style: repo-wide lint pass — make the lint gate green again

Push builds have been RED on the lint step since ~build 209 from accumulated
formatting drift. This is the mechanical cleanup: ruff format + ruff --fix
(UP038 isinstance unions, SIM105 contextlib.suppress, UP031 f-strings, SIM115
tempfile context manager), shfmt -i 2 -ci, nixpkgs-fmt/statix/deadnix (merged
attrsets, dropped unused lib args), yamllint, and shell quoting fixes in
tests/lasuite-docs/setup_custom_tests.sh. No behaviour changes intended;
lint: PASS, unit tests: 138 passed.
This commit is contained in:
2026-06-09 21:56:15 +00:00
parent e76d4005ab
commit 9a7772563a
115 changed files with 952 additions and 660 deletions

View File

@ -21,6 +21,8 @@ def test_lasuite_meet_returns_200(live_app):
status, _ = harness_http.retry_http_get(
url, expect_status=(200, 301, 302), max_wait=60, interval=3
)
assert status in (200, 301, 302), (
f"lasuite-meet at {url} returned HTTP {status} (expected 200/301/302)"
)
assert status in (
200,
301,
302,
), f"lasuite-meet at {url} returned HTTP {status} (expected 200/301/302)"

View File

@ -28,7 +28,8 @@ import sys
import pytest
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "..", "runner"))
from harness import http as harness_http, sso # noqa: E402
from harness import http as harness_http # noqa: E402
from harness import sso
def _b64url(seg: str) -> bytes:
@ -74,33 +75,40 @@ def test_create_room_get_livekit_token_and_read_back(live_app, deps_creds):
lk_room = livekit.get("room")
lk_token = livekit.get("token")
assert room_id, f"room created but no id: {body!r}"
assert lk_token and isinstance(lk_token, str) and lk_token.count(".") == 2, (
f"room created but no LiveKit JWT token: {livekit!r}"
)
assert (
lk_token and isinstance(lk_token, str) and lk_token.count(".") == 2
), f"room created but no LiveKit JWT token: {livekit!r}"
try:
# --- read it back (a fresh authenticated GET of the created room) ---
status, got = harness_http.http_request("GET", f"{base}/api/v1.0/rooms/{room_id}/", headers=auth)
status, got = harness_http.http_request(
"GET", f"{base}/api/v1.0/rooms/{room_id}/", headers=auth
)
assert status == 200, f"room read-back returned HTTP {status} (expected 200); body={got!r}"
assert isinstance(got, dict) and got.get("id") == room_id, (
f"read-back room id mismatch: {got!r}"
)
got_lk = (got.get("livekit") or {})
assert (
isinstance(got, dict) and got.get("id") == room_id
), f"read-back room id mismatch: {got!r}"
got_lk = got.get("livekit") or {}
assert got_lk.get("token"), f"read-back room missing LiveKit token: {got!r}"
assert got_lk.get("room") == lk_room, (
f"read-back LiveKit room {got_lk.get('room')!r} != create-time {lk_room!r}"
)
assert (
got_lk.get("room") == lk_room
), f"read-back LiveKit room {got_lk.get('room')!r} != create-time {lk_room!r}"
# --- the LiveKit token is a real signaling grant for this room (WebRTC subset) ---
payload = json.loads(_b64url(lk_token.split(".")[1]))
video = payload.get("video") or {}
assert video.get("room") == lk_room or payload.get("room") == lk_room, (
f"LiveKit JWT does not grant the created room {lk_room!r}: {payload!r}"
)
assert (
video.get("room") == lk_room or payload.get("room") == lk_room
), f"LiveKit JWT does not grant the created room {lk_room!r}: {payload!r}"
finally:
# --- delete the room (cleanup + a real DELETE mutation) ---
del_status, _ = harness_http.http_request("DELETE", f"{base}/api/v1.0/rooms/{room_id}/", headers=auth)
assert del_status in (204, 200), f"room delete returned HTTP {del_status} (expected 204/200)"
del_status, _ = harness_http.http_request(
"DELETE", f"{base}/api/v1.0/rooms/{room_id}/", headers=auth
)
assert del_status in (
204,
200,
), f"room delete returned HTTP {del_status} (expected 204/200)"
# --- best-effort: confirm the delete took (404 on re-GET). The §4.3 floor (create-an-object +
# read-it-back + LiveKit-token issuance) is already proven by the hard assertions above; this
@ -112,7 +120,9 @@ def test_create_room_get_livekit_token_and_read_back(live_app, deps_creds):
gone = False
for _ in range(5):
status, _ = harness_http.http_request("GET", f"{base}/api/v1.0/rooms/{room_id}/", headers=auth)
status, _ = harness_http.http_request(
"GET", f"{base}/api/v1.0/rooms/{room_id}/", headers=auth
)
if status == 404:
gone = True
break

View File

@ -46,9 +46,9 @@ def test_oidc_password_grant_against_dep_keycloak(live_app, deps_creds):
# Creds shape. WC1: realm is per-run namespaced "<parent>-<6hex>"; client_id stays the parent.
assert kc["domain"]
assert re.fullmatch(r"lasuite-meet-[0-9a-f]{6}", kc["realm"]), (
f"realm {kc['realm']!r} not the per-run namespaced form lasuite-meet-<6hex>"
)
assert re.fullmatch(
r"lasuite-meet-[0-9a-f]{6}", kc["realm"]
), f"realm {kc['realm']!r} not the per-run namespaced form lasuite-meet-<6hex>"
assert kc["client_id"] == "lasuite-meet"
assert isinstance(kc["client_secret"], str) and len(kc["client_secret"]) >= 16
assert isinstance(kc["password"], str) and len(kc["password"]) >= 16
@ -77,16 +77,14 @@ def test_oidc_password_grant_against_dep_keycloak(live_app, deps_creds):
# Password grant → real JWT
token = sso.oidc_password_grant(creds)
assert isinstance(token, str) and token.count(".") == 2, (
f"access_token is not a JWT: {token!r}"
)
assert isinstance(token, str) and token.count(".") == 2, f"access_token is not a JWT: {token!r}"
payload = json.loads(_b64url_decode(token.split(".")[1]))
assert payload.get("iss") == expected_iss, f"JWT iss={payload.get('iss')!r} != {expected_iss!r}"
assert payload.get("azp") == kc["client_id"], (
f"JWT azp={payload.get('azp')!r} != {kc['client_id']!r}"
)
assert (
payload.get("azp") == kc["client_id"]
), f"JWT azp={payload.get('azp')!r} != {kc['client_id']!r}"
assert payload.get("typ") == "Bearer", f"JWT typ={payload.get('typ')!r} != 'Bearer'"
exp = payload.get("exp")
assert isinstance(exp, int) and exp > time.time(), (
f"JWT exp={exp!r} not a future timestamp (now={time.time():.0f})"
)
assert (
isinstance(exp, int) and exp > time.time()
), f"JWT exp={exp!r} not a future timestamp (now={time.time():.0f})"