fix(enterprise): fix deserialization errors in cluster, user, and license structs (#327)

* fix: remove non-existent workflow command from docker-compose.yml

The workflow commands are not yet implemented in the CLI (they're commented out).
Updated docker-compose.yml to remove the auto-init container and added manual
initialization instructions instead.

* fix: use v0.5.0 tag instead of latest in docker-compose.yml

The workflow init-cluster command IS implemented and working. The issue was
using :latest tag which might not have the latest code. Using explicit
v0.5.0 tag ensures the workflow command is available.

* fix: init-cluster workflow to work without authentication for bootstrap

- Bootstrap API doesn't require authentication initially
- Modified init-cluster workflow to create unauthenticated client for bootstrap
- Added ARM64 Redis Enterprise image requirement to CLAUDE.md
- Fixed docker-compose.yml to build from local Dockerfile for testing
- Verified workflow successfully initializes cluster with admin user and database

* fix: disable init container until v0.5.1 release

The init-cluster workflow fix for unauthenticated bootstrap is not in
v0.5.0, so the docker-compose workflow won't work until the next release.
Commented out the init container with instructions for manual initialization
and notes to re-enable after v0.5.1 is published.

* fix(enterprise): fix deserialization errors in cluster, user, and license structs

- Fix ClusterInfo struct field types to match actual API responses:
  - sentinel_cipher_suites: String -> Vec<String>
  - sentinel_cipher_suites_tls_1_3: Vec<Value> -> String
  - password_complexity: Value -> bool
  - mtls_certificate_authentication: String -> bool
  - upgrade_mode: String -> bool

- Fix User struct to match actual API:
  - Remove non-existent 'username' field
  - Make 'email' required (it's the user identifier)
  - Add 'name' field for display name
  - Add missing fields: auth_method, certificate_subject_line, role_uids

- Fix License struct:
  - Remove required 'license_key' field (doesn't exist)
  - Keep 'key' and 'license' as optional fields

- Update mock tests to use realistic API responses
- Add comprehensive cluster info test with actual API data
- Fix rbac_impl.rs to use email instead of username

Fixes #316, #317, #323, #324, #325

Author: joshrotenberg

crates/redis-enterprise/src/cluster.rs

@@ -254,7 +254,7 @@ pub struct ClusterInfo {
     pub mtls_authorized_subjects: Option<Vec<String>>,
 
     /// Certificate authentication mode for mutual TLS
-    pub mtls_certificate_authentication: Option<String>,
+    pub mtls_certificate_authentication: Option<bool>,
 
     /// Validation type for MTLS client certificate subjects
     pub mtls_client_cert_subject_validation_type: Option<String>,
@@ -266,7 +266,7 @@ pub struct ClusterInfo {
     pub options_method_forbidden: Option<bool>,
 
     /// Requirements for password complexity
-    pub password_complexity: Option<Value>,
+    pub password_complexity: Option<bool>,
 
     /// Duration in seconds before passwords expire
     pub password_expiration_duration: Option<u32>,
@@ -290,10 +290,10 @@ pub struct ClusterInfo {
     pub s3_certificate_verification: Option<bool>,
 
     /// Cipher suites for sentinel TLS connections
-    pub sentinel_cipher_suites: Option<String>,
+    pub sentinel_cipher_suites: Option<Vec<String>>,
 
     /// Cipher suites for sentinel TLS 1.3 connections
-    pub sentinel_cipher_suites_tls_1_3: Option<Vec<Value>>,
+    pub sentinel_cipher_suites_tls_1_3: Option<String>,
 
     /// TLS mode for sentinel connections
     pub sentinel_tls_mode: Option<String>,
@@ -329,7 +329,7 @@ pub struct ClusterInfo {
     pub upgrade_in_progress: Option<bool>,
 
     /// Current upgrade mode for the cluster
-    pub upgrade_mode: Option<String>,
+    pub upgrade_mode: Option<bool>,
 
