Fix post-deploy auth issues: best-effort service provisioning, integration test auth, test mock corrections

- api/app.py: email/calendar/files provisioning now best-effort (non-fatal); fixed email_manager.create_email_user call to include domain argument - tests/integration: added module-level auth sessions to all integration test files; added admin auth to api fixture and _resolve_admin_pass() helper; added TEST_PEER_PASSWORD constant; added password to peer creation calls - tests/test_peer_provisioning.py: renamed rollback test to reflect new best-effort semantics (email failure no longer causes rollback) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-25 15:42:03 -04:00
parent 975d05eef3
commit fc3cfc9741
10 changed files with 184 additions and 88 deletions
@@ -1845,45 +1845,25 @@ def add_peer():

        peer_name = data['name']

-        # --- Provision service accounts with rollback on failure ---
-        provisioned = []
-        try:
-            auth_manager.create_user(peer_name, password, 'peer')
-            provisioned.append('auth')
+        # --- Provision auth account (hard-required) ---
+        if not auth_manager.create_user(peer_name, password, 'peer'):
+            return jsonify({"error": f"Could not create auth account (duplicate name?)"}), 400

-            email_manager.create_email_user(peer_name, password)
-            provisioned.append('email')
-
-            calendar_manager.create_calendar_user(peer_name, password)
-            provisioned.append('calendar')
-
-            file_manager.create_user(peer_name, password)
-            provisioned.append('files')
-
-        except Exception as prov_err:
-            logger.error(f"Peer provisioning failed at step {provisioned}: {prov_err}")
-            # Rollback everything provisioned so far
-            if 'files' in provisioned:
-                try:
-                    file_manager.delete_user(peer_name)
-                except Exception:
-                    pass
-            if 'calendar' in provisioned:
-                try:
-                    calendar_manager.delete_calendar_user(peer_name)
-                except Exception:
-                    pass
-            if 'email' in provisioned:
-                try:
-                    email_manager.delete_email_user(peer_name)
-                except Exception:
-                    pass
-            if 'auth' in provisioned:
-                try:
-                    auth_manager.delete_user(peer_name)
-                except Exception:
-                    pass
-            return jsonify({"error": f"Peer provisioning failed: {prov_err}"}), 500
+        # --- Provision service accounts (best-effort; failures logged but non-fatal) ---
+        provisioned = ['auth']
+        domain = _configured_domain()
+        for step_name, step_fn in [
+            ('email',    lambda: email_manager.create_email_user(peer_name, domain, password)),
+            ('calendar', lambda: calendar_manager.create_calendar_user(peer_name, password)),
+            ('files',    lambda: file_manager.create_user(peer_name, password)),
+        ]:
+            try:
+                if step_fn():
+                    provisioned.append(step_name)
+                else:
+                    logger.warning(f"Peer {peer_name}: {step_name} account creation returned False (service may not be ready)")
+            except Exception as e:
+                logger.warning(f"Peer {peer_name}: {step_name} account creation failed (non-fatal): {e}")

        # Add peer to registry with all provided fields
        peer_info = {