change namespace name for auth test

[mwaykole]

No description provided.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Tests
  • Updated test parameter names for model namespaces and unprivileged user deployments to use a consistent "test-" prefix across multiple authentication test files.
  • Added a new test marker to categorize certain tests for improved test suite organization.

Walkthrough

Namespace parameters in pytest decorators for several authentication-related model serving tests were updated to use new naming conventions prefixed with "test-". Additionally, a @pytest.mark.sanity decorator was introduced in one test file. No changes were made to test logic, assertions, or control flow.

Changes

Cohort / File(s)	Change Summary
Raw Token Authentication Test Update tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py	Changed namespace parameter from "kserve-raw-token-authentication" to "test-kserve-raw-token-authentication" and added @pytest.mark.sanity decorator.
Serverless Token Authentication Test Update tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py	Changed namespace parameter from "kserve-token-authentication" to "test-kserve-token-authentication".
Model Mesh Authentication Test Update tests/model_serving/model_server/authentication/test_model_mesh_authentication.py	Changed namespace parameter from "model-mesh-authentication" to "test-model-mesh-authentication".
Non-Admin User Model Deployment Test Update tests/model_serving/model_server/authentication/test_non_admin_users.py	Changed parameter names from "non-admin-serverless" to "test-non-admin-serverless" and from "non-admin-raw" to "test-non-admin-raw".

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~6 minutes

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 50e3681 and 01d0059.

📒 Files selected for processing (4)

• tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py (1 hunks)
• tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py (1 hunks)
• tests/model_serving/model_server/authentication/test_model_mesh_authentication.py (1 hunks)
• tests/model_serving/model_server/authentication/test_non_admin_users.py (2 hunks)

🧰 Additional context used

🧠 Learnings (16)

📓 Common learnings

Learnt from: Snomaan6846
PR: opendatahub-io/opendatahub-tests#444
File: tests/model_serving/model_runtime/mlserver/basic_model_deployment/test_mlserver_basic_model_deployment.py:48-714
Timestamp: 2025-07-16T12:20:29.672Z
Learning: In tests/model_serving/model_runtime/mlserver/basic_model_deployment/test_mlserver_basic_model_deployment.py, the same get_deployment_config_dict() function is called twice in each pytest.param because different fixtures (mlserver_inference_service and mlserver_serving_runtime) need the same deployment configuration data. This duplication is intentional to provide identical configuration to multiple fixtures.

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:733-770
Timestamp: 2025-07-17T15:42:23.880Z
Learning: In tests/model_registry/conftest.py, the model_registry_instance_1 and model_registry_instance_2 fixtures do not need explicit database dependency fixtures (like db_deployment_1, db_secret_1, etc.) in their function signatures. Pytest's dependency injection automatically handles the fixture dependencies when they reference db_name_1 and db_name_2 parameters. This is the correct pattern for these Model Registry instance fixtures.

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:595-612
Timestamp: 2025-07-17T15:42:04.167Z
Learning: In tests/model_registry/conftest.py, the db_deployment_1 fixture (and similar duplicated resource fixtures) do not require the admin_client parameter or explicit dependencies on related fixtures like db_secret_1, db_pvc_1, and db_service_1, even though the original model_registry_db_deployment fixture includes these parameters.

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#354
File: tests/model_registry/rbac/conftest.py:166-175
Timestamp: 2025-06-16T11:25:39.599Z
Learning: In tests/model_registry/rbac/conftest.py, predictable names are intentionally used for test resources (like RoleBindings and groups) instead of random names. This design choice prioritizes exposing cleanup failures from previous test runs through name collisions rather than masking such issues with random names. The philosophy is that test failures should be observable and informative to help debug underlying infrastructure or cleanup issues.

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:579-591
Timestamp: 2025-07-17T15:43:04.876Z
Learning: In tests/model_registry/conftest.py, the db_service_1 and db_service_2 fixtures do not require the admin_client parameter for Service resource creation, despite the existing model_registry_db_service fixture using client=admin_client. This inconsistency was confirmed as intentional by user lugi0.

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#338
File: tests/model_registry/rbac/test_mr_rbac.py:24-53
Timestamp: 2025-06-06T12:22:57.057Z
Learning: In the opendatahub-tests repository, prefer keeping test parameterization configurations inline rather than extracting them to separate variables/constants, as it makes triaging easier by avoiding the need to jump between different parts of the file to understand the test setup.

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#429
File: tests/model_registry/rbac/test_mr_rbac_sa.py:45-45
Timestamp: 2025-07-30T14:15:25.605Z
Learning: In tests/model_registry/rbac/test_mr_rbac_sa.py, bounds checking for model_registry_instance_rest_endpoint list access is not needed because upstream fixture validation already ensures endpoints exist before the tests execute. The Model Registry setup process validates endpoint availability, making additional bounds checks redundant.

