chore: move gofakeit integration testing calls (#10684)

# Which Problems Are Solved Flakiness and conflicts in value from gofakeit. # How the Problems Are Solved Move Gofakeit calls to the integration package, to guarantee proper usage and values for integration testing. # Additional Changes None # Additional Context None (cherry picked from commit 492f1826ee)
2025-12-06 16:22:13 +00:00 · 2025-09-10 08:00:31 +02:00
parent 78ded99017
commit b892fc9b28
70 changed files with 1404 additions and 1293 deletions
--- a/internal/api/grpc/saml/v2/integration_test/saml_test.go
+++ b/internal/api/grpc/saml/v2/integration_test/saml_test.go
@@ -9,7 +9,6 @@ import (
 	"testing"
 	"time"

-	"github.com/brianvoe/gofakeit/v6"
 	"github.com/crewjam/saml"
 	"github.com/crewjam/saml/samlsp"
 	"github.com/muhlemmer/gu"
@@ -18,6 +17,7 @@ import (
 	"google.golang.org/protobuf/types/known/timestamppb"

 	"github.com/zitadel/zitadel/internal/integration"
+	mgmt "github.com/zitadel/zitadel/pkg/grpc/management"
 	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
 	saml_pb "github.com/zitadel/zitadel/pkg/grpc/saml/v2"
 	"github.com/zitadel/zitadel/pkg/grpc/session/v2"
@@ -48,13 +48,13 @@ func TestServer_GetSAMLRequest(t *testing.T) {
 		{
 			name: "success, redirect binding",
 			dep: func() (time.Time, string, error) {
-				return Instance.CreateSAMLAuthRequest(spMiddlewareRedirect, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, gofakeit.BitcoinAddress(), saml.HTTPRedirectBinding)
+				return Instance.CreateSAMLAuthRequest(spMiddlewareRedirect, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, integration.RelayState(), saml.HTTPRedirectBinding)
 			},
 		},
 		{
 			name: "success, post binding",
 			dep: func() (time.Time, string, error) {
-				return Instance.CreateSAMLAuthRequest(spMiddlewarePost, Instance.Users[integration.UserTypeLogin].ID, acsPost, gofakeit.BitcoinAddress(), saml.HTTPPostBinding)
+				return Instance.CreateSAMLAuthRequest(spMiddlewarePost, Instance.Users[integration.UserTypeLogin].ID, acsPost, integration.RelayState(), saml.HTTPPostBinding)
 			},
 		},
 	}
@@ -120,7 +120,7 @@ func TestServer_CreateResponse(t *testing.T) {
 			ctx:  LoginCTX,
 			req: &saml_pb.CreateResponseRequest{
 				SamlRequestId: func() string {
-					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewareRedirect, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, gofakeit.BitcoinAddress(), saml.HTTPRedirectBinding)
+					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewareRedirect, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, integration.RelayState(), saml.HTTPRedirectBinding)
 					require.NoError(t, err)
 					return authRequestID
 				}(),
@@ -138,7 +138,7 @@ func TestServer_CreateResponse(t *testing.T) {
 			ctx:  LoginCTX,
 			req: &saml_pb.CreateResponseRequest{
 				SamlRequestId: func() string {
-					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewareRedirect, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, gofakeit.BitcoinAddress(), saml.HTTPRedirectBinding)
+					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewareRedirect, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, integration.RelayState(), saml.HTTPRedirectBinding)
 					require.NoError(t, err)
 					return authRequestID
 				}(),
@@ -156,7 +156,7 @@ func TestServer_CreateResponse(t *testing.T) {
 			ctx:  LoginCTX,
 			req: &saml_pb.CreateResponseRequest{
 				SamlRequestId: func() string {
-					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewarePost, Instance.Users[integration.UserTypeLogin].ID, acsPost, gofakeit.BitcoinAddress(), saml.HTTPPostBinding)
+					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewarePost, Instance.Users[integration.UserTypeLogin].ID, acsPost, integration.RelayState(), saml.HTTPPostBinding)
 					require.NoError(t, err)
 					return authRequestID
 				}(),
@@ -185,7 +185,7 @@ func TestServer_CreateResponse(t *testing.T) {
 			ctx:  LoginCTX,
 			req: &saml_pb.CreateResponseRequest{
 				SamlRequestId: func() string {
-					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewarePost, Instance.Users[integration.UserTypeLogin].ID, acsPost, gofakeit.BitcoinAddress(), saml.HTTPPostBinding)
+					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewarePost, Instance.Users[integration.UserTypeLogin].ID, acsPost, integration.RelayState(), saml.HTTPPostBinding)
 					require.NoError(t, err)
 					Instance.FailSAMLAuthRequest(LoginCTX, authRequestID, saml_pb.ErrorReason_ERROR_REASON_AUTH_N_FAILED)
 					return authRequestID
@@ -204,7 +204,7 @@ func TestServer_CreateResponse(t *testing.T) {
 			ctx:  LoginCTX,
 			req: &saml_pb.CreateResponseRequest{
 				SamlRequestId: func() string {
-					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewareRedirect, Instance.Users[integration.UserTypeLogin].ID, acsPost, gofakeit.BitcoinAddress(), saml.HTTPPostBinding)
+					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewareRedirect, Instance.Users[integration.UserTypeLogin].ID, acsPost, integration.RelayState(), saml.HTTPPostBinding)
 					require.NoError(t, err)
 					return authRequestID
 				}(),
@@ -230,7 +230,7 @@ func TestServer_CreateResponse(t *testing.T) {
 			ctx:  CTX,
 			req: &saml_pb.CreateResponseRequest{
 				SamlRequestId: func() string {
-					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewareRedirect, Instance.Users[integration.UserTypeLogin].ID, acsPost, gofakeit.BitcoinAddress(), saml.HTTPPostBinding)
+					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewareRedirect, Instance.Users[integration.UserTypeLogin].ID, acsPost, integration.RelayState(), saml.HTTPPostBinding)
 					require.NoError(t, err)
 					return authRequestID
 				}(),
@@ -248,7 +248,7 @@ func TestServer_CreateResponse(t *testing.T) {
 			ctx:  LoginCTX,
 			req: &saml_pb.CreateResponseRequest{
 				SamlRequestId: func() string {
-					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewareRedirect, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, gofakeit.BitcoinAddress(), saml.HTTPRedirectBinding)
+					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewareRedirect, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, integration.RelayState(), saml.HTTPRedirectBinding)
 					require.NoError(t, err)
 					return authRequestID
 				}(),
@@ -274,7 +274,7 @@ func TestServer_CreateResponse(t *testing.T) {
 			ctx:  LoginCTX,
 			req: &saml_pb.CreateResponseRequest{
 				SamlRequestId: func() string {
-					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewarePost, Instance.Users[integration.UserTypeLogin].ID, acsPost, gofakeit.BitcoinAddress(), saml.HTTPPostBinding)
+					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewarePost, Instance.Users[integration.UserTypeLogin].ID, acsPost, integration.RelayState(), saml.HTTPPostBinding)
 					require.NoError(t, err)
 					return authRequestID
 				}(),
@@ -303,7 +303,7 @@ func TestServer_CreateResponse(t *testing.T) {
 			ctx:  LoginCTX,
 			req: &saml_pb.CreateResponseRequest{
 				SamlRequestId: func() string {
-					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewarePost, Instance.Users[integration.UserTypeLogin].ID, acsPost, gofakeit.BitcoinAddress(), saml.HTTPPostBinding)
+					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewarePost, Instance.Users[integration.UserTypeLogin].ID, acsPost, integration.RelayState(), saml.HTTPPostBinding)
 					require.NoError(t, err)
 					Instance.SuccessfulSAMLAuthRequest(LoginCTX, Instance.Users[integration.UserTypeLogin].ID, authRequestID)
 					return authRequestID
@@ -322,7 +322,7 @@ func TestServer_CreateResponse(t *testing.T) {
 			ctx:  CTX,
 			req: &saml_pb.CreateResponseRequest{
 				SamlRequestId: func() string {
-					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewarePost, Instance.Users[integration.UserTypeLogin].ID, acsPost, gofakeit.BitcoinAddress(), saml.HTTPPostBinding)
+					_, authRequestID, err := Instance.CreateSAMLAuthRequest(spMiddlewarePost, Instance.Users[integration.UserTypeLogin].ID, acsPost, integration.RelayState(), saml.HTTPPostBinding)
 					require.NoError(t, err)
 					return authRequestID
 				}(),
@@ -377,10 +377,10 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, true)
 				projectID2, _, _ := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, true)

