Merge pull request #1089 from tisnik/lcore-887-fixed-pyright-issues-in-auth-tests

tisnik · web-flow · commit c02b6a6b4e31 · 2026-02-02T08:40:05.000+01:00
LCORE-887: fixed pyright issues in auth tests
diff --git a/tests/unit/authorization/test_azure_token_manager.py b/tests/unit/authorization/test_azure_token_manager.py
@@ -25,6 +25,7 @@ def dummy_config_fixture() -> AzureEntraIdConfiguration:
         tenant_id=SecretStr("tenant"),
         client_id=SecretStr("client"),
         client_secret=SecretStr("secret"),
+        scope="https://cognitiveservices.azure.com/.default",
     )
 
 
diff --git a/tests/unit/authorization/test_middleware.py b/tests/unit/authorization/test_middleware.py
@@ -85,6 +85,7 @@ def sample_role_rule(self) -> JwtRoleRule:
             operator=JsonPathOperator.EQUALS,
             value="test",
             roles=["test"],
+            negate=False,
         )
 
     @pytest.mark.parametrize(
diff --git a/tests/unit/authorization/test_resolvers.py b/tests/unit/authorization/test_resolvers.py
@@ -74,6 +74,7 @@ async def employee_role_rule(self) -> JwtRoleRule:
             operator=JsonPathOperator.CONTAINS,
             value="redhat:employees",
             roles=["employee"],
+            negate=False,
         )
 
     @pytest.fixture
@@ -178,6 +179,7 @@ async def email_rule_resolver(self) -> JwtRolesResolver:
                     operator=JsonPathOperator.MATCH,
                     value=r"@redhat\.com$",
                     roles=["redhat_employee"],
+                    negate=False,
                 )
             ]
         )
@@ -198,6 +200,7 @@ async def equals_rule_resolver(self) -> JwtRolesResolver:
                     operator=JsonPathOperator.EQUALS,
                     value=["bar"],
                     roles=["foobar"],
+                    negate=False,
                 )
             ]
         )
@@ -225,6 +228,7 @@ async def in_rule_resolver(self) -> JwtRolesResolver:
                     operator=JsonPathOperator.IN,
                     value=[["bar"], ["baz"]],
                     roles=["in_role"],
+                    negate=False,
                 )
             ]
         )
@@ -268,6 +272,7 @@ async def test_resolve_roles_match_operator_invalid_regex(self) -> None:
                 operator=JsonPathOperator.MATCH,
                 value="[invalid regex(",  # Invalid regex pattern
                 roles=["test_role"],
+                negate=False,
             )
 
     async def test_resolve_roles_match_operator_non_string_pattern(self) -> None:
@@ -280,6 +285,7 @@ async def test_resolve_roles_match_operator_non_string_pattern(self) -> None:
                 operator=JsonPathOperator.MATCH,
                 value=123,  # Non-string pattern
                 roles=["test_role"],
+                negate=False,
             )
 
     async def test_resolve_roles_match_operator_non_string_value(self) -> None:
@@ -290,6 +296,7 @@ async def test_resolve_roles_match_operator_non_string_value(self) -> None:
                 operator=JsonPathOperator.MATCH,
                 value=r"\d+",  # Number pattern
                 roles=["numeric_user"],
+                negate=False,
             )
         ]
         jwt_resolver = JwtRolesResolver(role_rules)
@@ -312,6 +319,7 @@ async def test_compiled_regex_property(self) -> None:
             operator=JsonPathOperator.MATCH,
             value=r"@example\.com$",
             roles=["example_user"],
+            negate=False,
         )
         assert match_rule.compiled_regex is not None
         assert isinstance(match_rule.compiled_regex, re.Pattern)
@@ -323,6 +331,7 @@ async def test_compiled_regex_property(self) -> None:
             operator=JsonPathOperator.EQUALS,
             value="test@example.com",
             roles=["example_user"],
+            negate=False,
         )
         assert equals_rule.compiled_regex is None
 
@@ -382,7 +391,7 @@ async def test_check_access_with_valid_role(self) -> None:
         assert has_access is True
 
         # Test access denied
-        has_access = resolver.check_access(Action.FEEDBACK, frozenset(["employee"]))
+        has_access = resolver.check_access(Action.FEEDBACK, {"employee"})
         assert has_access is False
 
     async def test_check_access_with_invalid_role(self) -> None:

