fix proxy auth tests

2026-04-15 03:22:10 +03:00 · 2025-09-10 14:51:12 -05:00 · 2025-09-10 14:51:12 -05:00 · 7d3180b4f0
commit 7d3180b4f0
parent c93f53d84c
1 changed files with 13 additions and 14 deletions
--- a/frigate/test/test_proxy_auth.py
+++ b/frigate/test/test_proxy_auth.py
@ -19,61 +19,60 @@ class TestProxyRoleResolution(unittest.TestCase):
                },
            ),
        )
+        self.config_roles = list(["admin", "viewer"])

    def test_role_map_single_group_match(self):
        headers = {"x-remote-role": "group_admin"}
-        role = resolve_role(headers, self.proxy_config)
+        role = resolve_role(headers, self.proxy_config, self.config_roles)
        self.assertEqual(role, "admin")

    def test_role_map_multiple_groups(self):
-        headers = {"x-remote-role": "group_viewer|group_admin"}
-        role = resolve_role(headers, self.proxy_config)
-        # admin should win since VALID_ROLES priority puts it before viewer
+        headers = {"x-remote-role": "group_admin|group_viewer"}
+        role = resolve_role(headers, self.proxy_config, self.config_roles)
        self.assertEqual(role, "admin")

    def test_direct_role_header_with_separator(self):
        config = self.proxy_config
        config.header_map.role_map = None  # disable role_map
-        headers = {"x-remote-role": "viewer|admin"}
-        role = resolve_role(headers, config)
-        # admin should be chosen since it appears in VALID_ROLES
+        headers = {"x-remote-role": "admin|viewer"}
+        role = resolve_role(headers, config, self.config_roles)
        self.assertEqual(role, "admin")

    def test_invalid_role_header(self):
        config = self.proxy_config
        config.header_map.role_map = None
        headers = {"x-remote-role": "notarole"}
-        role = resolve_role(headers, config)
+        role = resolve_role(headers, config, self.config_roles)
        self.assertEqual(role, config.default_role)

    def test_missing_role_header(self):
        headers = {}
-        role = resolve_role(headers, self.proxy_config)
+        role = resolve_role(headers, self.proxy_config, self.config_roles)
        self.assertEqual(role, self.proxy_config.default_role)

    def test_empty_role_header(self):
        headers = {"x-remote-role": ""}
-        role = resolve_role(headers, self.proxy_config)
+        role = resolve_role(headers, self.proxy_config, self.config_roles)
        self.assertEqual(role, self.proxy_config.default_role)

    def test_whitespace_groups(self):
        headers = {"x-remote-role": "   | group_admin |   "}
-        role = resolve_role(headers, self.proxy_config)
+        role = resolve_role(headers, self.proxy_config, self.config_roles)
        self.assertEqual(role, "admin")

    def test_mixed_valid_and_invalid_groups(self):
        headers = {"x-remote-role": "bogus|group_viewer"}
-        role = resolve_role(headers, self.proxy_config)
+        role = resolve_role(headers, self.proxy_config, self.config_roles)
        self.assertEqual(role, "viewer")

    def test_case_insensitive_role_direct(self):
        config = self.proxy_config
        config.header_map.role_map = None
        headers = {"x-remote-role": "AdMiN"}
-        role = resolve_role(headers, config)
+        role = resolve_role(headers, config, self.config_roles)
        self.assertEqual(role, "admin")

    def test_role_map_no_match_falls_back(self):
        headers = {"x-remote-role": "group_unknown"}
-        role = resolve_role(headers, self.proxy_config)
+        role = resolve_role(headers, self.proxy_config, self.config_roles)
        self.assertEqual(role, self.proxy_config.default_role)