minor changes to model registry rests and fixtures

[dbasunag]

Description

How Has This Been Tested?

Merge criteria:

• The commits are squashed in a cohesive manner and have meaningful messages.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work

Summary by CodeRabbit

• Tests
  • Improved stability of secure DB tests by adding readiness checks and cleaning up created secrets after runs.
  • Simplified test setup by shifting some dependencies from parameterization to fixtures and refining fixture signatures.
  • Optimized context management in RBAC tests to streamline setup while maintaining behavior.
  • Updated test markers and fixture ordering to ensure consistent execution and reduce flakiness.

[coderabbitai]

📝 Walkthrough

Walkthrough

Test-suite test files updated: one fixture signature reduced, RBAC test parameterization and context construction adjusted, REST API fixtures add pod readiness wait and secret teardown, and secure-DB tests update class/test decorators and fixture usage. No production code changes.

Changes

Cohort / File(s)	Summary of changes
Core fixture signature update tests/model_registry/conftest.py	Removed FixtureRequest parameter from updated_dsc_component_state_scope_session fixture signature ((pytestconfig, request, admin_client) -> (pytestconfig, admin_client)); internal logic unchanged.
RBAC param/context adjustments tests/model_registry/rbac/conftest.py, tests/model_registry/rbac/multiple_instance_utils.py, tests/model_registry/rbac/test_mr_rbac.py	conftest.py: built ModelRegistry instances via a two-stage approach using ExitStack and a list comprehension for contexts. multiple_instance_utils.py: removed ns_params variable and removed it from MR_MULTIPROJECT_TEST_SCENARIO_PARAMS parameter tuples. test_mr_rbac.py: removed updated_dsc_component_state_scope_session from the @pytest.mark.parametrize parameter list (test still accepts it as a fixture).
REST API fixture hardening tests/model_registry/rest_api/conftest.py	patch_mysql_deployment_with_ssl_ca: added wait_for_pods_running checks after applying the patch before asserting deployment availability. mysql_ssl_secrets fixture: added teardown to delete created Secrets (ca_secret, server_cert_secret, server_key_secret) after yield.
REST API secure DB tests setup tests/model_registry/rest_api/test_model_registry_secure_db.py	Removed class-level @pytest.mark.usefixtures("updated_dsc_component_state_scope_session", "model_registry_instance") from TestModelRegistryWithSecureDB; removed @pytest.mark.sanity from test_register_model_with_invalid_ca; updated test_register_model_with_valid_ca usefixtures to include model_registry_metadata_db_resources and reordered fixtures.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "minor changes to model registry rests and fixtures" correctly targets the primary scope of the changeset, which updates tests and fixtures under tests/model_registry (including rest_api-related tweaks), so it meaningfully summarizes the main change and is concise. It does not attempt to list files or include extraneous tokens, making it suitable for history scanning. The only issue is a typographical error ("rests" should be "tests") that slightly reduces clarity.
Docstring Coverage	✅ Passed	Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7d77f2f and 6681300.

📒 Files selected for processing (6)

• tests/model_registry/conftest.py (0 hunks)
• tests/model_registry/rbac/conftest.py (1 hunks)
• tests/model_registry/rbac/multiple_instance_utils.py (0 hunks)
• tests/model_registry/rbac/test_mr_rbac.py (0 hunks)
• tests/model_registry/rest_api/conftest.py (2 hunks)
• tests/model_registry/rest_api/test_model_registry_secure_db.py (1 hunks)

💤 Files with no reviewable changes (3)

• tests/model_registry/rbac/test_mr_rbac.py
• tests/model_registry/rbac/multiple_instance_utils.py
• tests/model_registry/conftest.py

🚧 Files skipped from review as they are similar to previous changes (3)

• tests/model_registry/rest_api/conftest.py
• tests/model_registry/rest_api/test_model_registry_secure_db.py
• tests/model_registry/rbac/conftest.py

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

The following are automatically added/executed:

• PR size label.
• Run pre-commit
• Run tox
• Add PR author as the PR assignee
• Build image based on the PR

Available user actions:

