Summary
All Python integration tests fail because their API endpoints require the x-internal-auth header, but the test clients never set it. Every non-health endpoint returns 401.
Affected Files
services/analytics-python-service/test_main.py:25-30services/ai-copilot-service/test_main.py:26-36services/ats-service/test_main.py:29-38
Root Cause
All Python services have an internal_auth_middleware that returns 401 for any request (except /health) missing the x-internal-auth header:
@app.middleware("http")
async def internal_auth_middleware(request, call_next):
if request.url.path == "/health":
return await call_next(request)
auth_header = request.headers.get("x-internal-auth")
if not auth_header:
return JSONResponse(status_code=401, content={"error": "Missing internal authentication"})But the tests use TestClient(app) without setting this header:
response = client.get("/analytics/performance") # No x-internal-auth header -> 401Additionally, the employee service test cannot import because it uses os.environ["MONGO_USER"] (bracket access) at module level, which raises KeyError if the env var is not set.
Impact
- ALL test assertions except
test_health_check fail with 401
- CI reports passing but tests never actually run
- Zero test coverage for actual business logic
- False confidence in test suite
Fix Required
- Set the
x-internal-auth header in all test clients:
def client():
with TestClient(app) as c:
yield c # But how to add header to every request?For TestClient, use a header override or disable the middleware in tests:
# Option 1: Pass the header in every request
response = client.get("/endpoint", headers={"x-internal-auth": "test-key"})
# Option 2: Override the middleware dependency
app.dependency_overrides[verify_internal_auth] = lambda: True
- For employee service: Use
os.environ.get() instead of os.environ[], or set env vars before import.
Summary
All Python integration tests fail because their API endpoints require the
x-internal-authheader, but the test clients never set it. Every non-health endpoint returns 401.Affected Files
services/analytics-python-service/test_main.py:25-30services/ai-copilot-service/test_main.py:26-36services/ats-service/test_main.py:29-38Root Cause
All Python services have an
internal_auth_middlewarethat returns 401 for any request (except/health) missing thex-internal-authheader:But the tests use
TestClient(app)without setting this header:Additionally, the employee service test cannot import because it uses
os.environ["MONGO_USER"](bracket access) at module level, which raisesKeyErrorif the env var is not set.Impact
test_health_checkfail with 401Fix Required
x-internal-authheader in all test clients:For
TestClient, use a header override or disable the middleware in tests:os.environ.get()instead ofos.environ[], or set env vars before import.