-				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), gofakeit.Email())
+				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
 				Instance.CreateProjectGrant(ctx, t, projectID2, orgResp.GetOrganizationId())
-				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
-				Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
+				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())
+				createProjectUserGrant(ctx, t, Instance.DefaultOrg.GetId(), projectID, user.GetUserId())

 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -391,10 +391,10 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 			dep: func(ctx context.Context, t *testing.T) *saml_pb.CreateResponseRequest {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, true)

-				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), gofakeit.Email())
+				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
 				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
-				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
-				Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
+				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())
+				createProjectUserGrant(ctx, t, Instance.DefaultOrg.GetId(), projectID, user.GetUserId())

 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -413,10 +413,10 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 			dep: func(ctx context.Context, t *testing.T) *saml_pb.CreateResponseRequest {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, true)

-				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), gofakeit.Email())
+				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
 				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
-				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
-				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
+				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())
+				createProjectGrantUserGrant(ctx, t, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())

 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -435,8 +435,8 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 			dep: func(ctx context.Context, t *testing.T) *saml_pb.CreateResponseRequest {
 				_, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, true)

-				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), gofakeit.Email())
-				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
+				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
+				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())
 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
 			wantErr: true,
@@ -456,9 +456,9 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 			dep: func(ctx context.Context, t *testing.T) *saml_pb.CreateResponseRequest {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, true)

-				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), gofakeit.Email())
-				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
-				Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
+				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
+				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())
+				createProjectUserGrant(ctx, t, Instance.DefaultOrg.GetId(), projectID, user.GetUserId())

