Conversation
There was a problem hiding this comment.
Pull request overview
Adds additional APIv2 CI tests, primarily focused on ACL/list visibility checks and introducing coverage for the ApiToken (JWT API key) resource.
Changes:
- Added ApiToken test object creation support and a new
ApiTokentest suite (including token-field behavior checks). - Introduced a shared ACL list-visibility helper plus multiple
test_aclcases across existing model tests. - Cleaned up a couple of unused imports in existing tests.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| ci/apiv2/utils.py | Adds ApiToken test-object creation, restricted-user helper, and a reusable ACL list-visibility assertion helper. |
| ci/apiv2/testfiles/apitoken/create_apitoken_001.json | Adds JSON payload fixture for creating an ApiToken in tests. |
| ci/apiv2/test_apitoken.py | New test suite for ApiToken CRUD/behavior (token returned only on create, ACL list behavior, etc.). |
| ci/apiv2/test_taskwrapper.py | Adds ACL list test for TaskWrapper. |
| ci/apiv2/test_task.py | Adds ACL list test for Task. |
| ci/apiv2/test_hashlist.py | Adds ACL list test for Hashlist. |
| ci/apiv2/test_file.py | Adds ACL list test for File. |
| ci/apiv2/test_agentstat.py | Adds ACL list test for AgentStat. |
| ci/apiv2/test_agentassignment.py | Removes unused import and adds ACL list test for AgentAssignment. |
| ci/apiv2/test_agent.py | Adds ACL list test for Agent. |
| ci/apiv2/test_pretask.py | Removes unused import. |
| ci/apiv2/test_hash.py | Removes unused import. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| def do_create_apitoken(extra_payload={}, **kwargs): | ||
| now = int(time.time()) | ||
| extra_payload = {**extra_payload, 'startValid': now, 'endValid': now + 3600} |
There was a problem hiding this comment.
do_create_apitoken uses a mutable default for extra_payload. Even though this function rebinds extra_payload, keeping {} as a default is error-prone and inconsistent with typical Python practice. Consider using extra_payload: dict | None = None and initializing it inside the function. Also, the current merge order always overwrites any caller-supplied startValid/endValid; if callers should be able to customize validity, only set those keys when not already provided (e.g., via setdefault).
| def do_create_apitoken(extra_payload={}, **kwargs): | |
| now = int(time.time()) | |
| extra_payload = {**extra_payload, 'startValid': now, 'endValid': now + 3600} | |
| def do_create_apitoken(extra_payload=None, **kwargs): | |
| now = int(time.time()) | |
| extra_payload = dict(extra_payload or {}) | |
| extra_payload.setdefault('startValid', now) | |
| extra_payload.setdefault('endValid', now + 3600) |
| model_obj = self.create_test_object() | ||
| # Retrieve the object via GET and verify the token field is absent | ||
| obj = self.model_class.objects.get(pk=model_obj.id) | ||
| self.assertFalse(hasattr(obj, 'token') and obj.token is not None) |
There was a problem hiding this comment.
test_token_not_in_get currently passes if the client exposes a token attribute but sets it to None (because the assertion only fails when token is non-null). If the contract you want to enforce is “token field is not present on GET responses”, assert that the attribute is absent (or explicitly verify the response payload) so this test can catch regressions where the server/client starts returning the token field again.
| self.assertFalse(hasattr(obj, 'token') and obj.token is not None) | |
| self.assertFalse(hasattr(obj, 'token')) |
hashtopolis/python-hashtopolis#2 should be merged first otherwise tests cannot pass