     /// Use external IPv6
     pub use_external_ipv6: Option<bool>,

crates/redis-enterprise/src/lib.rs

@@ -194,7 +194,7 @@
 //! // List all users
 //! let users = handler.list().await?;
 //! for user in users {
-//!     println!("User: {} ({})", user.username, user.role);
+//!     println!("User: {} ({})", user.email, user.role);
 //! }
 //!
 //! // Create a new user

crates/redis-enterprise/src/license.rs

@@ -14,10 +14,7 @@ use typed_builder::TypedBuilder;
 /// License information
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct License {
-    /// License key string
-    pub license_key: String,
-
-    /// Key field (some endpoints may return this instead of license_key)
+    /// License key field
     #[serde(skip_serializing_if = "Option::is_none")]
     pub key: Option<String>,
 

crates/redis-enterprise/src/users.rs

@@ -19,12 +19,25 @@ use typed_builder::TypedBuilder;
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct User {
     pub uid: u32,
-    pub username: String,
-    pub email: Option<String>,
+    /// User's email address (used as login identifier)
+    pub email: String,
+    /// User's display name
+    pub name: Option<String>,
+    /// User's role
     pub role: String,
+    /// User status (e.g., "active")
     pub status: Option<String>,
+    /// Authentication method (e.g., "regular")
+    pub auth_method: Option<String>,
+    /// Certificate subject line for certificate auth
+    pub certificate_subject_line: Option<String>,
+    /// Password issue date
     pub password_issue_date: Option<String>,
+    /// Whether user receives email alerts
     pub email_alerts: Option<bool>,
+    /// List of role UIDs
+    pub role_uids: Option<Vec<u32>>,
+    /// Database IDs for alerts
     pub bdbs: Option<Vec<u32>>,
     /// Alert for audit database connections
     pub alert_audit_db_conns: Option<bool>,

crates/redis-enterprise/tests/cluster_info_test.rs

@@ -0,0 +1,111 @@
+//! Test for cluster info endpoint with realistic data
+
+use redis_enterprise::{ClusterHandler, EnterpriseClient};
+use serde_json::json;
+use wiremock::matchers::{basic_auth, method, path};
+use wiremock::{Mock, MockServer, ResponseTemplate};
+
+fn success_response(body: serde_json::Value) -> ResponseTemplate {
+    ResponseTemplate::new(200).set_body_json(body)
+}
+
+#[tokio::test]
+async fn test_cluster_info() {
+    let mock_server = MockServer::start().await;
+
+    // Mock response focusing on fields that were causing deserialization issues
+    let cluster_response = json!({
+        "name": "cluster.local",
+        "created_time": "2025-09-15T21:22:00Z",
+        "cnm_http_port": 8080,
+        "cnm_https_port": 9443,
+        "email_alerts": false,
+        "rack_aware": false,
+        "bigstore_driver": "speedb",
+        // Fields that had type mismatches
+        "password_complexity": false,  // Was Option<Value>, now Option<bool>
+        "upgrade_mode": false,  // Was Option<String>, now Option<bool>
+        "mtls_certificate_authentication": false,  // Was Option<String>, now Option<bool>
+        "sentinel_cipher_suites": [],  // Was Option<String>, now Option<Vec<String>>
+        "sentinel_cipher_suites_tls_1_3": "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256",  // Was Option<Vec<Value>>, now Option<String>
+        "data_cipher_suites_tls_1_3": []  // Array type
+    });
+
+    Mock::given(method("GET"))
+        .and(path("/v1/cluster"))
+        .and(basic_auth("admin", "password"))
+        .respond_with(success_response(cluster_response))
+        .mount(&mock_server)
+        .await;
+
+    let client = EnterpriseClient::builder()
+        .base_url(mock_server.uri())
+        .username("admin")
+        .password("password")
+        .build()
+        .unwrap();
+
+    let handler = ClusterHandler::new(client);
+    let result = handler.info().await;
+
+    assert!(result.is_ok());
+    let info = result.unwrap();
+
+    // Verify key fields
+    assert_eq!(info.name, "cluster.local");
+    assert_eq!(info.cnm_http_port, Some(8080));
+    assert_eq!(info.cnm_https_port, Some(9443));
+    assert_eq!(info.email_alerts, Some(false));
+    assert_eq!(info.rack_aware, Some(false));
+    assert_eq!(info.bigstore_driver, Some("speedb".to_string()));
+
+    // Verify fields that were causing deserialization issues
+    assert_eq!(info.password_complexity, Some(false));
+    assert_eq!(info.upgrade_mode, Some(false));
+    assert_eq!(info.mtls_certificate_authentication, Some(false));
+
+    // Verify array fields
+    assert_eq!(info.sentinel_cipher_suites, Some(vec![]));
+    assert_eq!(
+        info.sentinel_cipher_suites_tls_1_3,
+        Some(
+            "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
+                .to_string()
+        )
+    );
+    assert_eq!(info.data_cipher_suites_tls_1_3, Some(vec![]));
+}
+
+#[tokio::test]
+async fn test_cluster_info_minimal() {
+    let mock_server = MockServer::start().await;
+
+    // Test with minimal required fields
+    Mock::given(method("GET"))
+        .and(path("/v1/cluster"))
+        .and(basic_auth("admin", "password"))
+        .respond_with(success_response(json!({
+            "name": "minimal-cluster"
+        })))
+        .mount(&mock_server)
+        .await;
+
+    let client = EnterpriseClient::builder()
+        .base_url(mock_server.uri())
+        .username("admin")
+        .password("password")
+        .build()
+        .unwrap();
+
+    let handler = ClusterHandler::new(client);
+    let result = handler.info().await;
+
+    assert!(result.is_ok());
+    let info = result.unwrap();
+    assert_eq!(info.name, "minimal-cluster");
+
+    // All optional fields should be None
+    assert!(info.cnm_http_port.is_none());
+    assert!(info.password_complexity.is_none());
+    assert!(info.sentinel_cipher_suites.is_none());
+}