 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -470,7 +470,7 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, true)

 				user := Instance.CreateHumanUser(ctx)
-				Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
+				createProjectUserGrant(ctx, t, Instance.DefaultOrg.GetId(), projectID, user.GetUserId())

 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -489,7 +489,7 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, false)

 				user := Instance.CreateHumanUser(ctx)
-				Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
+				createProjectUserGrant(ctx, t, Instance.DefaultOrg.GetId(), projectID, user.GetUserId())

 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -516,9 +516,9 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 			name: "projectRoleCheck, usergrant and different resourceowner",
 			dep: func(ctx context.Context, t *testing.T) *saml_pb.CreateResponseRequest {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, false)
-				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), gofakeit.Email())
-				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
-				Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
+				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
+				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())
+				createProjectUserGrant(ctx, t, Instance.DefaultOrg.GetId(), projectID, user.GetUserId())

 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -535,8 +535,8 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 			name: "projectRoleCheck, no usergrant and different resourceowner",
 			dep: func(ctx context.Context, t *testing.T) *saml_pb.CreateResponseRequest {
 				_, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, false)
-				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), gofakeit.Email())
-				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
+				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
+				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())

 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -547,10 +547,10 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 			dep: func(ctx context.Context, t *testing.T) *saml_pb.CreateResponseRequest {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, false)

-				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), gofakeit.Email())
+				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
 				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
-				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
-				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
+				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())
+				createProjectGrantUserGrant(ctx, t, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())

 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -568,9 +568,9 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 			dep: func(ctx context.Context, t *testing.T) *saml_pb.CreateResponseRequest {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, false)

-				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), gofakeit.Email())
+				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
 				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
-				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
+				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())

 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -597,8 +597,8 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 			name: "hasProjectCheck, different resourceowner",
 			dep: func(ctx context.Context, t *testing.T) *saml_pb.CreateResponseRequest {
 				_, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, false, true)
-				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), gofakeit.Email())
-				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
+				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
+				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())

 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -608,9 +608,9 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 			name: "hasProjectCheck, different resourceowner with project grant",
 			dep: func(ctx context.Context, t *testing.T) *saml_pb.CreateResponseRequest {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, false, true)
-				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), gofakeit.Email())
+				orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
 				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
-				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
+				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())

 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -664,7 +664,7 @@ func createSession(ctx context.Context, t *testing.T, userID string) *session.Cr
 }

 func createSessionAndSmlRequestForCallback(ctx context.Context, t *testing.T, sp *samlsp.Middleware, loginClient string, acsRedirect saml.Endpoint, userID, binding string) *saml_pb.CreateResponseRequest {
-	_, authRequestID, err := Instance.CreateSAMLAuthRequest(sp, loginClient, acsRedirect, gofakeit.BitcoinAddress(), binding)
+	_, authRequestID, err := Instance.CreateSAMLAuthRequest(sp, loginClient, acsRedirect, integration.RelayState(), binding)
 	require.NoError(t, err)
 	sessionResp := createSession(ctx, t, userID)
 	return &saml_pb.CreateResponseRequest{
@@ -679,7 +679,7 @@ func createSessionAndSmlRequestForCallback(ctx context.Context, t *testing.T, sp
 }

 func createSAMLSP(t *testing.T, idpMetadata *saml.EntityDescriptor, binding string) (string, *samlsp.Middleware) {
-	rootURL := "example." + gofakeit.DomainName()
+	rootURL := "example." + integration.DomainName()
 	spMiddleware, err := integration.CreateSAMLSP("https://"+rootURL, idpMetadata, binding)
 	require.NoError(t, err)
 	return rootURL, spMiddleware
@@ -692,3 +692,29 @@ func createSAMLApplication(ctx context.Context, t *testing.T, idpMetadata *saml.
 	require.NoError(t, err)
 	return project.GetId(), rootURL, sp
 }
+
+func createProjectUserGrant(ctx context.Context, t *testing.T, orgID, projectID, userID string) {
+	resp := Instance.CreateProjectUserGrant(t, ctx, orgID, projectID, userID)
+
+	retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
+	require.EventuallyWithT(t, func(collect *assert.CollectT) {
+		_, err := Instance.Client.Mgmt.GetUserGrantByID(integration.SetOrgID(ctx, orgID), &mgmt.GetUserGrantByIDRequest{
+			UserId:  userID,
+			GrantId: resp.GetUserGrantId(),
+		})
+		assert.NoError(collect, err)
+	}, retryDuration, tick)
+}
+
+func createProjectGrantUserGrant(ctx context.Context, t *testing.T, orgID, projectID, projectGrantID, userID string) {
+	resp := Instance.CreateProjectGrantUserGrant(ctx, orgID, projectID, projectGrantID, userID)
+
+	retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
+	require.EventuallyWithT(t, func(collect *assert.CollectT) {
+		_, err := Instance.Client.Mgmt.GetUserGrantByID(integration.SetOrgID(ctx, orgID), &mgmt.GetUserGrantByIDRequest{
+			UserId:  userID,
+			GrantId: resp.GetUserGrantId(),
+		})
+		assert.NoError(collect, err)
+	}, retryDuration, tick)
+}