mirror of
https://github.com/tiennm99/litellm.git
synced 2026-07-07 05:07:46 +00:00
f62ae93e13
* test(proxy): add create_scratch_actor harness helper
Adds create_scratch_actor() to the management behavior-suite conftest and
extends create_scratch_team() with team_member_permissions / models kwargs,
needed by the PR3 team-key-permission and team-model matrices. The new
helper mints a scratch-prefixed user + verification token (+ org
memberships), all reclaimed by the existing scratch-prefix teardown.
* test(proxy): pin /key block, unblock, health, aliases behavior
Adds behavior-pinning matrices for POST /key/block, POST /key/unblock,
POST /key/health, and GET /key/aliases. Pins that the management-route gate
401s ORG_ADMIN-role callers before _check_key_admin_access runs, the
block/unblock round-trip on the blocked column, missing-key 404, and the
_apply_non_admin_alias_scope visibility rules for /key/aliases.
* test(proxy): pin /key/bulk_update + /team/key/bulk_update behavior
Adds behavior-pinning matrices for POST /key/bulk_update (PROXY_ADMIN-only;
ORG_ADMIN stopped 401 at the route gate, INTERNAL_USER-role 403 at the
handler) and POST /team/key/bulk_update (team-member-permission gate keyed
on KEY_UPDATE). Pins batch semantics: empty/over-cap 400, per-key failure
isolation into failed_updates, all_keys_in_team broadcast, and no-keys 404.
Adds an optional key_alias arg to create_scratch_key for multi-key scenarios.
* test(proxy): pin /key SA-generate, v2-info, reset-spend behavior
Adds behavior-pinning matrices for POST /key/service-account/generate
(team-membership + team-member-permission gating; SA keys carry no user_id),
POST /v2/key/info (per-key _can_user_query_key_info silently drops invisible
keys), and POST /key/{key}/reset_spend (PROXY_ADMIN or team admin only;
missing key 404, reset-value 400). Pins that ORG_ADMIN-role callers are
stopped 401 at the management-route gate on the two non-info routes.
* test(proxy): close PR1/PR2 key-side deferred coverage gaps
Closes the four key-side gaps deferred from PR1/PR2:
- 404 on missing key for /key/update and /key/delete (not 401/403)
- denied /key/update leaves max_budget/tpm_limit/rpm_limit untouched
- /key/regenerate enforces litellm.upperbound_key_generate_params (#26340)
- /key/list key_alias substring vs exact (admin-only) + team_id filter,
and a non-admin filtering a foreign team is 403
* test(proxy): pin /team block, unblock, available, filter/ui, members/me
Adds behavior-pinning matrices for POST /team/block + /team/unblock
(management-route gate fronts _verify_team_access; reachable only by
PROXY_ADMIN and an org admin of the team's own org), GET /team/available
(default empty path), GET /team/filter/ui (route-gated PROXY-ADMIN-only
despite the handler having no gate), and GET /team/{team_id}/members/me
(caller resolves its own membership; non-member 404, no-user_id key 400).
* test(proxy): pin /team model add/delete + permissions endpoints
Adds behavior-pinning matrices for POST /team/model/add + /team/model/delete
(route-gated PROXY-ADMIN-only; missing team 404), GET /team/permissions_list +
POST /team/permissions_update (self-managed; proxy/team/org admin pass), and
POST /team/permissions_bulk_update (PROXY_ADMIN-only). Pins the deliberate
divergence that the available-team self-join grants read access via
permissions_list but never write access via permissions_update.
* test(proxy): pin /team delete, bulk_member_add, v2/list, daily/activity
Adds behavior-pinning matrices for POST /team/delete (per-team
_verify_team_access; batch aborts whole on a missing id), POST
/team/bulk_member_add (route-gated PROXY-ADMIN-only; empty/over-cap 400),
GET /v2/team/list (_enforce_list_team_v2_access — bare query 401s regular
users, org-scoped for org admins) and GET /team/daily/activity (non-member
team_ids filter 404, the VERIA-43 fix).
* test(proxy): add route-coverage gate + close team org-relocation gap
Adds test_route_coverage.py (PR3.M1): parses every @router route literal
from the two management-endpoint source files and asserts each is exercised
by >=1 behavior-suite scenario — a permanent regression guard for future
routes. Closes the last PR1/PR2 deferred gap: the /team/update org-relocation
allowed branch, exercised by a dual-org-admin minted via create_scratch_actor.
test_team_model uses literal route URLs so the coverage parser resolves them.
