self = <test_api_keys.TestAPIKeySubscriptionFilter object at 0x7f4fa1456490> api_keys_base_url = 'https://maas.apps.85781127-4a5f-4709-8232-89c1fb1f248b.prod.konfluxeaas.com/maas-api/v1/api-keys' headers = {'Authorization': 'Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1zZlJUQW45Nl94SEVGLWQ5UEVsZFRwbk1XOW1KNnJEdm9uSmNlaGxYMWMifQ.e...2EMy_-BkoBnxB1tZ_auOEso_HR0Fl5XFCjCyGrm_6eoftQ39ilh3DBjKuFt6Yt5JS7m00Maqa6wPHSmtQ', 'Content-Type': 'application/json'} def test_search_filters_by_subscription(self, api_keys_base_url: str, headers: dict): """Search with subscription filter returns only keys bound to that subscription.""" sub_a = f"e2e-filter-sub-a-{os.urandom(4).hex()}" sub_b = f"e2e-filter-sub-b-{os.urandom(4).hex()}" ns = _ns() sa_name = f"e2e-filter-sa-{os.urandom(4).hex()}" key_ids_a = [] key_ids_b = [] try: # Create one SA authorized for both subscriptions so that # exclusion in search results is attributable to the subscription # filter, not user-scoping. oc_token = _create_sa_token(sa_name, namespace=MODEL_NAMESPACE) sa_user = _sa_to_user(sa_name, namespace=MODEL_NAMESPACE) sa_headers = {"Authorization": f"Bearer {oc_token}", "Content-Type": "application/json"} _create_test_auth_policy(f"{sub_a}-auth", MODEL_REF, users=[sa_user]) _create_test_subscription(sub_a, MODEL_REF, users=[sa_user]) _wait_for_maas_subscription_phase(sub_a, namespace=ns) _create_test_auth_policy(f"{sub_b}-auth", MODEL_REF, users=[sa_user]) _create_test_subscription(sub_b, MODEL_REF, users=[sa_user]) _wait_for_maas_subscription_phase(sub_b, namespace=ns) # Create 2 keys bound to sub_a for i in range(2): r = requests.post( api_keys_base_url, headers=sa_headers, json={"name": f"e2e-filter-a-{i}", "subscription": sub_a}, timeout=TIMEOUT, verify=TLS_VERIFY, ) > assert r.status_code in (200, 201), f"Failed to create key for {sub_a}: {r.text}" E AssertionError: Failed to create key for e2e-filter-sub-a-51f70d67: E assert 500 in (200, 201) E + where 500 = <Response [500]>.status_code test/e2e/tests/test_api_keys.py:1510: AssertionErrorself = <test_api_keys.TestAPIKeySubscriptionFilter object at 0x7f4fa1456160> api_keys_base_url = 'https://maas.apps.85781127-4a5f-4709-8232-89c1fb1f248b.prod.konfluxeaas.com/maas-api/v1/api-keys' headers = {'Authorization': 'Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1zZlJUQW45Nl94SEVGLWQ5UEVsZFRwbk1XOW1KNnJEdm9uSmNlaGxYMWMifQ.e...2EMy_-BkoBnxB1tZ_auOEso_HR0Fl5XFCjCyGrm_6eoftQ39ilh3DBjKuFt6Yt5JS7m00Maqa6wPHSmtQ', 'Content-Type': 'application/json'} def test_search_without_subscription_returns_all(self, api_keys_base_url: str, headers: dict): """Search without subscription filter returns keys across all subscriptions.""" key_ids = [] try: # Create keys with explicit subscription binding for i in range(2): r = requests.post( api_keys_base_url, headers=headers, json={"name": f"e2e-nofilter-{i}", "subscription": SIMULATOR_SUBSCRIPTION}, timeout=TIMEOUT, verify=TLS_VERIFY, ) > assert r.status_code in (200, 201), f"Failed to create key: {r.text}" E AssertionError: Failed to create key: E assert 500 in (200, 201) E + where 500 = <Response [500]>.status_code test/e2e/tests/test_api_keys.py:1577: AssertionError@pytest.fixture(scope="module") def api_key(): """Create an API key for tests.""" > key_id, key = _create_ns_api_key("e2e-ns-scoping-key") test/e2e/tests/test_namespace_scoping.py:186: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ name = 'e2e-ns-scoping-key' def _create_ns_api_key(name: str = None) -> tuple[str, str]: """Create an API key and return (key_id, plaintext_key). Retries on empty 403 from gateway propagation delay (Envoy may not