feat: add DescribeMany and remove role assignment from service_account service

Author: hamir-suspect

guard/lib/guard/grpc_servers/service_account_server.ex

@@ -18,8 +18,7 @@ defmodule Guard.GrpcServers.ServiceAccountServer do
           org_id: org_id,
           name: name,
           description: description,
-          creator_id: creator_id,
-          role_id: role_id
+          creator_id: creator_id
         },
         _stream
       ) do
@@ -29,13 +28,11 @@ defmodule Guard.GrpcServers.ServiceAccountServer do
         org_id: org_id,
         name: name,
         description: description,
-        creator_id: creator_id,
-        role_id: role_id
+        creator_id: creator_id
       },
       fn ->
         validate_uuid!(org_id)
         validate_uuid!(creator_id)
-        validate_uuid!(role_id)
 
         if String.trim(name) == "" do
           grpc_error!(:invalid_argument, "Service account name cannot be empty")
@@ -50,8 +47,7 @@ defmodule Guard.GrpcServers.ServiceAccountServer do
               org_id: org_id,
               name: String.trim(name),
               description: String.trim(description || ""),
-              creator_id: creator_id,
-              role_id: role_id
+              creator_id: creator_id
             }
 
             case Guard.ServiceAccount.Actions.create(params) do
@@ -136,6 +132,30 @@ defmodule Guard.GrpcServers.ServiceAccountServer do
     )
   end
 
+  @spec describe_many(ServiceAccountPB.DescribeManyRequest.t(), GRPC.Server.Stream.t()) ::
+          ServiceAccountPB.DescribeManyResponse.t()
+  def describe_many(%ServiceAccountPB.DescribeManyRequest{sa_ids: sa_ids}, _stream) do
+    observe_and_log(
+      "grpc.service_account.describe_many",
+      %{sa_ids: sa_ids, count: length(sa_ids)},
+      fn ->
+        # Validate all UUIDs
+        Enum.each(sa_ids, &validate_uuid!/1)
+
+        case ServiceAccount.find_many(sa_ids) do
+          {:ok, service_accounts} ->
+            ServiceAccountPB.DescribeManyResponse.new(
+              service_accounts: Enum.map(service_accounts, &map_service_account/1)
+            )
+
+          {:error, reason} ->
+            Logger.error("Failed to describe many service accounts: #{inspect(reason)}")
+            grpc_error!(:internal, "Failed to describe service accounts")
+        end
+      end
+    )
+  end
+
   @spec update(ServiceAccountPB.UpdateRequest.t(), GRPC.Server.Stream.t()) ::
           ServiceAccountPB.UpdateResponse.t()
   def update(

guard/lib/guard/service_account/actions.ex

@@ -16,8 +16,7 @@ defmodule Guard.ServiceAccount.Actions do
           org_id: String.t(),
           name: String.t(),
           description: String.t(),
-          creator_id: String.t(),
-          role_id: String.t()
+          creator_id: String.t()
         }
 
   @doc """
@@ -29,7 +28,6 @@ defmodule Guard.ServiceAccount.Actions do
   3. Creates a service_account record
   4. Generates an API token
   5. Creates RBAC user record
-  6. Assigns the specified role to the service account
   7. Publishes UserCreated event
 
   Returns {:ok, %{service_account: service_account, api_token: api_token}} or {:error, reason}
@@ -41,8 +39,7 @@ defmodule Guard.ServiceAccount.Actions do
           org_id: _org_id,
           name: _name,
           description: _description,
-          creator_id: _creator_id,
-          role_id: _role_id
+          creator_id: _creator_id
         } = params
       ) do
     case _create(params) do
@@ -165,13 +162,7 @@ defmodule Guard.ServiceAccount.Actions do
   defp _create(params) do
     FrontRepo.transaction(fn ->
       with {:ok, result} <- ServiceAccount.create(params),
-           {:ok, _rbac_user} <- create_rbac_user(result.service_account),
-           :ok <-
-             Guard.Api.Rbac.assign_role(
-               result.service_account.org_id,
-               result.service_account.id,
-               params.role_id
-             ) do
+           {:ok, _rbac_user} <- create_rbac_user(result.service_account) do
         # Return the service account data and API token
         {result.service_account, result.api_token}
       else

