Skip to content

Commit 9f9f644

Browse files
GenerQAQGenerQAQ
committed
fix: unify plain project fixtures to use tokens with encrypted master key
Merged plain_project and plain_encryption_project into one fixture — both encryption-enabled and plain projects now use tokens with embedded encrypted master key, matching what the API generates at project creation.
1 parent bf1a6c1 commit 9f9f644

1 file changed

Lines changed: 11 additions & 21 deletions

File tree

src/server/tests/e2e/test_encryption.py

Lines changed: 11 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -263,17 +263,7 @@ async def encrypted_project(db_conn) -> AsyncGenerator[ProjectCredentials, None]
263263

264264
@pytest.fixture
265265
async def plain_project(db_conn) -> AsyncGenerator[ProjectCredentials, None]:
266-
"""Project with encryption_enabled = false (default), legacy key format."""
267-
project = await create_test_project(db_conn)
268-
try:
269-
yield project
270-
finally:
271-
await cleanup_test_project(db_conn, project.project_id)
272-
273-
274-
@pytest.fixture
275-
async def plain_encryption_project(db_conn) -> AsyncGenerator[ProjectCredentials, None]:
276-
"""Project with encryption_enabled = false."""
266+
"""Project with encryption_enabled = false and token with encrypted master key."""
277267
project = await create_test_project_plain(db_conn)
278268
try:
279269
yield project
@@ -286,16 +276,16 @@ async def plain_encryption_project(db_conn) -> AsyncGenerator[ProjectCredentials
286276
# ---------------------------------------------------------------------------
287277

288278
@pytest.mark.asyncio
289-
async def test_enable_encryption_on_project(db_conn, plain_encryption_project):
279+
async def test_enable_encryption_on_project(db_conn, plain_project):
290280
"""POST /admin/v1/project/encrypt on non-encrypted project → 200, flag set."""
291281
async with httpx.AsyncClient() as client:
292-
resp = await enable_encryption(client, plain_encryption_project.bearer_token)
282+
resp = await enable_encryption(client, plain_project.bearer_token)
293283
assert resp.status_code == 200, f"Enable encryption failed: {resp.text}"
294284

295285
# Verify DB flag
296286
flag = await db_conn.fetchval(
297287
"SELECT encryption_enabled FROM projects WHERE id = $1",
298-
plain_encryption_project.project_id,
288+
plain_project.project_id,
299289
)
300290
assert flag is True
301291

@@ -483,37 +473,37 @@ async def test_message_store_retrieve_encrypted(db_conn, encrypted_project):
483473
# ---------------------------------------------------------------------------
484474

485475
@pytest.mark.asyncio
486-
async def test_encrypt_existing_artifacts(db_conn, plain_encryption_project):
476+
async def test_encrypt_existing_artifacts(db_conn, plain_project):
487477
"""Upload artifacts to plain project, then enable encryption → data still accessible."""
488478
plaintext1 = b"file one content before encryption"
489479
plaintext2 = b"file two content before encryption"
490480

491481
async with httpx.AsyncClient() as client:
492-
disk_id = await create_disk(client, plain_encryption_project.headers)
482+
disk_id = await create_disk(client, plain_project.headers)
493483

494484
# Upload artifacts while unencrypted
495485
await upload_artifact(
496-
client, disk_id, plain_encryption_project.headers,
486+
client, disk_id, plain_project.headers,
497487
filename="before1.txt", content=plaintext1,
498488
)
499489
await upload_artifact(
500-
client, disk_id, plain_encryption_project.headers,
490+
client, disk_id, plain_project.headers,
501491
filename="before2.txt", content=plaintext2,
502492
)
503493

504494
# Enable encryption (batch encrypts existing data)
505-
resp = await enable_encryption(client, plain_encryption_project.bearer_token)
495+
resp = await enable_encryption(client, plain_project.bearer_token)
506496
assert resp.status_code == 200
507497

508498
# Download should still return correct plaintext (decrypted)
509499
resp1 = await download_artifact(
510-
client, disk_id, "/before1.txt", plain_encryption_project.headers,
500+
client, disk_id, "/before1.txt", plain_project.headers,
511501
)
512502
assert resp1.status_code == 200
513503
assert resp1.content == plaintext1
514504

515505
resp2 = await download_artifact(
516-
client, disk_id, "/before2.txt", plain_encryption_project.headers,
506+
client, disk_id, "/before2.txt", plain_project.headers,
517507
)
518508
assert resp2.status_code == 200
519509
assert resp2.content == plaintext2

0 commit comments

Comments
 (0)