permission, verb: :get, url: %r{\Ahttps://api\.workos\.com/authorization/permissions/stub(\?|\z)}, args: {slug: "stub"}}, diff --git a/test/workos/test_user_management.rb b/test/workos/test_user_management.rb index ae66af15..f2520e0b 100644 --- a/test/workos/test_user_management.rb +++ b/test/workos/test_user_management.rb @@ -383,9 +383,9 @@ def test_create_organization_membership_returns_expected_result def test_create_organization_membership_with_role_multiple_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships(\?|\z)}) - .with(body: hash_including("user_id" => "stub", "organization_id" => "stub", "role_slugs" => "stub")) + .with(body: hash_including("user_id" => "stub", "organization_id" => "stub", "role_slugs" => ["stub"])) .to_return(body: "{}", status: 200) - result = @client.user_management.create_organization_membership(user_id: "stub", organization_id: "stub", role: WorkOS::UserManagement::RoleMultiple.new(role_slugs: "stub")) + result = @client.user_management.create_organization_membership(user_id: "stub", organization_id: "stub", role: WorkOS::UserManagement::RoleMultiple.new(role_slugs: ["stub"])) refute_nil result end @@ -406,9 +406,9 @@ def test_update_organization_membership_returns_expected_result def test_update_organization_membership_with_role_multiple_returns_expected_result stub_request(:put, %r{\Ahttps://api\.workos\.com/user_management/organization_memberships/stub(\?|\z)}) - .with(body: hash_including("role_slugs" => "stub")) + .with(body: hash_including("role_slugs" => ["stub"])) .to_return(body: "{}", status: 200) - result = @client.user_management.update_organization_membership(id: "stub", role: WorkOS::UserManagement::RoleMultiple.new(role_slugs: "stub")) + result = @client.user_management.update_organization_membership(id: "stub", role: WorkOS::UserManagement::RoleMultiple.new(role_slugs: ["stub"])) refute_nil result end diff --git a/test/workos/test_webhooks.rb b/test/workos/test_webhooks.rb index ddf268f0..1a10bbf2 100644 --- a/test/workos/test_webhooks.rb +++ b/test/workos/test_webhooks.rb @@ -21,7 +21,7 @@ def test_list_webhook_endpoints_returns_expected_result def test_create_webhook_endpoint_returns_expected_result stub_request(:post, %r{\Ahttps://api\.workos\.com/webhook_endpoints(\?|\z)}) .to_return(body: "{}", status: 200) - result = @client.webhooks.create_webhook_endpoint(endpoint_url: "stub", events: []) + result = @client.webhooks.create_webhook_endpoint(endpoint_url: "stub", events: ["stub"]) refute_nil result end @@ -42,7 +42,7 @@ def test_delete_webhook_endpoint_returns_expected_result # Parameterized authentication error tests (one per endpoint). [ {name: :list_webhook_endpoints, verb: :get, url: %r{\Ahttps://api\.workos\.com/webhook_endpoints(\?|\z)}}, - {name: :create_webhook_endpoint, verb: :post, url: %r{\Ahttps://api\.workos\.com/webhook_endpoints(\?|\z)}, args: {endpoint_url: "stub", events: []}}, + {name: :create_webhook_endpoint, verb: :post, url: %r{\Ahttps://api\.workos\.com/webhook_endpoints(\?|\z)}, args: {endpoint_url: "stub", events: ["stub"]}}, {name: :update_webhook_endpoint, verb: :patch, url: %r{\Ahttps://api\.workos\.com/webhook_endpoints/stub(\?|\z)}, args: {id: "stub"}}, {name: :delete_webhook_endpoint, verb: :delete, url: %r{\Ahttps://api\.workos\.com/webhook_endpoints/stub(\?|\z)}, args: {id: "stub"}} ].each do |spec|