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:666-676
Timestamp: 2025-07-17T15:41:54.284Z
Learning: In tests/model_registry/conftest.py, the db_secret_1 and db_secret_2 fixtures do not require the admin_client parameter in their signatures, unlike some other Secret fixtures in the codebase. The user lugi0 confirmed this is the correct pattern for these specific fixtures.

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#401
File: tests/model_registry/rest_api/mariadb/conftest.py:89-110
Timestamp: 2025-07-04T00:17:47.799Z
Learning: In tests/model_registry/rest_api/mariadb/conftest.py, the model_registry_with_mariadb fixture should always use OAUTH_PROXY_CONFIG_DICT for the oauth_proxy parameter regardless of the is_model_registry_oauth parameter value, based on expected product behavior for MariaDB-backed ModelRegistry instances.

Learnt from: adolfo-ab
PR: opendatahub-io/opendatahub-tests#334
File: tests/model_explainability/trustyai_service/test_trustyai_service.py:52-65
Timestamp: 2025-06-05T10:05:17.642Z
Learning: For TrustyAI image validation tests: operator image tests require admin_client, related_images_refs, and trustyai_operator_configmap fixtures, while service image tests would require different fixtures like trustyai_service_with_pvc_storage, model_namespace, and current_client_token.

📚 Learning: in tests/model_registry/rest_api/mariadb/conftest.py, the model_registry_with_mariadb fixture should...

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#401
File: tests/model_registry/rest_api/mariadb/conftest.py:89-110
Timestamp: 2025-07-04T00:17:47.799Z
Learning: In tests/model_registry/rest_api/mariadb/conftest.py, the model_registry_with_mariadb fixture should always use OAUTH_PROXY_CONFIG_DICT for the oauth_proxy parameter regardless of the is_model_registry_oauth parameter value, based on expected product behavior for MariaDB-backed ModelRegistry instances.

Applied to files:

• tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py
• tests/model_serving/model_server/authentication/test_model_mesh_authentication.py
• tests/model_serving/model_server/authentication/test_non_admin_users.py
• tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py

📚 Learning: in tests/model_registry/conftest.py, the db_service_1 and db_service_2 fixtures do not require the a...

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:579-591
Timestamp: 2025-07-17T15:43:04.876Z
Learning: In tests/model_registry/conftest.py, the db_service_1 and db_service_2 fixtures do not require the admin_client parameter for Service resource creation, despite the existing model_registry_db_service fixture using client=admin_client. This inconsistency was confirmed as intentional by user lugi0.

Applied to files:

• tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py
• tests/model_serving/model_server/authentication/test_non_admin_users.py

📚 Learning: in tests/model_registry/rbac/test_mr_rbac_sa.py, bounds checking for model_registry_instance_rest_en...

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#429
File: tests/model_registry/rbac/test_mr_rbac_sa.py:45-45
Timestamp: 2025-07-30T14:15:25.605Z
Learning: In tests/model_registry/rbac/test_mr_rbac_sa.py, bounds checking for model_registry_instance_rest_endpoint list access is not needed because upstream fixture validation already ensures endpoints exist before the tests execute. The Model Registry setup process validates endpoint availability, making additional bounds checks redundant.

Applied to files:

• tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py
• tests/model_serving/model_server/authentication/test_model_mesh_authentication.py
• tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py

📚 Learning: in tests/model_serving/model_runtime/mlserver/basic_model_deployment/test_mlserver_basic_model_deplo...

Learnt from: Snomaan6846
PR: opendatahub-io/opendatahub-tests#444
File: tests/model_serving/model_runtime/mlserver/basic_model_deployment/test_mlserver_basic_model_deployment.py:48-714
Timestamp: 2025-07-16T12:20:29.672Z
Learning: In tests/model_serving/model_runtime/mlserver/basic_model_deployment/test_mlserver_basic_model_deployment.py, the same get_deployment_config_dict() function is called twice in each pytest.param because different fixtures (mlserver_inference_service and mlserver_serving_runtime) need the same deployment configuration data. This duplication is intentional to provide identical configuration to multiple fixtures.

Applied to files:

• tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py
• tests/model_serving/model_server/authentication/test_model_mesh_authentication.py
• tests/model_serving/model_server/authentication/test_non_admin_users.py
• tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py

📚 Learning: for trustyai image validation tests: operator image tests require admin_client, related_images_refs,...

