test(api): Fix write-scope regression tests

dcramer · codex · dcramer · commit 2f9b9e414d97 · 2026-04-15T16:22:33.000-07:00
Use supported token auth for data export, give alert-rule token tests a valid member project setup, and return a real anomaly payload in the Seer regression test.

These tests were asserting the new permission contracts, but two of them were exercising invalid success paths and one was using an auth shape that the endpoint does not serialize correctly.

Co-Authored-By: Codex &lt;noreply@openai.com&gt;
diff --git a/tests/sentry/data_export/endpoints/test_data_export.py b/tests/sentry/data_export/endpoints/test_data_export.py
@@ -6,9 +6,12 @@
 
 from sentry.data_export.base import ExportQueryType, ExportStatus
 from sentry.data_export.models import ExportedData
+from sentry.models.apitoken import ApiToken
 from sentry.search.utils import parse_datetime_string
+from sentry.silo.base import SiloMode
 from sentry.testutils.cases import APITestCase
 from sentry.testutils.helpers.datetime import freeze_time
+from sentry.testutils.silo import assume_test_silo_mode
 from sentry.utils.snuba import MAX_FIELDS
 
 
@@ -58,6 +61,10 @@ def make_payload(
                 payload["query_info"].update(extras)
         return payload
 
+    def _create_token(self, scope: str) -> ApiToken:
+        with assume_test_silo_mode(SiloMode.CONTROL):
+            return ApiToken.objects.create(user=self.user, scope_list=[scope])
+
     def test_authorization(self) -> None:
         payload = self.make_payload("issue")
 
@@ -80,30 +87,30 @@ def test_authorization(self) -> None:
         with self.feature("organizations:discover-query"):
             self.get_error_response(self.org.slug, status_code=403, **modified_payload)
 
-    def test_post_requires_event_write_scope_for_api_keys(self) -> None:
+    def test_post_requires_event_write_scope_for_tokens(self) -> None:
         payload = self.make_payload("issue")
-        api_key = self.create_api_key(organization=self.org, scope_list=["event:read"])
+        token = self._create_token("event:read")
 
         with self.feature("organizations:discover-query"):
             response = self.client.post(
                 self.url,
                 data=payload,
                 format="json",
-                HTTP_AUTHORIZATION=self.create_basic_auth_header(api_key.key),
+                HTTP_AUTHORIZATION=f"Bearer {token.token}",
             )
 
         assert response.status_code == 403
 
-    def test_post_allows_event_write_scope_for_api_keys(self) -> None:
+    def test_post_allows_event_write_scope_for_tokens(self) -> None:
         payload = self.make_payload("issue")
-        api_key = self.create_api_key(organization=self.org, scope_list=["event:write"])
+        token = self._create_token("event:write")
 
         with self.feature("organizations:discover-query"):
             response = self.client.post(
                 self.url,
                 data=payload,
                 format="json",
-                HTTP_AUTHORIZATION=self.create_basic_auth_header(api_key.key),
+                HTTP_AUTHORIZATION=f"Bearer {token.token}",
             )
 
         assert response.status_code == 201
diff --git a/tests/sentry/incidents/endpoints/test_organization_alert_rule_index.py b/tests/sentry/incidents/endpoints/test_organization_alert_rule_index.py
@@ -455,6 +455,8 @@ def test_simple(self) -> None:
         )
 
     def test_create_requires_alerts_write_scope_for_tokens(self) -> None:
+        team = self.create_team(organization=self.organization, members=[self.user])
+        ProjectTeam.objects.create(project=self.project, team=team)
         token = self._create_token("org:read")
 
         with self.feature(["organizations:incidents", "organizations:performance-view"]):
@@ -468,6 +470,8 @@ def test_create_requires_alerts_write_scope_for_tokens(self) -> None:
         assert response.status_code == 403
 
     def test_create_allows_alerts_write_scope_for_tokens(self) -> None:
+        team = self.create_team(organization=self.organization, members=[self.user])
+        ProjectTeam.objects.create(project=self.project, team=team)
         token = self._create_token("alerts:write")
 
         with (
diff --git a/tests/sentry/seer/endpoints/test_organization_events_anomalies.py b/tests/sentry/seer/endpoints/test_organization_events_anomalies.py
@@ -172,7 +172,24 @@ def test_member_permission(self, mock_seer_request: MagicMock) -> None:
     )
     def test_alerts_write_scope_allows_post(self, mock_seer_request: MagicMock) -> None:
         mock_seer_request.return_value = HTTPResponse(
-            orjson.dumps(DetectAnomaliesResponse(success=True, message="", timeseries=[])),
+            orjson.dumps(
+                DetectAnomaliesResponse(
+                    success=True,
+                    message="",
+                    timeseries=[
+                        TimeSeriesPoint(
+                            timestamp=self.current_timestamp_1,
+                            value=2,
+                            anomaly=Anomaly(anomaly_score=-0.1, anomaly_type="none"),
+                        ),
+                        TimeSeriesPoint(
+                            timestamp=self.current_timestamp_2,
+                            value=3,
+                            anomaly=Anomaly(anomaly_score=-0.2, anomaly_type="none"),
+                        ),
+                    ],
+                )
+            ),
             status=200,
         )
         token = self._create_token("alerts:write")