guard/lib/guard/store/service_account.ex

@@ -38,6 +38,35 @@ defmodule Guard.Store.ServiceAccount do
     end
   end
 
+  @doc """
+  Find multiple service accounts by IDs.
+
+  Returns a list of service accounts for the given IDs.
+  Invalid or non-existent IDs are filtered out.
+  """
+  @spec find_many([String.t()]) :: {:ok, [map()]} | {:error, term()}
+  def find_many(service_account_ids) when is_list(service_account_ids) do
+    # Filter out invalid UUIDs
+    valid_ids = Enum.filter(service_account_ids, &valid_uuid?/1)
+
+    if length(valid_ids) > 0 do
+      query =
+        build_service_account_query()
+        |> where([sa, u], sa.id in ^valid_ids)
+        |> where([sa, u], is_nil(u.blocked_at))
+        |> order_by([sa, u], asc: u.created_at, asc: sa.id)
+
+      service_accounts = FrontRepo.all(query)
+      {:ok, service_accounts}
+    else
+      {:ok, []}
+    end
+  rescue
+    e ->
+      Logger.error("Error during find_many for service accounts #{inspect(service_account_ids)}: #{inspect(e)}")
+      {:error, :internal_error}
+  end
+
   @doc """
   Find service accounts by organization with pagination.
 

guard/test/guard/front_repo/service_account_test.exs

@@ -319,10 +319,16 @@ defmodule Guard.FrontRepo.ServiceAccountTest do
   # Helper functions
 
   defp create_test_user do
+    # Generate a unique suffix using current timestamp in microseconds + random number
+    # This ensures better test isolation by making each user truly unique
+    timestamp = System.system_time(:microsecond)
+    random_suffix = :rand.uniform(999_999)
+    unique_suffix = "#{timestamp}-#{random_suffix}"
+
     user_attrs = %{
       id: Ecto.UUID.generate(),
-      email: "test-#{:rand.uniform(10000)}@example.com",
-      name: "Test User",
+      email: "test-#{unique_suffix}@example.com",
+      name: "Test User #{unique_suffix}",
       org_id: Ecto.UUID.generate(),
       creation_source: :service_account,
       single_org_user: true,

guard/test/guard/grpc_servers/service_account_server_test.exs

@@ -382,6 +382,232 @@ defmodule Guard.GrpcServers.ServiceAccountServerTest do
     end
   end
 
