Fix tests

shangyian · shangyian · commit d991e358d064 · 2026-01-01T22:10:05.000-08:00
diff --git a/datajunction-server/tests/api/namespaces_test.py b/datajunction-server/tests/api/namespaces_test.py
@@ -969,13 +969,12 @@ async def test_create_namespace_auto_creates_owner_role(
     3. Assign the role to the creating user
     """
     ns_name = unique_namespace("testrbacauto")
-    child_ns = f"{ns_name}.autorole"
 
     # Create a new namespace with a unique name
-    response = await client.post(f"/namespaces/{child_ns}")
+    response = await client.post(f"/namespaces/{ns_name}")
     assert response.status_code in (200, 201)
 
-    # Verify the owner role was created for the parent namespace
+    # Verify the owner role was created for the namespace
     response = await client.get(f"/roles/{ns_name}-owner")
     assert response.status_code == 200
     role_data = response.json()
@@ -989,12 +988,6 @@ async def test_create_namespace_auto_creates_owner_role(
     assert scope["scope_type"] == "namespace"
     assert scope["scope_value"] == ns_name
 
-    # Verify the child namespace also got an owner role
-    response = await client.get(f"/roles/{child_ns}-owner")
-    assert response.status_code == 200
-    child_role_data = response.json()
-    assert child_role_data["name"] == f"{child_ns}-owner"
-
     # Check the role is assigned to the creator
     response = await client.get(f"/roles/{ns_name}-owner/assignments")
     assert response.status_code == 200
diff --git a/datajunction-server/tests/api/nodes_test.py b/datajunction-server/tests/api/nodes_test.py
@@ -6339,11 +6339,15 @@ def track_node(node_name: str):
         """Track a node's role for cleanup."""
         created_roles.append(f"{node_name}-owner")
 
+    # Create a simple namespace object with the helper methods
     class NamespaceHelper:
-        make = make_namespace
-        track_node = staticmethod(track_node)
+        pass
 
-    yield NamespaceHelper
+    helper = NamespaceHelper()
+    helper.make = make_namespace  # type: ignore
+    helper.track_node = track_node  # type: ignore
+
+    yield helper
 
     # Cleanup after test
     for ns in reversed(created_namespaces):
diff --git a/datajunction-server/tests/api/rbac_test.py b/datajunction-server/tests/api/rbac_test.py
@@ -92,11 +92,16 @@ async def test_create_role_duplicate_name(client_with_basic: AsyncClient):
 @pytest.mark.asyncio
 async def test_list_roles(client_with_basic: AsyncClient):
     """Test listing roles."""
+    import uuid
+
+    suffix = uuid.uuid4().hex[:8]
+    test_role_names = [f"listroles_{suffix}_{i}" for i in range(3)]
+
     # Create several roles
-    for i in range(3):
+    for name in test_role_names:
         await client_with_basic.post(
             "/roles/",
-            json={"name": f"role-{i}", "description": f"Role {i}"},
+            json={"name": name, "description": f"Test role {name}"},
         )
 
     # List roles
@@ -105,9 +110,13 @@ async def test_list_roles(client_with_basic: AsyncClient):
     data = response.json()
     assert len(data) >= 3
 
-    # Check they're ordered by name
+    # Check that our created roles are in the list
     names = [role["name"] for role in data]
-    assert sorted(names) == names
+    for test_name in test_role_names:
+        assert test_name in names
+
+    # Check they're ordered by name (case-sensitive lexicographic sort)
+    assert names == sorted(names)
 
 
 @pytest.mark.asyncio
diff --git a/datajunction-server/tests/internal/authorization_test.py b/datajunction-server/tests/internal/authorization_test.py
@@ -1,6 +1,7 @@
 """Tests for RBAC authorization logic."""
 
 from datetime import datetime, timedelta, timezone
+import uuid
 
 import pytest
 from sqlalchemy.ext.asyncio import AsyncSession
@@ -1279,12 +1280,21 @@ class TestAuthContext:
 
     async def test_auth_context_from_user_direct_assignments_only(
         self,
-        default_user: User,
         session: AsyncSession,
     ):
         """AuthContext includes user's direct role assignments."""
+        # Create a fresh user with no pre-existing assignments
+        suffix = uuid.uuid4().hex[:8]
+        fresh_user = User(
+            username=f"authctx_user_{suffix}",
+            email=f"authctx_{suffix}@example.com",
+            oauth_provider="basic",
+        )
+        session.add(fresh_user)
+        await session.flush()
+
         # Create role and assign to user
-        role = Role(name="test-role", created_by_id=default_user.id)
+        role = Role(name=f"test-role-{suffix}", created_by_id=fresh_user.id)
         session.add(role)
         await session.flush()
 