crates/redis-enterprise/tests/license_tests.rs

@@ -12,7 +12,7 @@ fn success_response(body: serde_json::Value) -> ResponseTemplate {
 
 fn valid_license() -> serde_json::Value {
     json!({
-        "license_key": "lic-123-456-789",
+        "key": "lic-123-456-789",
         "type": "production",
         "expired": false,
         "expiration_date": "2025-12-31T23:59:59Z",
@@ -25,7 +25,7 @@ fn valid_license() -> serde_json::Value {
 
 fn expired_license() -> serde_json::Value {
     json!({
-        "license_key": "lic-expired-123",
+        "key": "lic-expired-123",
         "type": "trial",
         "expired": true,
         "expiration_date": "2023-01-01T00:00:00Z",
@@ -49,7 +49,7 @@ fn license_usage() -> serde_json::Value {
 
 fn minimal_license() -> serde_json::Value {
     json!({
-        "license_key": "lic-minimal-789",
+        "key": "lic-minimal-789",
         "type": "dev",
         "expired": false
     })
@@ -78,7 +78,7 @@ async fn test_license_get() {
 
     assert!(result.is_ok());
     let license = result.unwrap();
-    assert_eq!(license.license_key, "lic-123-456-789");
+    assert_eq!(license.key.unwrap(), "lic-123-456-789");
     assert_eq!(license.type_, Some("production".to_string()));
     assert!(!license.expired);
     assert_eq!(
@@ -121,7 +121,7 @@ async fn test_license_get_expired() {
 
     assert!(result.is_ok());
     let license = result.unwrap();
-    assert_eq!(license.license_key, "lic-expired-123");
+    assert_eq!(license.key.unwrap(), "lic-expired-123");
     assert_eq!(license.type_, Some("trial".to_string()));
     assert!(license.expired);
     assert_eq!(
@@ -155,7 +155,7 @@ async fn test_license_get_minimal() {
 
     assert!(result.is_ok());
     let license = result.unwrap();
-    assert_eq!(license.license_key, "lic-minimal-789");
+    assert_eq!(license.key.unwrap(), "lic-minimal-789");
     assert_eq!(license.type_, Some("dev".to_string()));
     assert!(!license.expired);
     assert!(license.expiration_date.is_none());
@@ -178,7 +178,7 @@ async fn test_license_update() {
         .and(basic_auth("admin", "password"))
         .and(body_json(&update_request))
         .respond_with(success_response(json!({
-            "license_key": "new-license-key-12345",
+            "key": "new-license-key-12345",
             "type": "production",
             "expired": false,
             "expiration_date": "2026-12-31T23:59:59Z",
@@ -202,7 +202,7 @@ async fn test_license_update() {
 