• To mark a PR as WIP, add /wip in a comment. To remove it from the PR comment /wip cancel to the PR.
• To block merging of a PR, add /hold in a comment. To un-block merging of PR comment /hold cancel.
• To mark a PR as approved, add /lgtm in a comment. To remove, add /lgtm cancel.
  lgtm label removed on each new commit push.
• To mark PR as verified comment /verified to the PR, to un-verify comment /verified cancel to the PR.
  verified label removed on each new commit push.
• To Cherry-pick a merged PR /cherry-pick <target_branch_name> to the PR. If <target_branch_name> is valid,
  and the current PR is merged, a cherry-picked PR would be created and linked to the current PR.
• To build and push image to quay, add /build-push-pr-image in a comment. This would create an image with tag
  pr-<pr_number> to quay repository. This image tag, however would be deleted on PR merge or close action.

Supported labels

{'/hold', '/wip', '/verified', '/lgtm', '/cherry-pick', '/build-push-pr-image'}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

tests/model_registry/rest_api/conftest.py (1)

260-264: Reorder waits to include rollout pods and reduce namespace flakiness

Call wait_for_condition(Available) first, then wait_for_pods_running; the current call snapshots pods pre‑rollout and is namespace‑wide. Reordering aligns with deploy_secure_mysql_and_mr and ensures new pods are checked.

-        wait_for_pods_running(
-            admin_client=admin_client, namespace_name=model_registry_namespace, number_of_consecutive_checks=3
-        )
-        model_registry_db_deployments[0].wait_for_condition(condition="Available", status="True")
+        model_registry_db_deployments[0].wait_for_condition(condition="Available", status="True")
+        wait_for_pods_running(
+            admin_client=admin_client, namespace_name=model_registry_namespace, number_of_consecutive_checks=3
+        )

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a853ac0 and 7d77f2f.

📒 Files selected for processing (6)

• tests/model_registry/conftest.py (0 hunks)
• tests/model_registry/rbac/conftest.py (1 hunks)
• tests/model_registry/rbac/multiple_instance_utils.py (0 hunks)
• tests/model_registry/rbac/test_mr_rbac.py (0 hunks)
• tests/model_registry/rest_api/conftest.py (2 hunks)
• tests/model_registry/rest_api/test_model_registry_secure_db.py (2 hunks)

💤 Files with no reviewable changes (3)

• tests/model_registry/rbac/test_mr_rbac.py
• tests/model_registry/conftest.py
• tests/model_registry/rbac/multiple_instance_utils.py

🧰 Additional context used

🧠 Learnings (12)

📚 Learning: 2025-07-17T15:42:23.880Z

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:733-770
Timestamp: 2025-07-17T15:42:23.880Z
Learning: In tests/model_registry/conftest.py, the model_registry_instance_1 and model_registry_instance_2 fixtures do not need explicit database dependency fixtures (like db_deployment_1, db_secret_1, etc.) in their function signatures. Pytest's dependency injection automatically handles the fixture dependencies when they reference db_name_1 and db_name_2 parameters. This is the correct pattern for these Model Registry instance fixtures.

Applied to files:

• tests/model_registry/rbac/conftest.py
• tests/model_registry/rest_api/test_model_registry_secure_db.py

📚 Learning: 2025-07-30T14:15:25.605Z

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#429
File: tests/model_registry/rbac/test_mr_rbac_sa.py:45-45
Timestamp: 2025-07-30T14:15:25.605Z
Learning: In tests/model_registry/rbac/test_mr_rbac_sa.py, bounds checking for model_registry_instance_rest_endpoint list access is not needed because upstream fixture validation already ensures endpoints exist before the tests execute. The Model Registry setup process validates endpoint availability, making additional bounds checks redundant.

Applied to files:

• tests/model_registry/rbac/conftest.py
• tests/model_registry/rest_api/test_model_registry_secure_db.py

📚 Learning: 2025-07-17T15:42:26.275Z

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:0-0
Timestamp: 2025-07-17T15:42:26.275Z
Learning: In tests/model_registry/conftest.py, the model_registry_instance_1 fixture (and similar duplicated Model Registry instance fixtures) do not require admin_client, db_deployment_1, or db_secret_1 parameters as explicit dependencies, even though these dependencies exist implicitly through the fixture dependency chain.

