fix: use ids instead of id

kmendell · kmendell · commit 51f4fdc21a1a · 2026-03-10T00:27:41.000-05:00
diff --git a/internal/boundary/boundary_test.go b/internal/boundary/boundary_test.go
@@ -200,3 +200,14 @@ func TestSSHHostKeyAlias(t *testing.T) {
 		})
 	}
 }
+
+func TestAuthorizeSessionGrant(t *testing.T) {
+	t.Parallel()
+
+	const targetID = "ttcp_pasAlBrMWb"
+	want := "ids=ttcp_pasAlBrMWb;actions=authorize-session"
+
+	if got := authorizeSessionGrant(targetID); got != want {
+		t.Fatalf("authorizeSessionGrant(%q) = %q, want %q", targetID, got, want)
+	}
+}
diff --git a/internal/boundary/client.go b/internal/boundary/client.go
@@ -559,7 +559,7 @@ func (c *Client) AddGrantToRole(ctx context.Context, roleID string, targetID str
 		return err
 	}
 
-	grant := fmt.Sprintf("id=%s;actions=authorize-session", targetID)
+	grant := authorizeSessionGrant(targetID)
 	_, err = apiroles.NewClient(apiClient).AddGrants(ctx, roleID, 0, []string{grant}, apiroles.WithAutomaticVersioning(true))
 	if err != nil {
 		return fmt.Errorf("add grant to role: %w", err)
@@ -568,6 +568,10 @@ func (c *Client) AddGrantToRole(ctx context.Context, roleID string, targetID str
 	return nil
 }
 
+func authorizeSessionGrant(targetID string) string {
+	return fmt.Sprintf("ids=%s;actions=authorize-session", targetID)
+}
+
 // AddPrincipalToRole adds a user or managed group principal to a role.
 func (c *Client) AddPrincipalToRole(ctx context.Context, roleID string, principalID string) error {
 	if strings.TrimSpace(roleID) == "" {