have loaded the AuthPolicy yet). """ token = _get_token() url = f"{_maas_api_url()}/v1/api-keys" key_name = name or f"e2e-ns-test-{uuid.uuid4().hex[:8]}" retries = 6 delay = 5 for attempt in range(1, retries + 1): r = requests.post( url, headers={"Authorization": f"Bearer {token}", "Content-Type": "application/json"}, json={"name": key_name}, timeout=TIMEOUT, verify=TLS_VERIFY, ) if r.status_code == 403 and not r.text.strip(): if attempt < retries: log.info("Gateway returned empty 403 (attempt %d/%d), retrying in %ds...", attempt, retries, delay) time.sleep(delay) continue break if r.status_code not in (200, 201): > raise RuntimeError(f"Failed to create API key: {r.status_code} {r.text}") E RuntimeError: Failed to create API key: 500 test/e2e/tests/test_namespace_scoping.py:92: RuntimeError@pytest.fixture(scope="module") def api_key(): """Create an API key for tests.""" > key_id, key = _create_ns_api_key("e2e-ns-scoping-key") test/e2e/tests/test_namespace_scoping.py:186: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ name = 'e2e-ns-scoping-key' def _create_ns_api_key(name: str = None) -> tuple[str, str]: """Create an API key and return (key_id, plaintext_key). Retries on empty 403 from gateway propagation delay (Envoy may not have loaded the AuthPolicy yet). """ token = _get_token() url = f"{_maas_api_url()}/v1/api-keys" key_name = name or f"e2e-ns-test-{uuid.uuid4().hex[:8]}" retries = 6 delay = 5 for attempt in range(1, retries + 1): r = requests.post( url, headers={"Authorization": f"Bearer {token}", "Content-Type": "application/json"}, json={"name": key_name}, timeout=TIMEOUT, verify=TLS_VERIFY, ) if r.status_code == 403 and not r.text.strip(): if attempt < retries: log.info("Gateway returned empty 403 (attempt %d/%d), retrying in %ds...", attempt, retries, delay) time.sleep(delay) continue break if r.status_code not in (200, 201): > raise RuntimeError(f"Failed to create API key: {r.status_code} {r.text}") E RuntimeError: Failed to create API key: 500 test/e2e/tests/test_namespace_scoping.py:92: RuntimeErrorself = <test_subscription.TestAuthEnforcement object at 0x7f4fa102ad00> def test_authorized_user_gets_200(self): """API key with system:authenticated group should access the free model. Polls because AuthPolicies may still be syncing with Authorino.""" > api_key = _get_default_api_key() test/e2e/tests/test_subscription.py:223: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ test/e2e/tests/test_subscription.py:125: in _get_default_api_key _default_api_key_cache[pid] = _create_api_key( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ oc_token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1zZlJUQW45Nl94SEVGLWQ5UEVsZFRwbk1XOW1KNnJEdm9uSmNlaGxYMWMifQ.eyJhdWQiOlsiaHR0cHM6Ly9wcm...BI0PmK-TRVIGNd7rufkr6cK8yjiPNekqthGr22EMy_-BkoBnxB1tZ_auOEso_HR0Fl5XFCjCyGrm_6eoftQ39ilh3DBjKuFt6Yt5JS7m00Maqa6wPHSmtQ' name = 'e2e-default-key', subscription = 'simulator-subscription' def _create_api_key(oc_token: str, name: str = None, subscription: str = None) -> str: """Create an API key using the MaaS API and return the plaintext key. Args: oc_token: OC token for authentication with maas-api name: Optional name for the key (auto-generated if not provided) subscription: Optional MaaSSubscription name to bind (highest-priority auto-bind if omitted) Returns: The plaintext API key (sk-oai-xxx format) """ r = _create_api_key_raw(oc_token, name, subscription) if r.status_code not in (200, 201): > raise RuntimeError(f"Failed to create API key: {r.status_code} {r.text}") E RuntimeError: Failed to create API key: 500 test/e2e/tests/test_helper.py:243: RuntimeError