@@ -1297,33 +1307,45 @@ async def test_auth_context_from_user_direct_assignments_only(
         session.add(scope)
 
         assignment = RoleAssignment(
-            principal_id=default_user.id,
+            principal_id=fresh_user.id,
             role_id=role.id,
-            granted_by_id=default_user.id,
+            granted_by_id=fresh_user.id,
         )
         session.add(assignment)
         await session.commit()
 
         # Reload user with assignments
-        user = await get_user(username=default_user.username, session=session)
+        user = await get_user(username=fresh_user.username, session=session)
 
         # Build AuthContext
         auth_context = await AuthContext.from_user(session, user)
 
         assert auth_context.user_id == user.id
         assert auth_context.username == user.username
         assert len(auth_context.role_assignments) == 1
-        assert auth_context.role_assignments[0].role.name == "test-role"
+        assert auth_context.role_assignments[0].role.name == f"test-role-{suffix}"
 
     async def test_auth_context_includes_group_assignments(
         self,
-        default_user: User,
         session: AsyncSession,
     ):
         """AuthContext flattens user's + groups' assignments."""
+        import uuid
+
+        suffix = uuid.uuid4().hex[:8]
+
+        # Create a fresh user with no pre-existing assignments
+        fresh_user = User(
+            username=f"authctx_grp_user_{suffix}",
+            email=f"authctx_grp_{suffix}@example.com",
+            oauth_provider="basic",
+        )
+        session.add(fresh_user)
+        await session.flush()
+
         # Create a group
         group = User(
-            username="finance-team",
+            username=f"finance-team-{suffix}",
             kind=PrincipalKind.GROUP,
             oauth_provider="basic",
         )
@@ -1333,12 +1355,12 @@ async def test_auth_context_includes_group_assignments(
         # Add user to group
         membership = GroupMember(
             group_id=group.id,
-            member_id=default_user.id,
+            member_id=fresh_user.id,
         )
         session.add(membership)
 
         # Create role for user (direct)
-        user_role = Role(name="user-role", created_by_id=default_user.id)
+        user_role = Role(name=f"user-role-{suffix}", created_by_id=fresh_user.id)
         session.add(user_role)
         await session.flush()
 
@@ -1351,14 +1373,14 @@ async def test_auth_context_includes_group_assignments(
         session.add(user_scope)
 
         user_assignment = RoleAssignment(
-            principal_id=default_user.id,
+            principal_id=fresh_user.id,
             role_id=user_role.id,
-            granted_by_id=default_user.id,
+            granted_by_id=fresh_user.id,
         )
         session.add(user_assignment)
 
         # Create role for group
-        group_role = Role(name="group-role", created_by_id=default_user.id)
+        group_role = Role(name=f"group-role-{suffix}", created_by_id=fresh_user.id)
         session.add(group_role)
         await session.flush()
 
@@ -1373,13 +1395,13 @@ async def test_auth_context_includes_group_assignments(
         group_assignment = RoleAssignment(
             principal_id=group.id,
             role_id=group_role.id,
-            granted_by_id=default_user.id,
+            granted_by_id=fresh_user.id,
         )
         session.add(group_assignment)
         await session.commit()
 
         # Reload user
-        user = await get_user(username=default_user.username, session=session)
+        user = await get_user(username=fresh_user.username, session=session)
 
         # Build AuthContext (should include both)
         auth_context = await AuthContext.from_user(session, user)
@@ -1388,36 +1410,49 @@ async def test_auth_context_includes_group_assignments(
         assert len(auth_context.role_assignments) == 2  # User's + group's
 
         role_names = {a.role.name for a in auth_context.role_assignments}
-        assert role_names == {"user-role", "group-role"}
+        assert f"user-role-{suffix}" in role_names
+        assert f"group-role-{suffix}" in role_names
 