     assert!(result.is_ok());
     let license = result.unwrap();
-    assert_eq!(license.license_key, "new-license-key-12345");
+    assert_eq!(license.key.unwrap(), "new-license-key-12345");
     assert_eq!(license.type_, Some("production".to_string()));
     assert!(!license.expired);
     assert_eq!(license.shards_limit, Some(200));
@@ -298,7 +298,7 @@ async fn test_license_validate_valid() {
         .and(basic_auth("admin", "password"))
         .and(body_json(&validate_request))
         .respond_with(success_response(json!({
-            "license_key": "valid-license-to-validate",
+            "key": "valid-license-to-validate",
             "type": "production",
             "expired": false,
             "expiration_date": "2025-06-30T23:59:59Z",
@@ -322,7 +322,7 @@ async fn test_license_validate_valid() {
 
     assert!(result.is_ok());
     let license = result.unwrap();
-    assert_eq!(license.license_key, "valid-license-to-validate");
+    assert_eq!(license.key.unwrap(), "valid-license-to-validate");
     assert_eq!(license.type_, Some("production".to_string()));
     assert!(!license.expired);
     assert_eq!(license.shards_limit, Some(50));
@@ -369,7 +369,7 @@ async fn test_license_cluster_license() {
         .and(path("/v1/cluster/license"))
         .and(basic_auth("admin", "password"))
         .respond_with(success_response(json!({
-            "license_key": "cluster-license-789",
+            "key": "cluster-license-789",
             "type": "enterprise",
             "expired": false,
             "expiration_date": "2024-12-31T23:59:59Z",
@@ -393,7 +393,7 @@ async fn test_license_cluster_license() {
 
     assert!(result.is_ok());
     let license = result.unwrap();
-    assert_eq!(license.license_key, "cluster-license-789");
+    assert_eq!(license.key.unwrap(), "cluster-license-789");
     assert_eq!(license.type_, Some("enterprise".to_string()));
     assert!(!license.expired);
     assert_eq!(license.shards_limit, Some(1000));

crates/redis-enterprise/tests/user_tests.rs

@@ -21,10 +21,15 @@ fn no_content_response() -> ResponseTemplate {
 fn test_user() -> serde_json::Value {
     json!({
         "uid": 1,
-        "username": "test-user",
         "email": "[email protected]",
+        "name": "Test User",
         "role": "admin",
-        "status": "active"
+        "status": "active",
+        "auth_method": "regular",
+        "certificate_subject_line": "",
+        "email_alerts": true,
+        "password_issue_date": "2025-01-01T00:00:00Z",
+        "role_uids": [1]
     })
 }
 
@@ -39,10 +44,14 @@ async fn test_user_list() {
             test_user(),
             {
                 "uid": 2,
-                "username": "user-2",
                 "email": "[email protected]",
+                "name": "User 2",
                 "role": "viewer",
-                "status": "active"
+                "status": "active",
+                "auth_method": "regular",
+                "certificate_subject_line": "",
+                "email_alerts": false,
+                "role_uids": [2]
             }
         ])))
         .mount(&mock_server)
@@ -87,7 +96,7 @@ async fn test_user_get() {
     assert!(result.is_ok());
     let user = result.unwrap();
     assert_eq!(user.uid, 1);
-    assert_eq!(user.username, "test-user");
+    assert_eq!(user.email, "test@example.com");
 }
 
 #[tokio::test]
@@ -119,7 +128,7 @@ async fn test_user_create() {
     assert!(result.is_ok());
     let user = result.unwrap();
     assert_eq!(user.uid, 1);
-    assert_eq!(user.username, "test-user");
+    assert_eq!(user.email, "test@example.com");
 }
 
 #[tokio::test]

crates/redisctl/src/commands/enterprise/rbac_impl.rs

@@ -129,7 +129,7 @@ pub async fn reset_user_password(
 
     // Get the user to get their email
     let user = handler.get(id).await?;
-    let email = user.email.unwrap_or(user.username);
+    let email = user.email.clone();
 
     let new_password = if let Some(pwd) = password {
         pwd.to_string()