fix(test-schemathesis): disable rate limiter in fuzz subprocess
Schemathesis fires up to 3000 examples per endpoint. POST /auth/login caps at 10/5min per IP, so the second example onward returns 429 and the positive_data_acceptance check flags it as RejectedPositiveData (its allowed-status list is hardcoded in schemathesis to 2xx/401/403/404/409/5xx, so OpenAPI tweaks can't fix it). DECNET_LIMITER_ENABLED=false exists for exactly this case (see limiter.py docstring on stress/load testing). Reverts the custom_openapi shim from5d88346/9b1168c— the endpoint already declares 429 in its responses= map (api_login.py:38), and the shim turned out to address a problem that wasn't there. Drop the companion test along with it.
This commit is contained in:
@@ -1,50 +0,0 @@
|
||||
"""OpenAPI must advertise 429 on every slowapi-rate-limited operation.
|
||||
|
||||
Other endpoints may also advertise 429 for their own reasons (e.g. the
|
||||
SSE connection cap in ``decnet.web.sse_limits``); the test does not
|
||||
forbid those — it only enforces the slowapi side.
|
||||
"""
|
||||
from decnet.web.api import app, _rate_limited_endpoint_names
|
||||
from fastapi.routing import APIRoute
|
||||
|
||||
|
||||
def _route_qualname_index() -> dict[tuple[str, str], str]:
|
||||
idx: dict[tuple[str, str], str] = {}
|
||||
for route in app.routes:
|
||||
if not isinstance(route, APIRoute):
|
||||
continue
|
||||
qn = f"{route.endpoint.__module__}.{route.endpoint.__name__}"
|
||||
for method in route.methods or ():
|
||||
idx[(route.path, method.lower())] = qn
|
||||
return idx
|
||||
|
||||
|
||||
def test_429_documented_on_rate_limited_endpoints_only() -> None:
|
||||
schema = app.openapi()
|
||||
paths = schema.get("paths", {})
|
||||
assert paths, "OpenAPI schema is empty — router not mounted"
|
||||
|
||||
rate_limited = _rate_limited_endpoint_names()
|
||||
assert rate_limited, "no @limiter.limit-decorated endpoints found"
|
||||
|
||||
qualname_for = _route_qualname_index()
|
||||
|
||||
http_methods = {"get", "post", "put", "patch", "delete", "options", "head"}
|
||||
missing: list[str] = []
|
||||
|
||||
for path, item in paths.items():
|
||||
for method, op in item.items():
|
||||
if method.lower() not in http_methods:
|
||||
continue
|
||||
qn = qualname_for.get((path, method.lower()))
|
||||
if qn in rate_limited and "429" not in op.get("responses", {}):
|
||||
missing.append(f"{method.upper()} {path}")
|
||||
|
||||
assert not missing, f"rate-limited ops missing 429: {missing}"
|
||||
|
||||
|
||||
def test_login_endpoint_documents_429() -> None:
|
||||
"""Sanity check the one endpoint we know is rate-limited."""
|
||||
schema = app.openapi()
|
||||
op = schema["paths"]["/api/v1/auth/login"]["post"]
|
||||
assert "429" in op["responses"]
|
||||
Reference in New Issue
Block a user