fix: update resource pool user test expectations for authzed resolution

Author: SalimKayal

test/bases/renku_data_services/data_api/test_resource_pools.py

@@ -6,6 +6,7 @@
 
 import pytest
 from sanic_testing.testing import SanicASGITestClient
+from ulid import ULID
 
 from renku_data_services.resource_usage.db import ResourceRequestsRepo
 from renku_data_services.resource_usage.model import Credit, ResourceClassCost, ResourcePoolLimits
@@ -724,6 +725,8 @@ async def test_remove_resource_pool_users(
     assert res.status_code == 200
     assert len(existing_users) >= 3
     # Give another user access to the private pool
+    admin = existing_users[0]
+    admin_id = admin["id"]
     allowed_user = existing_users[1]
     allowed_user2 = existing_users[2]
     allowed_user_id = allowed_user["id"]
@@ -748,8 +751,9 @@ async def test_remove_resource_pool_users(
         headers=admin_headers,
     )
     assert res.status_code == 200
-    assert len(res.json) == 2
-    assert set([u["id"] for u in res.json]) == {allowed_user_id, allowed_user2_id}
+    # Authzed resolves ALL users with read permission (including inherited access i.e. in this case "admin"),
+    assert len(res.json) == 3
+    assert set([u["id"] for u in res.json]) == {admin_id, allowed_user_id, allowed_user2_id}
     # Remove the user from the private pool
     _, res = await sanic_client.delete(
         f"/api/data/resource_pools/{rp_private['id']}/users/{allowed_user_id}",
@@ -767,7 +771,8 @@ async def test_remove_resource_pool_users(
         headers=admin_headers,
     )
     assert res.status_code == 200
-    assert len(res.json) == 1
+    # Authzed resolves ALL users with read permission (including inherited access i.e. in this case "admin"),
+    assert len(res.json) == 2
     assert len([user for user in res.json if user.get("id") == allowed_user_id]) == 0
     # The remaining user can see the pool
     user2_access_token = json.dumps({"id": allowed_user2_id})