fix: Repair e2e tests broken by multi-tenancy and add pytest-timeout

Fixed issues in e2e tests caused by multi-tenancy (team) implementation:

- Added "teams": [] to JWT token payloads in test_admin_apis.py and test_main_apis.py to allow access to public resources and own private resources
- Set "visibility": "public" for test servers, prompts, and resources to ensure proper access with public-only tokens
- Simplified settings mock in test_admin_apis.py (replaced patch with MagicMock)
- Fixed string escaping in resource data test (test_main_apis.py:979)
- Cleaned up logging setup in test_admin_apis.py

Added missing pytest-timeout>=2.4.0 package to dev dependencies to ensure timeout decorations are properly honored during test execution.

Signed-off-by: Jonathan Springer <[email protected]>

Author: jonpspri

pyproject.toml

@@ -129,6 +129,7 @@ dev = [
     "pytest-httpx>=0.35.0",
     "pytest-md-report>=0.7.0",
     "pytest-rerunfailures>=16.0.1",
+    "pytest-timeout>=2.4.0",
     "pytest-trio>=0.8.0",
     "pytest-xdist>=3.8.0",
     "pytype>=2024.10.11",

tests/e2e/test_admin_apis.py

@@ -36,7 +36,7 @@
 
 # Standard
 import logging
-from unittest.mock import patch
+from unittest.mock import MagicMock
 from urllib.parse import quote
 import uuid
 
@@ -45,16 +45,8 @@
 import pytest
 import pytest_asyncio
 
-# from mcpgateway.db import Base
-# from mcpgateway.main import app, get_db
 
-
-# Configure logging for debugging
-def setup_logging():
-    logging.basicConfig(level=logging.DEBUG, format="%(asctime)s - %(levelname)s - %(message)s")
-
-
-setup_logging()
+logging.basicConfig(level=logging.DEBUG, format="%(asctime)s - %(levelname)s - %(message)s")
 
 
 # pytest.skip("Temporarily disabling this suite", allow_module_level=True)
@@ -79,6 +71,7 @@ def create_test_jwt_token():
         "exp": int(expire.timestamp()),
         "iss": "mcpgateway",
         "aud": "mcpgateway-api",
+        "teams": [],  # Empty teams list allows access to public resources and own private resources
     }
 
     # Use the test JWT secret key
@@ -161,19 +154,15 @@ async def mock_settings():
     # First-Party
     from mcpgateway.config import settings as real_settings
 
-    with patch("mcpgateway.config.settings") as mock_settings:
-        # Copy all existing settings
-        for attr in dir(real_settings):
-            if not attr.startswith("_"):
-                setattr(mock_settings, attr, getattr(real_settings, attr))
+    MockSettings = MagicMock(wrap=real_settings)
 
-        # Override specific settings for testing
-        mock_settings.cache_type = "database"
-        mock_settings.mcpgateway_admin_api_enabled = True
-        mock_settings.mcpgateway_ui_enabled = False
-        mock_settings.auth_required = False
+    # Override specific settings for testing
+    mock_settings.cache_type = "database"
+    mock_settings.mcpgateway_admin_api_enabled = True
+    mock_settings.mcpgateway_ui_enabled = False
+    mock_settings.auth_required = False
 
-        yield mock_settings
+    yield mock_settings
 
 
 # -------------------------
@@ -227,6 +216,7 @@ async def test_admin_server_lifecycle(self, client: AsyncClient, mock_settings):
             "associatedTools": "",  # Empty initially
             "associatedResources": "",
             "associatedPrompts": "",
+            "visibility": "public",  # Make public to allow access with public-only token
         }
 
         # POST to /admin/servers should redirect
@@ -254,6 +244,7 @@ async def test_admin_server_lifecycle(self, client: AsyncClient, mock_settings):
             "associatedTools": "",
             "associatedResources": "",
             "associatedPrompts": "",
+            "visibility": "public",  # Keep public visibility
         }
         response = await client.post(f"/admin/servers/{server_id}/edit", data=edit_data, headers=TEST_AUTH_HEADER, follow_redirects=False)
         assert response.status_code == 200
@@ -497,6 +488,7 @@ async def test_admin_prompt_lifecycle(self, client: AsyncClient, mock_settings):
             "description": "Test prompt via admin",
             "template": "Hello {{name}}, this is a test prompt",
             "arguments": '[{"name": "name", "description": "User name", "required": true}]',
+            "visibility": "public",  # Make public to allow access with public-only token
         }
 
         # POST to /admin/prompts should redirect
@@ -522,6 +514,7 @@ async def test_admin_prompt_lifecycle(self, client: AsyncClient, mock_settings):
             "description": "Updated description",
             "template": "Updated {{greeting}}",
             "arguments": '[{"name": "greeting", "description": "Greeting", "required": false}]',
+            "visibility": "public",  # Keep public visibility
         }
         response = await client.post(f"/admin/prompts/{prompt_id}/edit", data=edit_data, headers=TEST_AUTH_HEADER, follow_redirects=False)
         assert response.status_code == 200

tests/e2e/test_main_apis.py

@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 """Location: ./tests/e2e/test_main_apis.py
 Copyright 2025
 SPDX-License-Identifier: Apache-2.0
@@ -107,7 +108,11 @@ def decorator(func):
 
 
 def generate_test_jwt():
-    payload = {"sub": "test_user", "exp": int(time.time()) + 3600}
+    payload = {
+        "sub": "test_user",
+        "exp": int(time.time()) + 3600,
+        "teams": [],  # Empty teams list allows access to public resources and own private resources
+    }
     secret = settings.jwt_secret_key.get_secret_value()
     algorithm = settings.jwt_algorithm
     return jwt.encode(payload, secret, algorithm=algorithm)
@@ -972,7 +977,7 @@ async def test_create_resource_form_urlencoded(self, client: AsyncClient, mock_a
         import urllib.parse
 
         resource_data = {
-            "resource": urllib.parse.quote_plus('{"uri":"config/formtest","name":"form_test","description":"Form resource","mimeType":"application/json","content":"{"key":"value"}"}'),
+            "resource": urllib.parse.quote_plus(r'{"uri":"config/formtest","name":"form_test","description":"Form resource","mimeType":"application/json","content":"{\"key\":\"value\"}"}'),
             "team_id": "",
             "visibility": "private",
         }
@@ -1068,7 +1073,7 @@ async def test_delete_resource(self, client: AsyncClient, mock_auth):
     # API should probably return 409 instead of 400 for non-existent resource
     async def test_resource_uri_conflict(self, client: AsyncClient, mock_auth):
         """Test creating resource with duplicate URI."""
-        resource_data = {"resource": {"uri": "duplicate/resource", "name": "duplicate", "content": "test", "team_id": None, "visibility": "private"}}
+        resource_data = {"resource": {"uri": "duplicate/resource", "name": "duplicate", "content": "test", "team_id": None, "visibility": "public"}}
 
         # Create first resource
         response = await client.post("/resources", json=resource_data, headers=TEST_AUTH_HEADER)