Summary
Fix failures in audit API key lifecycle integration tests.
Background
Integration tests were added for the complete API key lifecycle (create → use → update → revoke) in #541, but several tests fail due to design issues.
Test Failures
1. State Management Issue (Priority: High)
Tests: test_02_* through test_08_* (6 tests)
Current behavior: AttributeError: 'TestAuditAPIKeyLifecycle' object has no attribute 'created_key_id'
Root cause: Tests were designed as a sequence where test_01 creates a key and subsequent tests use it, but unittest runs each test method independently. State doesn't persist across test methods.
Expected behavior: Each test should be independent or use shared setup/teardown.
Fix: Either:
- Create a key in
setUp() for all tests to use
- Or make each test create its own key (preferred for isolation)
2. Authentication Bypass (Priority: High)
Test: test_04_wrong_key_value_fails_authentication
Current behavior: Returns 200 instead of 401
Root cause: The /audit/v1/health endpoint might not require authentication (it's the health check endpoint).
Fix: Either:
- Test against a protected endpoint instead of
/health
- Or verify the endpoint requires authentication first
Test Design Issue
The current test design assumes sequential execution:
def test_01_create_key(self):
# Create key
self.created_key_id = data["id"]
self.created_key_value = data["api_key"]
def test_02_verify_storage(self):
# Uses key from test_01
api_key_id = self.created_key_id # ERROR: doesn't existBut unittest runs each test independently.
Recommended Fix
Option A: Shared Setup (Simpler)
def setUp(self):
super().setUp()
# Create a test key for all tests to use
raw_key, key_id = self._create_admin_api_key()
self.test_key_id = key_id
self.test_key_value = raw_keyOption B: Independent Tests (Better isolation)
Each test creates its own key and performs the full operation:
def test_create_and_use_key(self):
# Create, use, update, revoke all in one testAcceptance Criteria
Related
Summary
Fix failures in audit API key lifecycle integration tests.
Background
Integration tests were added for the complete API key lifecycle (create → use → update → revoke) in #541, but several tests fail due to design issues.
Test Failures
1. State Management Issue (Priority: High)
Tests:
test_02_*throughtest_08_*(6 tests)Current behavior:
AttributeError: 'TestAuditAPIKeyLifecycle' object has no attribute 'created_key_id'Root cause: Tests were designed as a sequence where
test_01creates a key and subsequent tests use it, but unittest runs each test method independently. State doesn't persist across test methods.Expected behavior: Each test should be independent or use shared setup/teardown.
Fix: Either:
setUp()for all tests to use2. Authentication Bypass (Priority: High)
Test:
test_04_wrong_key_value_fails_authenticationCurrent behavior: Returns 200 instead of 401
Root cause: The
/audit/v1/healthendpoint might not require authentication (it's the health check endpoint).Fix: Either:
/healthTest Design Issue
The current test design assumes sequential execution:
But unittest runs each test independently.
Recommended Fix
Option A: Shared Setup (Simpler)
Option B: Independent Tests (Better isolation)
Each test creates its own key and performs the full operation:
Acceptance Criteria
Related
tests/integration/test_audit_apikeys_lifecycle.py