Learnt from: adolfo-ab
PR: opendatahub-io/opendatahub-tests#334
File: tests/model_explainability/trustyai_service/test_trustyai_service.py:52-65
Timestamp: 2025-06-05T10:05:17.642Z
Learning: For TrustyAI image validation tests: operator image tests require admin_client, related_images_refs, and trustyai_operator_configmap fixtures, while service image tests would require different fixtures like trustyai_service_with_pvc_storage, model_namespace, and current_client_token.

Applied to files:

• tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py
• tests/model_serving/model_server/authentication/test_model_mesh_authentication.py
• tests/model_serving/model_server/authentication/test_non_admin_users.py
• tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py

📚 Learning: in tests/model_registry/rbac/conftest.py, predictable names are intentionally used for test resource...

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#354
File: tests/model_registry/rbac/conftest.py:166-175
Timestamp: 2025-06-16T11:25:39.599Z
Learning: In tests/model_registry/rbac/conftest.py, predictable names are intentionally used for test resources (like RoleBindings and groups) instead of random names. This design choice prioritizes exposing cleanup failures from previous test runs through name collisions rather than masking such issues with random names. The philosophy is that test failures should be observable and informative to help debug underlying infrastructure or cleanup issues.

Applied to files:

• tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py
• tests/model_serving/model_server/authentication/test_non_admin_users.py
• tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py

📚 Learning: in tests/model_registry/conftest.py, the model_registry_instance_1 fixture (and similar duplicated m...

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:0-0
Timestamp: 2025-07-17T15:42:26.275Z
Learning: In tests/model_registry/conftest.py, the model_registry_instance_1 fixture (and similar duplicated Model Registry instance fixtures) do not require admin_client, db_deployment_1, or db_secret_1 parameters as explicit dependencies, even though these dependencies exist implicitly through the fixture dependency chain.

Applied to files:

• tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py
• tests/model_serving/model_server/authentication/test_model_mesh_authentication.py
• tests/model_serving/model_server/authentication/test_non_admin_users.py
• tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py

📚 Learning: in tests/model_registry/conftest.py, the model_registry_instance_1 and model_registry_instance_2 fix...

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:733-770
Timestamp: 2025-07-17T15:42:23.880Z
Learning: In tests/model_registry/conftest.py, the model_registry_instance_1 and model_registry_instance_2 fixtures do not need explicit database dependency fixtures (like db_deployment_1, db_secret_1, etc.) in their function signatures. Pytest's dependency injection automatically handles the fixture dependencies when they reference db_name_1 and db_name_2 parameters. This is the correct pattern for these Model Registry instance fixtures.

Applied to files:

• tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py
• tests/model_serving/model_server/authentication/test_model_mesh_authentication.py
• tests/model_serving/model_server/authentication/test_non_admin_users.py
• tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py

📚 Learning: in the opendatahub-tests repository, bypassing tls verification with `--insecure-skip-tls-verify=tru...

Learnt from: fege
PR: opendatahub-io/opendatahub-tests#283
File: tests/model_registry/test_user_permission.py:31-31
Timestamp: 2025-05-05T13:48:02.409Z
Learning: In the opendatahub-tests repository, bypassing TLS verification with `--insecure-skip-tls-verify=true` is an acceptable practice in test environments, particularly in the model registry tests.

Applied to files:

• tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py
• tests/model_serving/model_server/authentication/test_model_mesh_authentication.py
• tests/model_serving/model_server/authentication/test_non_admin_users.py
• tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py

📚 Learning: in tests/model_registry/conftest.py, the db_deployment_1 fixture (and similar duplicated resource fi...

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:595-612
Timestamp: 2025-07-17T15:42:04.167Z
Learning: In tests/model_registry/conftest.py, the db_deployment_1 fixture (and similar duplicated resource fixtures) do not require the admin_client parameter or explicit dependencies on related fixtures like db_secret_1, db_pvc_1, and db_service_1, even though the original model_registry_db_deployment fixture includes these parameters.

Applied to files:

• tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py
• tests/model_serving/model_server/authentication/test_model_mesh_authentication.py
• tests/model_serving/model_server/authentication/test_non_admin_users.py
• tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py

📚 Learning: in the opendatahub-tests repository, prefer keeping test parameterization configurations inline rath...

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#338
File: tests/model_registry/rbac/test_mr_rbac.py:24-53
Timestamp: 2025-06-06T12:22:57.057Z
Learning: In the opendatahub-tests repository, prefer keeping test parameterization configurations inline rather than extracting them to separate variables/constants, as it makes triaging easier by avoiding the need to jump between different parts of the file to understand the test setup.

Applied to files:

• tests/model_serving/model_server/authentication/test_model_mesh_authentication.py

📚 Learning: in tests/model_registry/conftest.py, the db_secret_1 and db_secret_2 fixtures do not require the adm...