Applied to files:

• tests/model_registry/rbac/conftest.py
• tests/model_registry/rest_api/test_model_registry_secure_db.py

📚 Learning: 2025-07-30T14:15:25.605Z

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#429
File: tests/model_registry/rbac/test_mr_rbac_sa.py:45-45
Timestamp: 2025-07-30T14:15:25.605Z
Learning: In tests/model_registry/conftest.py, the model_registry_instance_rest_endpoint fixture contains a built-in assertion `assert len(mr_instances) >= 1` that ensures at least one model registry instance exists before returning the endpoint list. This validation makes bounds checking redundant when accessing the first element of the returned list in test methods.

Applied to files:

• tests/model_registry/rbac/conftest.py

📚 Learning: 2025-07-04T00:17:47.799Z

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#401
File: tests/model_registry/rest_api/mariadb/conftest.py:89-110
Timestamp: 2025-07-04T00:17:47.799Z
Learning: In tests/model_registry/rest_api/mariadb/conftest.py, the model_registry_with_mariadb fixture should always use OAUTH_PROXY_CONFIG_DICT for the oauth_proxy parameter regardless of the is_model_registry_oauth parameter value, based on expected product behavior for MariaDB-backed ModelRegistry instances.

Applied to files:

• tests/model_registry/rest_api/conftest.py
• tests/model_registry/rest_api/test_model_registry_secure_db.py

📚 Learning: 2025-07-09T08:50:22.172Z

Learnt from: fege
PR: opendatahub-io/opendatahub-tests#409
File: tests/model_registry/negative_tests/test_db_migration.py:47-57
Timestamp: 2025-07-09T08:50:22.172Z
Learning: In negative tests for model registry database migration failures (like test_db_migration_negative), the model registry pod is expected to be in a failed state (not Running) when the database is dirty. The test fetches logs from the failed pod to verify the expected error message about dirty database version, so waiting for Running status would be inappropriate.

Applied to files:

• tests/model_registry/rest_api/conftest.py

📚 Learning: 2025-08-11T12:14:12.803Z

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#504
File: tests/model_registry/rest_api/test_model_registry_secure_db.py:16-16
Timestamp: 2025-08-11T12:14:12.803Z
Learning: In tests/model_registry/rest_api/test_model_registry_secure_db.py, both the class-level `model_registry_instance` fixture and the method-level `deploy_secure_mysql_and_mr` fixture are intentionally required together for the secure database test setup. These fixtures serve different purposes and are not redundant.

Applied to files:

• tests/model_registry/rest_api/test_model_registry_secure_db.py

📚 Learning: 2025-07-17T15:42:04.167Z

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:595-612
Timestamp: 2025-07-17T15:42:04.167Z
Learning: In tests/model_registry/conftest.py, the db_deployment_1 fixture (and similar duplicated resource fixtures) do not require the admin_client parameter or explicit dependencies on related fixtures like db_secret_1, db_pvc_1, and db_service_1, even though the original model_registry_db_deployment fixture includes these parameters.

Applied to files:

• tests/model_registry/rest_api/test_model_registry_secure_db.py

📚 Learning: 2025-07-17T15:41:54.284Z

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#446
File: tests/model_registry/conftest.py:666-676
Timestamp: 2025-07-17T15:41:54.284Z
Learning: In tests/model_registry/conftest.py, the db_secret_1 and db_secret_2 fixtures do not require the admin_client parameter in their signatures, unlike some other Secret fixtures in the codebase. The user lugi0 confirmed this is the correct pattern for these specific fixtures.

Applied to files:

• tests/model_registry/rest_api/test_model_registry_secure_db.py

📚 Learning: 2025-08-08T15:58:03.769Z

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#487
File: tests/model_registry/async_job/conftest.py:210-219
Timestamp: 2025-08-08T15:58:03.769Z
Learning: In tests/model_registry/async_job/conftest.py, using https in MODEL_SYNC_REGISTRY_SERVER_ADDRESS together with MODEL_SYNC_REGISTRY_IS_SECURE="False" is intentional: IS_SECURE=False disables TLS verification for the Model Registry’s self-signed certificate in test environments. This pattern aligns with the repository’s accepted practice of skipping TLS verification in tests.