* test(proxy): bound plain route params to one path segment in coverage gate
Plain path params ({team_id}) now compile to [^/?]+ instead of [^?]+, so a
parameter cannot span '/'. Starlette ':path' params still match across '/'.
Keeps the route-coverage guard from falsely reporting a future multi-segment
route as covered. All 37 routes remain covered.
185 lines
6.5 KiB
Python
185 lines
6.5 KiB
Python
import uuid
|
|
|
|
import pytest
|
|
|
|
from litellm.proxy.utils import hash_token
|
|
|
|
from .actors import TEAM_ALPHA, TEAM_BETA, Actor
|
|
from .conftest import create_scratch_key
|
|
|
|
pytestmark = pytest.mark.asyncio(loop_scope="session")
|
|
|
|
|
|
# (id, actor, target_shape, expected_status). Pinned against current gating:
|
|
# proxy_admin bypasses; org_admin is blocked by an early role gate (401);
|
|
# every other (INTERNAL_USER-roled) actor hits user_id-mismatch 403, no-team-
|
|
# admin 403, or team_member_permission 401 depending on target / membership.
|
|
_SCENARIOS = [
|
|
("self/proxy_admin", Actor.PROXY_ADMIN, "self", 200),
|
|
("self/org_admin", Actor.ORG_ADMIN, "self", 401),
|
|
("self/team_admin", Actor.TEAM_ADMIN, "self", 403),
|
|
("self/internal_user", Actor.INTERNAL_USER, "self", 403),
|
|
("self/owner", Actor.OWNER, "self", 403),
|
|
("self/unrelated_same_org", Actor.UNRELATED_SAME_ORG, "self", 403),
|
|
("self/cross_org_user", Actor.CROSS_ORG_USER, "self", 403),
|
|
("self/service_account", Actor.SERVICE_ACCOUNT, "self", 403),
|
|
("owner_target/proxy_admin", Actor.PROXY_ADMIN, "owner", 200),
|
|
("owner_target/org_admin", Actor.ORG_ADMIN, "owner", 401),
|
|
("owner_target/team_admin", Actor.TEAM_ADMIN, "owner", 403),
|
|
("owner_target/internal_user", Actor.INTERNAL_USER, "owner", 403),
|
|
("owner_target/unrelated_same_org", Actor.UNRELATED_SAME_ORG, "owner", 403),
|
|
("owner_target/cross_org_user", Actor.CROSS_ORG_USER, "owner", 403),
|
|
("owner_target/service_account", Actor.SERVICE_ACCOUNT, "owner", 403),
|
|
("cross_org_target/proxy_admin", Actor.PROXY_ADMIN, "cross_org", 200),
|
|
("cross_org_target/org_admin", Actor.ORG_ADMIN, "cross_org", 401),
|
|
("cross_org_target/team_admin", Actor.TEAM_ADMIN, "cross_org", 403),
|
|
("cross_org_target/owner", Actor.OWNER, "cross_org", 403),
|
|
("cross_org_target/cross_org_user", Actor.CROSS_ORG_USER, "cross_org", 401),
|
|
("cross_org_target/service_account", Actor.SERVICE_ACCOUNT, "cross_org", 403),
|
|
]
|
|
|
|
MARKER_MODEL = "behavior-pin-update-marker-model"
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
"actor,target_shape,expected_status",
|
|
[(a, t, s) for (_id, a, t, s) in _SCENARIOS],
|
|
ids=[s[0] for s in _SCENARIOS],
|
|
)
|
|
async def test_key_update_authz_matrix(
|
|
actor: Actor,
|
|
target_shape: str,
|
|
expected_status: int,
|
|
proxy_client,
|
|
prisma,
|
|
scratch,
|
|
world,
|
|
):
|
|
caller = world.keys[actor]
|
|
seeder = world.keys[Actor.PROXY_ADMIN].cleartext
|
|
|
|
if target_shape == "self":
|
|
target_cleartext = await create_scratch_key(
|
|
proxy_client, seeder, scratch.prefix, user_id=caller.user_id
|
|
)
|
|
elif target_shape == "owner":
|
|
target_cleartext = await create_scratch_key(
|
|
proxy_client,
|
|
seeder,
|
|
scratch.prefix,
|
|
user_id=world.keys[Actor.OWNER].user_id,
|
|
team_id=TEAM_ALPHA,
|
|
)
|
|
elif target_shape == "cross_org":
|
|
target_cleartext = await create_scratch_key(
|
|
proxy_client,
|
|
seeder,
|
|
scratch.prefix,
|
|
user_id=world.keys[Actor.CROSS_ORG_USER].user_id,
|
|