     async def test_auth_context_with_multiple_groups(
         self,
-        default_user: User,
         session: AsyncSession,
     ):
         """User in multiple groups gets all group assignments."""
+        import uuid
+
+        suffix = uuid.uuid4().hex[:8]
+
+        # Create a fresh user with no pre-existing assignments
+        fresh_user = User(
+            username=f"authctx_multi_grp_{suffix}",
+            email=f"authctx_multi_grp_{suffix}@example.com",
+            oauth_provider="basic",
+        )
+        session.add(fresh_user)
+        await session.flush()
+
         # Create two groups
         group1 = User(
-            username="finance-team",
+            username=f"finance-team-{suffix}",
             kind=PrincipalKind.GROUP,
             oauth_provider="basic",
         )
         group2 = User(
-            username="data-eng-team",
+            username=f"data-eng-team-{suffix}",
             kind=PrincipalKind.GROUP,
             oauth_provider="basic",
         )
         session.add_all([group1, group2])
         await session.flush()
 
         # Add user to both groups
-        membership1 = GroupMember(group_id=group1.id, member_id=default_user.id)
-        membership2 = GroupMember(group_id=group2.id, member_id=default_user.id)
+        membership1 = GroupMember(group_id=group1.id, member_id=fresh_user.id)
+        membership2 = GroupMember(group_id=group2.id, member_id=fresh_user.id)
         session.add_all([membership1, membership2])
 
         # Give each group a role
-        role1 = Role(name="finance-role", created_by_id=default_user.id)
-        role2 = Role(name="data-eng-role", created_by_id=default_user.id)
+        role1 = Role(name=f"finance-role-{suffix}", created_by_id=fresh_user.id)
+        role2 = Role(name=f"data-eng-role-{suffix}", created_by_id=fresh_user.id)
         session.add_all([role1, role2])
         await session.flush()
 
@@ -1438,26 +1473,27 @@ async def test_auth_context_with_multiple_groups(
         assignment1 = RoleAssignment(
             principal_id=group1.id,
             role_id=role1.id,
-            granted_by_id=default_user.id,
+            granted_by_id=fresh_user.id,
         )
         assignment2 = RoleAssignment(
             principal_id=group2.id,
             role_id=role2.id,
-            granted_by_id=default_user.id,
+            granted_by_id=fresh_user.id,
         )
         session.add_all([assignment1, assignment2])
         await session.commit()
 
         # Reload user
-        user = await get_user(username=default_user.username, session=session)
+        user = await get_user(username=fresh_user.username, session=session)
 
         # Build AuthContext
         auth_context = await AuthContext.from_user(session, user)
 
         # Should have assignments from both groups
         assert len(auth_context.role_assignments) == 2
         role_names = {a.role.name for a in auth_context.role_assignments}
-        assert role_names == {"finance-role", "data-eng-role"}
+        assert f"finance-role-{suffix}" in role_names
+        assert f"data-eng-role-{suffix}" in role_names
 
 
 @pytest.mark.asyncio
@@ -1707,12 +1743,24 @@ class TestGetEffectiveAssignments:
 
     async def test_effective_assignments_user_only(
         self,
-        default_user: User,
         session: AsyncSession,
     ):
         """User with no groups gets only direct assignments."""
+        import uuid
+
+        suffix = uuid.uuid4().hex[:8]
+
+        # Create a fresh user with no pre-existing assignments
+        fresh_user = User(
+            username=f"eff_assign_user_{suffix}",
+            email=f"eff_assign_{suffix}@example.com",
+            oauth_provider="basic",
+        )
+        session.add(fresh_user)
+        await session.flush()
+
         # Give user a direct assignment
-        role = Role(name="personal-role", created_by_id=default_user.id)
+        role = Role(name=f"personal-role-{suffix}", created_by_id=fresh_user.id)
         session.add(role)
         await session.flush()
 
@@ -1725,20 +1773,20 @@ async def test_effective_assignments_user_only(
         session.add(scope)
 
         assignment = RoleAssignment(
-            principal_id=default_user.id,
+            principal_id=fresh_user.id,
             role_id=role.id,
-            granted_by_id=default_user.id,
+            granted_by_id=fresh_user.id,
         )
         session.add(assignment)
         await session.commit()
 
-        user = await get_user(username=default_user.username, session=session)
+        user = await get_user(username=fresh_user.username, session=session)
 
         # Get effective assignments
         assignments = await AuthContext.get_effective_assignments(session, user)
 
         assert len(assignments) == 1
-        assert assignments[0].role.name == "personal-role"
+        assert assignments[0].role.name == f"personal-role-{suffix}"
 
     async def test_effective_assignments_with_postgres_groups(
         self,
