fix: update resource pool user test expectations for authzed resolution

SalimKayal · SalimKayal · commit 73d9018f0989 · 2026-05-05T19:46:58.000+02:00
diff --git a/test/bases/renku_data_services/data_api/test_resource_pools.py b/test/bases/renku_data_services/data_api/test_resource_pools.py
@@ -5,6 +5,7 @@
 
 import pytest
 from sanic_testing.testing import SanicASGITestClient
+from ulid import ULID
 
 from test.bases.renku_data_services.data_api.utils import create_rp
 from test.utils import KindCluster
@@ -720,6 +721,8 @@ async def test_remove_resource_pool_users(
     assert res.status_code == 200
     assert len(existing_users) >= 3
     # Give another user access to the private pool
+    admin = existing_users[0]
+    admin_id = admin["id"]
     allowed_user = existing_users[1]
     allowed_user2 = existing_users[2]
     allowed_user_id = allowed_user["id"]
@@ -744,8 +747,9 @@ async def test_remove_resource_pool_users(
         headers=admin_headers,
     )
     assert res.status_code == 200
-    assert len(res.json) == 2
-    assert set([u["id"] for u in res.json]) == {allowed_user_id, allowed_user2_id}
+    # Authzed resolves ALL users with read permission (including inherited access i.e. in this case "admin"),
+    assert len(res.json) == 3
+    assert set([u["id"] for u in res.json]) == {admin_id, allowed_user_id, allowed_user2_id}
     # Remove the user from the private pool
     _, res = await sanic_client.delete(
         f"/api/data/resource_pools/{rp_private['id']}/users/{allowed_user_id}",
@@ -763,7 +767,8 @@ async def test_remove_resource_pool_users(
         headers=admin_headers,
     )
     assert res.status_code == 200
-    assert len(res.json) == 1
+    # Authzed resolves ALL users with read permission (including inherited access i.e. in this case "admin"),
+    assert len(res.json) == 2
     assert len([user for user in res.json if user.get("id") == allowed_user_id]) == 0
     # The remaining user can see the pool
     user2_access_token = json.dumps({"id": allowed_user2_id})