team_id=TEAM_BETA,
|
|
)
|
|
else:
|
|
pytest.fail(f"unknown target_shape={target_shape}")
|
|
|
|
target_hashed = hash_token(target_cleartext)
|
|
|
|
resp = await proxy_client.post(
|
|
"/key/update",
|
|
headers={"Authorization": f"Bearer {caller.cleartext}"},
|
|
json={"key": target_cleartext, "models": [MARKER_MODEL]},
|
|
)
|
|
assert (
|
|
resp.status_code == expected_status
|
|
), f"{actor.value} {target_shape}: {resp.status_code} {resp.text}"
|
|
|
|
row = await prisma.db.litellm_verificationtoken.find_unique(
|
|
where={"token": target_hashed}
|
|
)
|
|
assert row is not None
|
|
if expected_status == 200:
|
|
assert row.models == [MARKER_MODEL]
|
|
else:
|
|
assert row.models != [MARKER_MODEL], "denied but row mutated"
|
|
|
|
|
|
async def _seed_shape(proxy_client, seeder, prefix, world, shape, caller) -> str:
|
|
if shape == "self":
|
|
return await create_scratch_key(
|
|
proxy_client, seeder, prefix, user_id=caller.user_id
|
|
)
|
|
if shape == "owner":
|
|
return await create_scratch_key(
|
|
proxy_client,
|
|
seeder,
|
|
prefix,
|
|
user_id=world.keys[Actor.OWNER].user_id,
|
|
team_id=TEAM_ALPHA,
|
|
)
|
|
if shape == "cross_org":
|
|
return await create_scratch_key(
|
|
proxy_client,
|
|
seeder,
|
|
prefix,
|
|
user_id=world.keys[Actor.CROSS_ORG_USER].user_id,
|
|
team_id=TEAM_BETA,
|
|
)
|
|
pytest.fail(f"unknown shape={shape}") # pragma: no cover
|
|
|
|
|
|
async def test_key_update_missing_key_is_404(proxy_client, world):
|
|
"""An update targeting a key absent from the DB is a 404 — not 401/403."""
|
|
resp = await proxy_client.post(
|
|
"/key/update",
|
|
headers={"Authorization": f"Bearer {world.keys[Actor.PROXY_ADMIN].cleartext}"},
|
|
json={"key": "sk-" + uuid.uuid4().hex, "models": [MARKER_MODEL]},
|
|
)
|
|
assert resp.status_code == 404, resp.text
|
|
|
|
|
|
# A denied /key/update must not partially apply: the budget/limit columns are
|
|
# left untouched. Each scenario is a denial cell from the matrix above.
|
|
_DENIED_BUDGET = [
|
|
("team_admin/self", Actor.TEAM_ADMIN, "self", 403),
|
|
("internal_user/owner", Actor.INTERNAL_USER, "owner", 403),
|
|
("cross_org_user/cross_org", Actor.CROSS_ORG_USER, "cross_org", 401),
|
|
]
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
"actor,target_shape,expected_status",
|
|
[(a, t, s) for (_id, a, t, s) in _DENIED_BUDGET],
|
|
ids=[s[0] for s in _DENIED_BUDGET],
|
|
)
|
|
async def test_key_update_denied_does_not_touch_budget_counters(
|
|
actor: Actor,
|
|
target_shape: str,
|
|
expected_status: int,
|
|
proxy_client,
|
|
prisma,
|
|
scratch,
|
|
world,
|
|
):
|
|
caller = world.keys[actor]
|
|
seeder = world.keys[Actor.PROXY_ADMIN].cleartext
|
|
target = await _seed_shape(
|
|
proxy_client, seeder, scratch.prefix, world, target_shape, caller
|
|
)
|
|
target_hashed = hash_token(target)
|
|
|
|
resp = await proxy_client.post(
|
|
"/key/update",
|
|
headers={"Authorization": f"Bearer {caller.cleartext}"},
|
|
json={"key": target, "max_budget": 999.0, "tpm_limit": 888, "rpm_limit": 777},
|
|
)
|
|
assert (
|
|
resp.status_code == expected_status
|
|
), f"{actor.value} {target_shape}: {resp.status_code} {resp.text}"
|
|
|
|
row = await prisma.db.litellm_verificationtoken.find_unique(
|
|
where={"token": target_hashed}
|
|
)
|
|
assert row is not None
|
|
assert row.max_budget is None, "denied but max_budget applied"
|
|
assert row.tpm_limit is None, "denied but tpm_limit applied"
|
|
assert row.rpm_limit is None, "denied but rpm_limit applied"
|