/workspace/source/test/e2e/tests/test_api_keys.py:1083: Cannot exec into maas-api pod to trigger cleanup (neither curl nor wget available): executable file `wget` not found in $PATH: No such file or directory command terminated with exit code 1self = <test_external_oidc.TestOIDCModelAccess object at 0x7f19a1990ca0> maas_api_base_url = 'https://maas.apps.e76ed338-6922-4902-af47-9cd9ac6dc741.prod.konfluxeaas.com/maas-api' def test_revoked_api_key_cannot_access_models(self, maas_api_base_url: str): """API key minted via OIDC can be revoked and then rejected.""" token = _request_oidc_token() key_data = _create_oidc_api_key(maas_api_base_url, token) api_key = key_data["key"] key_id = key_data["id"] # Revoke the key using the OIDC token revoke_response = requests.delete( f"{maas_api_base_url}/v1/api-keys/{key_id}", headers={"Authorization": f"Bearer {token}", "Content-Type": "application/json"}, timeout=30, verify=TLS_VERIFY, ) > assert revoke_response.status_code in (200, 204), ( f"API key revocation failed: {revoke_response.status_code} {revoke_response.text}" ) E AssertionError: API key revocation failed: 500 {"error":"Exception thrown while generating token","exceptionCode":"AUTH_FAILURE","refId":"003"} E assert 500 in (200, 204) E + where 500 = <Response [500]>.status_code test/e2e/tests/test_external_oidc.py:414: AssertionErrorself = <test_external_oidc.TestOIDCAPIKeyLifecycle object at 0x7f19a19909d0> maas_api_base_url = 'https://maas.apps.e76ed338-6922-4902-af47-9cd9ac6dc741.prod.konfluxeaas.com/maas-api' def test_create_and_revoke_api_key(self, maas_api_base_url: str): """Full create → revoke lifecycle with OIDC token.""" token = _request_oidc_token() # Create key_data = _create_oidc_api_key(maas_api_base_url, token, name=f"e2e-revoke-{uuid.uuid4().hex[:8]}") key_id = key_data["id"] # Revoke response = requests.delete( f"{maas_api_base_url}/v1/api-keys/{key_id}", headers={"Authorization": f"Bearer {token}", "Content-Type": "application/json"}, timeout=30, verify=TLS_VERIFY, ) > assert response.status_code in (200, 204), ( f"API key revocation failed: {response.status_code} {response.text}" ) E AssertionError: API key revocation failed: 500 {"error":"Exception thrown while generating token","exceptionCode":"AUTH_FAILURE","refId":"003"} E assert 500 in (200, 204) E + where 500 = <Response [500]>.status_code test/e2e/tests/test_external_oidc.py:521: AssertionErrorself = <test_external_oidc.TestOIDCHeaderInjection object at 0x7f19a1990fd0> maas_api_base_url = 'https://maas.apps.e76ed338-6922-4902-af47-9cd9ac6dc741.prod.konfluxeaas.com/maas-api' def test_injected_username_on_oidc_token_ignored(self, maas_api_base_url: str): """Client-supplied X-MaaS-Username with a raw OIDC token (not API key) is ignored. Use a raw OIDC bearer token (not an API key) and inject a spoofed username. The minted API key should still reflect the real OIDC identity, not the injected header. """ token = _request_oidc_token(username="alice_lead", password="letmein") # Mint an API key while injecting a spoofed username header. # Retry on empty 403 (gateway propagation) and 401 (Authorino JWKS loading). url = f"{maas_api_base_url}/v1/api-keys" retries, delay = 6, 5 for attempt in range(1, retries + 1): response = requests.post( url, headers={ "Authorization": f"Bearer {token}", "Content-Type": "application/json", "X-MaaS-Username": "bob_sre", }, json={"name": f"e2e-oidc-inject-{uuid.uuid4().hex[:8]}"}, timeout=30, verify=TLS_VERIFY, ) if (response.status_code == 403 and not response.text.strip()) \ or response.status_code == 401 \ or (response.status_code == 500 and "AUTH_FAILURE" in response.text): if attempt < retries: log.info("OIDC inject test got %d (attempt %d/%d), retrying in %ds...", response.status_code, attempt, retries, delay) time.sleep(delay) continue break > assert response.status_code in (200, 201), ( f"API key mint with injected username header failed: " f"{response.status_code} {response.text}" ) E AssertionError: API key mint with injected username header failed: 500 {"error":"Exception thrown while generating token","exceptionCode":"AUTH_FAILURE","refId":"003"} E assert 500 in (200, 201) E + where 500 = <Response [500]>.status_code test/e2e/tests/test_external_oidc.py:724: AssertionError