+  describe "describe_many/2" do
+    test "describes multiple service accounts successfully", %{grpc_channel: channel} do
+      sa1_id = Ecto.UUID.generate()
+      sa2_id = Ecto.UUID.generate()
+      sa3_id = Ecto.UUID.generate()
+
+      with_mocks([
+        {Guard.Utils, [:passthrough], [validate_uuid!: fn _ -> :ok end]},
+        {Guard.Store.ServiceAccount, [:passthrough],
+         [
+           find_many: fn ids ->
+             assert length(ids) == 3
+             assert sa1_id in ids
+             assert sa2_id in ids
+             assert sa3_id in ids
+
+             {:ok,
+              [
+                %{
+                  id: sa1_id,
+                  name: "Service Account 1",
+                  description: "Description 1",
+                  org_id: "org-id-1",
+                  creator_id: "creator-1",
+                  created_at: DateTime.utc_now(),
+                  updated_at: DateTime.utc_now(),
+                  deactivated: false
+                },
+                %{
+                  id: sa2_id,
+                  name: "Service Account 2",
+                  description: "Description 2",
+                  org_id: "org-id-2",
+                  creator_id: "creator-2",
+                  created_at: DateTime.utc_now(),
+                  updated_at: DateTime.utc_now(),
+                  deactivated: true
+                },
+                %{
+                  id: sa3_id,
+                  name: "Service Account 3",
+                  description: nil,
+                  org_id: "org-id-3",
+                  creator_id: nil,
+                  created_at: DateTime.utc_now(),
+                  updated_at: DateTime.utc_now(),
+                  deactivated: false
+                }
+              ]}
+           end
+         ]}
+      ]) do
+        request = ServiceAccount.DescribeManyRequest.new(sa_ids: [sa1_id, sa2_id, sa3_id])
+
+        {:ok, response} = channel |> Stub.describe_many(request)
+
+        assert length(response.service_accounts) == 3
+
+        # Verify first service account
+        sa1 = Enum.find(response.service_accounts, &(&1.id == sa1_id))
+        assert sa1.name == "Service Account 1"
+        assert sa1.description == "Description 1"
+        assert sa1.org_id == "org-id-1"
+        assert sa1.creator_id == "creator-1"
+        assert sa1.deactivated == false
+
+        # Verify second service account (deactivated)
+        sa2 = Enum.find(response.service_accounts, &(&1.id == sa2_id))
+        assert sa2.name == "Service Account 2"
+        assert sa2.deactivated == true
+
+        # Verify third service account (nil handling)
+        sa3 = Enum.find(response.service_accounts, &(&1.id == sa3_id))
+        assert sa3.name == "Service Account 3"
+        assert sa3.description == ""
+        assert sa3.creator_id == ""
+        assert sa3.deactivated == false
+      end
+    end
+
+    test "returns empty list when no service accounts found", %{grpc_channel: channel} do
+      sa1_id = Ecto.UUID.generate()
+      sa2_id = Ecto.UUID.generate()
+
+      with_mocks([
+        {Guard.Utils, [:passthrough], [validate_uuid!: fn _ -> :ok end]},
+        {Guard.Store.ServiceAccount, [:passthrough],
+         [
+           find_many: fn ids ->
+             assert length(ids) == 2
+             {:ok, []}
+           end
+         ]}
+      ]) do
+        request = ServiceAccount.DescribeManyRequest.new(sa_ids: [sa1_id, sa2_id])
+
+        {:ok, response} = channel |> Stub.describe_many(request)
+
+        assert response.service_accounts == []
+      end
+    end
+
+    test "handles partial matches correctly", %{grpc_channel: channel} do
+      existing_id = Ecto.UUID.generate()
+      non_existent_id = Ecto.UUID.generate()
+
+      with_mocks([
+        {Guard.Utils, [:passthrough], [validate_uuid!: fn _ -> :ok end]},
+        {Guard.Store.ServiceAccount, [:passthrough],
+         [
+           find_many: fn ids ->
+             assert length(ids) == 2
+             assert existing_id in ids
+             assert non_existent_id in ids
+
+             # Return only the existing one
+             {:ok,
+              [
+                %{
+                  id: existing_id,
+                  name: "Existing SA",
+                  description: "Exists",
+                  org_id: "org-id",
+                  creator_id: "creator-id",
+                  created_at: DateTime.utc_now(),
+                  updated_at: DateTime.utc_now(),
+                  deactivated: false
+                }
+              ]}
+           end
+         ]}
+      ]) do
+        request = ServiceAccount.DescribeManyRequest.new(sa_ids: [existing_id, non_existent_id])
+
+        {:ok, response} = channel |> Stub.describe_many(request)
+
+        assert length(response.service_accounts) == 1
+        assert hd(response.service_accounts).id == existing_id
+      end
+    end
+
+    test "handles empty input list", %{grpc_channel: channel} do
+      with_mocks([
+        {Guard.Store.ServiceAccount, [:passthrough],
+         [
+           find_many: fn ids ->
+             assert ids == []
+             {:ok, []}
+           end
+         ]}
+      ]) do
+        request = ServiceAccount.DescribeManyRequest.new(sa_ids: [])
+
+        {:ok, response} = channel |> Stub.describe_many(request)
+
+        assert response.service_accounts == []
+      end
+    end
+
+    test "validates UUID format for all IDs", %{grpc_channel: channel} do
+      valid_id = Ecto.UUID.generate()
+
+      request = ServiceAccount.DescribeManyRequest.new(sa_ids: [valid_id, "invalid-uuid"])
+
+      {:error, %GRPC.RPCError{status: 3}} = channel |> Stub.describe_many(request)
+    end
+
+    test "handles internal errors", %{grpc_channel: channel} do
+      sa_id = Ecto.UUID.generate()
+
+      with_mocks([
+        {Guard.Utils, [:passthrough], [validate_uuid!: fn _ -> :ok end]},
+        {Guard.Store.ServiceAccount, [:passthrough],
+         [
+           find_many: fn _ -> {:error, :database_error} end
+         ]}
+      ]) do
+        request = ServiceAccount.DescribeManyRequest.new(sa_ids: [sa_id])
+
+        {:error, %GRPC.RPCError{status: 13, message: message}} =
+          channel |> Stub.describe_many(request)
+
+        assert String.contains?(message, "Failed to describe service accounts")
+      end
+    end
+
+    test "handles large number of IDs", %{grpc_channel: channel} do
+      # Generate 50 IDs to test batch processing
+      ids = for _ <- 1..50, do: Ecto.UUID.generate()
+
+      with_mocks([
+        {Guard.Utils, [:passthrough], [validate_uuid!: fn _ -> :ok end]},
+        {Guard.Store.ServiceAccount, [:passthrough],
+         [
+           find_many: fn received_ids ->
+             assert length(received_ids) == 50
+             # Return only the first 10 to simulate partial results
+             service_accounts =
+               received_ids
+               |> Enum.take(10)
+               |> Enum.map(fn id ->
+                 %{
+                   id: id,
+                   name: "SA #{id}",
+                   description: "Description",
+                   org_id: "org-id",
+                   creator_id: "creator-id",
+                   created_at: DateTime.utc_now(),
+                   updated_at: DateTime.utc_now(),
+                   deactivated: false
+                 }
+               end)
+
+             {:ok, service_accounts}
+           end
+         ]}
+      ]) do
+        request = ServiceAccount.DescribeManyRequest.new(sa_ids: ids)
+
+        {:ok, response} = channel |> Stub.describe_many(request)
+
+        assert length(response.service_accounts) == 10
+      end
+    end
+  end
+
   describe "update/2" do
     test "updates service account successfully", %{grpc_channel: channel} do
       service_account_id = Ecto.UUID.generate()