Applied to files:

• tests/model_registry/rest_api/test_model_registry_secure_db.py

📚 Learning: 2025-08-12T15:40:14.417Z

Learnt from: dbasunag
PR: opendatahub-io/opendatahub-tests#504
File: tests/model_registry/conftest.py:78-78
Timestamp: 2025-08-12T15:40:14.417Z
Learning: In tests/model_registry/conftest.py, the model_registry_instance fixture correctly uses param.get("db_name", "mysql") to read test parameters, as tests parameterize using "db_name" as the key (e.g., {"db_name": "mariadb"}). The parameter dict key does not need to match the function parameter name when passing values between fixtures.

Applied to files:

• tests/model_registry/rest_api/test_model_registry_secure_db.py

📚 Learning: 2025-08-08T15:58:03.524Z

Learnt from: lugi0
PR: opendatahub-io/opendatahub-tests#487
File: tests/model_registry/async_job/constants.py:23-31
Timestamp: 2025-08-08T15:58:03.524Z
Learning: In opendatahub-io/opendatahub-tests, for tests under tests/model_registry/async_job (e.g., constants.py and related fixtures), runs start from a clean, known Model Registry state. Therefore, using static MODEL_ID, MODEL_VERSION_ID, and MODEL_ARTIFACT_ID values in MODEL_SYNC_CONFIG is intentional and acceptable; dynamic ID injection is not required for these async job tests (per guidance from user lugi0).

Applied to files:

• tests/model_registry/rest_api/test_model_registry_secure_db.py

🧬 Code graph analysis (1)

tests/model_registry/rest_api/conftest.py (3)

tests/model_registry/utils.py (1)

• wait_for_pods_running (248-281)

tests/conftest.py (1)

• admin_client (68-69)

tests/model_registry/conftest.py (1)

• model_registry_namespace (62-63)

🔇 Additional comments (3)

tests/model_registry/rest_api/conftest.py (1)

329-334: LGTM: explicit cleanup of SSL secrets

Post‑yield deletion looks good and prevents leaked secrets.

tests/model_registry/rest_api/test_model_registry_secure_db.py (2)

16-16: Confirm dropping model_registry_instance was intentional

Prior learnings indicated class‑level model_registry_instance and deploy_secure_mysql_and_mr serve different purposes. Please confirm no hidden dependencies rely on the former. I’m referencing our past note explicitly.

---

90-94: LGTM: fixture ordering for valid CA path

Order ensures CA ConfigMap exists before patching and deploy. Matches the secure‑DB flow.

[coderabbitai]

⚠️ Potential issue

Add teardown=teardown_resources to ModelRegistry contexts to avoid leaks

Other parametrized fixtures pass teardown; missing it here may leave MR instances behind.

-        mr_instances = [stack.enter_context(ModelRegistry(**param)) for param in request.param]
+        mr_instances = [
+            stack.enter_context(ModelRegistry(**param, teardown=teardown_resources))
+            for param in request.param
+        ]

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	mr_instances = [stack.enter_context(ModelRegistry(**param)) for param in request.param]
	for mr_instance in mr_instances:
	# Common parameters for both ModelRegistry classes
	mr_instances = [
	stack.enter_context(ModelRegistry(**param, teardown=teardown_resources))
	for param in request.param
	]
	for mr_instance in mr_instances:
	# Common parameters for both ModelRegistry classes

🤖 Prompt for AI Agents

In tests/model_registry/rbac/conftest.py around lines 345 to 347, the
ModelRegistry instances are created via
stack.enter_context(ModelRegistry(**param)) but omit the
teardown=teardown_resources argument which can leak resources; update the
context creation to pass teardown=teardown_resources to each ModelRegistry
invocation (e.g. stack.enter_context(ModelRegistry(...,
teardown=teardown_resources))) so the fixture tears down MR instances properly.

[dbasunag]

/build-push-pr-image

[github-actions]

Status of building tag pr-614: success.
Status of pushing tag pr-614 to image registry: success.

[lugi0]

why remove the sanity tag?

[dbasunag]

Will add it back.

[dbasunag]

/build-push-pr-image

[github-actions]

Status of building tag pr-614: success.
Status of pushing tag pr-614 to image registry: success.

[github-actions]

Status of building tag latest: success.
Status of pushing tag latest to image registry: success.