test(integrations): Add ViewerContext tests for MS Teams webhook

Verify that webhook_viewer_context sets the correct organization_id
and actor_type during both action submission and team member removal.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: gricha

tests/sentry/integrations/msteams/test_action_state_change.py

@@ -22,6 +22,7 @@
 from sentry.silo.base import SiloMode
 from sentry.testutils.asserts import assert_mock_called_once_with_partial, assert_slo_metric
 from sentry.testutils.cases import APITestCase
+from sentry.testutils.helpers.options import override_options
 from sentry.testutils.silo import assume_test_silo_mode
 from sentry.testutils.skips import requires_snuba
 from sentry.users.models.identity import Identity, IdentityStatus
@@ -359,6 +360,31 @@ def test_resolve_with_params(self, verify: MagicMock, client_put: MagicMock) ->
 
         assert_mock_called_once_with_partial(client_put, data=expected_data)
 
+    @responses.activate
+    @override_options({"viewer-context.enabled": True})
+    @patch("sentry.integrations.msteams.webhook.verify_signature", return_value=True)
+    def test_action_submitted_sets_viewer_context(self, verify: MagicMock) -> None:
+        """ViewerContext is set with org_id and actor_type=INTEGRATION during action handling."""
+        from sentry.viewer_context import ActorType, get_viewer_context
+
+        captured_contexts: list = []
+
+        original_refresh = Group.refresh_from_db
+
+        def capturing_refresh(self_group, *args, **kwargs):
+            captured_contexts.append(get_viewer_context())
+            return original_refresh(self_group, *args, **kwargs)
+
+        with patch.object(Group, "refresh_from_db", capturing_refresh):
+            resp = self.post_webhook(action_type=ACTION_TYPE.RESOLVE, resolve_input="resolved")
+
+        assert resp.status_code == 200
+        assert len(captured_contexts) == 1
+        ctx = captured_contexts[0]
+        assert ctx is not None
+        assert ctx.organization_id == self.org.id
+        assert ctx.actor_type == ActorType.INTEGRATION
+
     @responses.activate
     @patch("sentry.integrations.msteams.webhook.verify_signature", return_value=True)
     def test_no_integration(self, verify: MagicMock) -> None:

tests/sentry/integrations/msteams/test_webhook.py

@@ -15,6 +15,7 @@
 from sentry.silo.base import SiloMode
 from sentry.testutils.asserts import assert_slo_metric
 from sentry.testutils.cases import APITestCase
+from sentry.testutils.helpers.options import override_options
 from sentry.testutils.silo import assume_test_silo_mode
 from sentry.users.models.identity import Identity
 from sentry.utils import jwt
@@ -608,3 +609,50 @@ def test_invalid_silo_card_action_payload(
                 HTTP_AUTHORIZATION=f"Bearer {TOKEN}",
             )
             assert response.status_code == 400
+
+    @responses.activate
+    @override_options({"viewer-context.enabled": True})
+    @mock.patch("sentry.utils.jwt.decode")
+    @mock.patch("time.time")
+    def test_member_removed_sets_viewer_context(
+        self, mock_time: MagicMock, mock_decode: MagicMock
+    ) -> None:
+        """ViewerContext is set with org_id and actor_type=INTEGRATION during member removal."""
+        from sentry.viewer_context import ActorType, get_viewer_context
+
+        with assume_test_silo_mode(SiloMode.CONTROL):
+            integration = self.create_provider_integration(external_id=team_id, provider="msteams")
+            self.create_organization_integration(
+                organization_id=self.organization.id, integration=integration
+            )
+
+        captured_contexts: list = []
+
+        original_create_audit_entry = __import__(
+            "sentry.utils.audit", fromlist=["create_audit_entry"]
+        ).create_audit_entry
+
+        def capturing_create_audit_entry(*args, **kwargs):
+            captured_contexts.append(get_viewer_context())
+            return original_create_audit_entry(*args, **kwargs)
+
+        mock_time.return_value = 1594839999 + 60
+        mock_decode.return_value = DECODED_TOKEN
+
+        with mock.patch(
+            "sentry.integrations.msteams.webhook.create_audit_entry",
+            side_effect=capturing_create_audit_entry,
+        ):
+            resp = self.client.post(
+                path=webhook_url,
+                data=EXAMPLE_TEAM_MEMBER_REMOVED,
+                format="json",
+                HTTP_AUTHORIZATION=f"Bearer {TOKEN}",
+            )
+
+        assert resp.status_code == 204
+        assert len(captured_contexts) == 1
+        ctx = captured_contexts[0]
+        assert ctx is not None
+        assert ctx.organization_id == self.organization.id
+        assert ctx.actor_type == ActorType.INTEGRATION