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ def dummy_config_fixture() -> AzureEntraIdConfiguration:`
`25`	`25`	`tenant_id=SecretStr("tenant"),`
`26`	`26`	`client_id=SecretStr("client"),`
`27`	`27`	`client_secret=SecretStr("secret"),`
	`28`	`+ scope="https://cognitiveservices.azure.com/.default",`
`28`	`29`	`)`
`29`	`30`
`30`	`31`
Original file line number	Diff line number	Diff line change
`@@ -85,6 +85,7 @@ def sample_role_rule(self) -> JwtRoleRule:`
`85`	`85`	`operator=JsonPathOperator.EQUALS,`
`86`	`86`	`value="test",`
`87`	`87`	`roles=["test"],`
	`88`	`+ negate=False,`
`88`	`89`	`)`
`89`	`90`
`90`	`91`	`@pytest.mark.parametrize(`
Original file line number	Diff line number	Diff line change
`@@ -74,6 +74,7 @@ async def employee_role_rule(self) -> JwtRoleRule:`
`74`	`74`	`operator=JsonPathOperator.CONTAINS,`
`75`	`75`	`value="redhat:employees",`
`76`	`76`	`roles=["employee"],`
	`77`	`+ negate=False,`
`77`	`78`	`)`
`78`	`79`
`79`	`80`	`@pytest.fixture`
`@@ -178,6 +179,7 @@ async def email_rule_resolver(self) -> JwtRolesResolver:`
`178`	`179`	`operator=JsonPathOperator.MATCH,`
`179`	`180`	`value=r"@redhat\.com$",`
`180`	`181`	`roles=["redhat_employee"],`
	`182`	`+ negate=False,`
`181`	`183`	`)`
`182`	`184`	`]`
`183`	`185`	`)`
`@@ -198,6 +200,7 @@ async def equals_rule_resolver(self) -> JwtRolesResolver:`
`198`	`200`	`operator=JsonPathOperator.EQUALS,`
`199`	`201`	`value=["bar"],`
`200`	`202`	`roles=["foobar"],`
	`203`	`+ negate=False,`
`201`	`204`	`)`
`202`	`205`	`]`
`203`	`206`	`)`
`@@ -225,6 +228,7 @@ async def in_rule_resolver(self) -> JwtRolesResolver:`
`225`	`228`	`operator=JsonPathOperator.IN,`
`226`	`229`	`value=[["bar"], ["baz"]],`
`227`	`230`	`roles=["in_role"],`
	`231`	`+ negate=False,`
`228`	`232`	`)`
`229`	`233`	`]`
`230`	`234`	`)`
`@@ -268,6 +272,7 @@ async def test_resolve_roles_match_operator_invalid_regex(self) -> None:`
`268`	`272`	`operator=JsonPathOperator.MATCH,`
`269`	`273`	`value="[invalid regex(", # Invalid regex pattern`
`270`	`274`	`roles=["test_role"],`
	`275`	`+ negate=False,`
`271`	`276`	`)`
`272`	`277`
`273`	`278`	`async def test_resolve_roles_match_operator_non_string_pattern(self) -> None:`
`@@ -280,6 +285,7 @@ async def test_resolve_roles_match_operator_non_string_pattern(self) -> None:`
`280`	`285`	`operator=JsonPathOperator.MATCH,`
`281`	`286`	`value=123, # Non-string pattern`
`282`	`287`	`roles=["test_role"],`
	`288`	`+ negate=False,`
`283`	`289`	`)`
`284`	`290`
`285`	`291`	`async def test_resolve_roles_match_operator_non_string_value(self) -> None:`
`@@ -290,6 +296,7 @@ async def test_resolve_roles_match_operator_non_string_value(self) -> None:`
`290`	`296`	`operator=JsonPathOperator.MATCH,`
`291`	`297`	`value=r"\d+", # Number pattern`
`292`	`298`	`roles=["numeric_user"],`
	`299`	`+ negate=False,`
`293`	`300`	`)`
`294`	`301`	`]`
`295`	`302`	`jwt_resolver = JwtRolesResolver(role_rules)`
`@@ -312,6 +319,7 @@ async def test_compiled_regex_property(self) -> None:`
`312`	`319`	`operator=JsonPathOperator.MATCH,`
`313`	`320`	`value=r"@example\.com$",`
`314`	`321`	`roles=["example_user"],`
	`322`	`+ negate=False,`
`315`	`323`	`)`
`316`	`324`	`assert match_rule.compiled_regex is not None`
`317`	`325`	`assert isinstance(match_rule.compiled_regex, re.Pattern)`
`@@ -323,6 +331,7 @@ async def test_compiled_regex_property(self) -> None:`
`323`	`331`	`operator=JsonPathOperator.EQUALS,`
`324`	`332`	`value="test@example.com",`
`325`	`333`	`roles=["example_user"],`
	`334`	`+ negate=False,`
`326`	`335`	`)`
`327`	`336`	`assert equals_rule.compiled_regex is None`
`328`	`337`
`@@ -382,7 +391,7 @@ async def test_check_access_with_valid_role(self) -> None:`
`382`	`391`	`assert has_access is True`
`383`	`392`
`384`	`393`	`# Test access denied`
`385`		`- has_access = resolver.check_access(Action.FEEDBACK, frozenset(["employee"]))`
	`394`	`+ has_access = resolver.check_access(Action.FEEDBACK, {"employee"})`
`386`	`395`	`assert has_access is False`
`387`	`396`
`388`	`397`	`async def test_check_access_with_invalid_role(self) -> None:`