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:666-676
Timestamp: 2025-07-17T15:41:54.284Z
Learning: In tests/model_registry/conftest.py, the db_secret_1 and db_secret_2 fixtures do not require the admin_client parameter in their signatures, unlike some other Secret fixtures in the codebase. The user lugi0 confirmed this is the correct pattern for these specific fixtures.

Applied to files:

• tests/model_serving/model_server/authentication/test_non_admin_users.py

📚 Learning: in the opendatahub-tests repository, the login_as_test_user fixture in tests/model_registry/rbac/con...

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#354
File: tests/model_registry/rbac/conftest.py:355-371
Timestamp: 2025-06-16T11:25:51.461Z
Learning: In the opendatahub-tests repository, the login_as_test_user fixture in tests/model_registry/rbac/conftest.py intentionally logs back in as the original admin user without providing a password using login_with_user_password. This behavior is acceptable in their testing environment.

Applied to files:

• tests/model_serving/model_server/authentication/test_non_admin_users.py

📚 Learning: in tests/model_registry/conftest.py, service resources can be created without explicitly passing the...

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:579-591
Timestamp: 2025-07-17T15:43:04.876Z
Learning: In tests/model_registry/conftest.py, Service resources can be created without explicitly passing the admin_client parameter when using the context manager approach with "with Service()". The client parameter is optional for Service resource creation.

Applied to files:

• tests/model_serving/model_server/authentication/test_non_admin_users.py

📚 Learning: in model registry rbac tests, client instantiation tests are designed to verify the ability to creat...

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#354
File: tests/model_registry/rbac/test_mr_rbac.py:64-77
Timestamp: 2025-06-16T11:26:53.789Z
Learning: In Model Registry RBAC tests, client instantiation tests are designed to verify the ability to create and use the MR python client, with actual API functionality testing covered by separate existing tests.

Applied to files:

• tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py

🔇 Additional comments (6)

tests/model_serving/model_server/authentication/test_kserve_token_authentication_serverless.py (1)

17-17: LGTM! Namespace naming standardization looks good.

The namespace parameter update from "kserve-token-authentication" to "test-kserve-token-authentication" aligns with the PR objective to standardize test environment naming conventions across authentication tests.

tests/model_serving/model_server/authentication/test_model_mesh_authentication.py (1)

19-19: LGTM! Consistent namespace naming update.

The namespace parameter change from "model-mesh-authentication" to "test-model-mesh-authentication" maintains consistency with the "test-" prefix convention being applied across authentication test files.

tests/model_serving/model_server/authentication/test_non_admin_users.py (2)

15-15: LGTM! Serverless namespace naming standardized.

The namespace parameter update from "non-admin-serverless" to "test-non-admin-serverless" follows the consistent "test-" prefix pattern for authentication test namespaces.

---

41-41: LGTM! Raw deployment namespace naming standardized.

The namespace parameter update from "non-admin-raw" to "test-non-admin-raw" maintains consistency with the naming convention updates across authentication tests.

tests/model_serving/model_server/authentication/test_kserve_token_authentication_raw.py (2)

15-15: LGTM! Sanity test marker addition.

The addition of @pytest.mark.sanity decorator appropriately categorizes this test for inclusion in sanity test runs, as mentioned in the AI summary.

---

21-21: LGTM! Namespace naming follows consistent pattern.

The namespace parameter update from "kserve-raw-token-authentication" to "test-kserve-raw-token-authentication" aligns with the standardized naming convention applied across all authentication test files in this PR.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

The following are automatically added/executed:

• PR size label.
• Run pre-commit
• Run tox
• Add PR author as the PR assignee
• Build image based on the PR

Available user actions:

• To mark a PR as WIP, add /wip in a comment. To remove it from the PR comment /wip cancel to the PR.
• To block merging of a PR, add /hold in a comment. To un-block merging of PR comment /hold cancel.
• To mark a PR as approved, add /lgtm in a comment. To remove, add /lgtm cancel.
  lgtm label removed on each new commit push.
• To mark PR as verified comment /verified to the PR, to un-verify comment /verified cancel to the PR.
  verified label removed on each new commit push.
• To Cherry-pick a merged PR /cherry-pick <target_branch_name> to the PR. If <target_branch_name> is valid,
  and the current PR is merged, a cherry-picked PR would be created and linked to the current PR.
• To build and push image to quay, add /build-push-pr-image in a comment. This would create an image with tag
  pr-<pr_number> to quay repository. This image tag, however would be deleted on PR merge or close action.

Supported labels

{'/build-push-pr-image', '/verified', '/wip', '/lgtm', '/cherry-pick', '/hold'}

[github-actions]

Status of building tag latest: success.
Status of pushing tag latest to image registry: success.