Tests are updated to match the new behavior

jyejare · jyejare · commit 8739c76e102e · 2025-12-15T14:09:50.000+05:30
Signed-off-by: jyejare &lt;jyejare@redhat.com&gt;
diff --git a/sdk/python/feast/permissions/enforcer.py b/sdk/python/feast/permissions/enforcer.py
@@ -72,19 +72,14 @@ def enforce_policy(
                 if evaluator.is_decided():
                     grant, explanations = evaluator.grant()
                     if not grant:
-                        if not filter_only:
-                            logger.error(f"Permission denied: {','.join(explanations)}")
-                            raise FeastPermissionError(",".join(explanations))
-                        elif filter_only and not p.name_patterns:
-                            logger.error(f"Permission denied: {','.join(explanations)}")
-                            raise FeastPermissionError(",".join(explanations))
-                        else:
+                        if filter_only and p.name_patterns:
                             continue
-                    if grant:
-                        logger.debug(
-                            f"Permission granted for {type(resource).__name__}:{resource.name}"
-                        )
-                        _permitted_resources.append(resource)
+                        logger.error(f"Permission denied: {','.join(explanations)}")
+                        raise FeastPermissionError(",".join(explanations))
+                    logger.debug(
+                        f"Permission granted for {type(resource).__name__}:{resource.name}"
+                    )
+                    _permitted_resources.append(resource)
                     break
         else:
             if not filter_only:
diff --git a/sdk/python/tests/unit/permissions/auth/server/test_auth_registry_server.py b/sdk/python/tests/unit/permissions/auth/server/test_auth_registry_server.py
@@ -142,6 +142,11 @@ def _test_get_historical_features(client_fs: FeatureStore):
 
 
 def _test_get_entity(client_fs: FeatureStore, permissions: list[Permission]):
+    if _is_auth_enabled(client_fs) and len(permissions) == 0:
+        with pytest.raises(FeastPermissionError):
+            client_fs.get_entity("driver")
+        return
+
     if not _is_auth_enabled(client_fs) or _is_permission_enabled(
         client_fs, permissions, read_entities_perm
     ):
@@ -156,6 +161,18 @@ def _test_get_entity(client_fs: FeatureStore, permissions: list[Permission]):
 
 
 def _test_list_entities(client_fs: FeatureStore, permissions: list[Permission]):
+    if _is_auth_enabled(client_fs) and len(permissions) == 0:
+        with pytest.raises(FeastPermissionError):
+            client_fs.list_entities()
+        return
+
+    if _is_auth_enabled(client_fs) and _permissions_exist_in_permission_list(
+        [invalid_list_entities_perm], permissions
+    ):
+        with pytest.raises(FeastPermissionError):
+            client_fs.list_entities()
+        return
+
     entities = client_fs.list_entities()
 
     if not _is_auth_enabled(client_fs) or _is_permission_enabled(
@@ -183,6 +200,10 @@ def _test_list_permissions(
         with pytest.raises(Exception):
             client_fs.list_permissions()
         return []
+    elif _is_auth_enabled(client_fs) and len(applied_permissions) == 0:
+        with pytest.raises(FeastPermissionError):
+            client_fs.list_permissions()
+        return []
     else:
         permissions = client_fs.list_permissions()
 
@@ -229,6 +250,11 @@ def _is_auth_enabled(client_fs: FeatureStore) -> bool:
 
 
 def _test_get_fv(client_fs: FeatureStore, permissions: list[Permission]):
+    if _is_auth_enabled(client_fs) and len(permissions) == 0:
+        with pytest.raises(FeastPermissionError):
+            client_fs.get_feature_view("driver_hourly_stats")
+        return
+
     if not _is_auth_enabled(client_fs) or _is_permission_enabled(
         client_fs, permissions, read_fv_perm
     ):
@@ -249,6 +275,10 @@ def _test_list_fvs(client_fs: FeatureStore, permissions: list[Permission]):
         with pytest.raises(Exception):
             client_fs.list_feature_views()
         return []
+    elif _is_auth_enabled(client_fs) and len(permissions) == 0:
+        with pytest.raises(FeastPermissionError):
+            client_fs.list_feature_views()
+        return []
     else:
         fvs = client_fs.list_feature_views()
         for fv in fvs:
diff --git a/sdk/python/tests/unit/permissions/test_security_manager.py b/sdk/python/tests/unit/permissions/test_security_manager.py
@@ -15,7 +15,7 @@
 @pytest.mark.parametrize(
     "username, requested_actions, allowed, allowed_single, raise_error_in_assert, raise_error_in_permit, intra_communication_flag",
     [
-        (None, [], False, [False, False], [True, True], False, False),
+        (None, [], False, [False, False], [True, True], True, False),
         (None, [], True, [True, True], [False, False], False, True),
         (
             "r",
@@ -42,7 +42,7 @@
             False,
             [False, False],
             [True, True],
-            False,
+            True,
             False,
         ),
         ("r", [AuthzedAction.UPDATE], True, [True, True], [False, False], False, True),
@@ -52,7 +52,7 @@
             False,
             [False, False],
             [True, True],
-            False,
+            True,
             False,
         ),
         (
@@ -116,7 +116,7 @@
             False,
             [False, False],
             [True, True],
-            True,
+            False,
             False,
         ),
         (
@@ -134,7 +134,7 @@
             False,
             [False, True],
             [True, False],
-            True,
+            False,
             False,
         ),
         (
@@ -152,7 +152,7 @@
             False,
             [False, False],
             [True, True],
-            True,
+            False,
             False,
         ),
         (
