[AAP-54064] Allowing for RBAC to not be installed in the JWT consumer (#848)

john-westcott-iv · Claude · web-flow · commit 964c531cdb46 · 2025-09-22T10:18:29.000-04:00
## Description
&lt;!-- Mandatory: Provide a clear, concise description of the changes and
their purpose --&gt;
- What is being changed?
Moves an import for rbac into an rbac specific function to allow for a
jwt_consumer to not import the RBAC application.

- Why is this change needed?
For lighspeed.

- How does this change address the issue?
We should now be able to overide the process_rbac method without
importing the RBAC app.

## Type of Change
&lt;!-- Mandatory: Check one or more boxes that apply --&gt;
- [X] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] Documentation update
- [ ] Test update
- [ ] Refactoring (no functional changes)
- [ ] Development environment change
- [ ] Configuration change

## Self-Review Checklist
&lt;!-- These items help ensure quality - they complement our automated CI
checks --&gt;
- [ ] I have performed a self-review of my code
- [ ] I have added relevant comments to complex code sections
- [ ] I have updated documentation where needed
- [ ] I have considered the security impact of these changes
- [ ] I have considered performance implications
- [ ] I have thought about error handling and edge cases
- [ ] I have tested the changes in my local environment

## Testing Instructions
&lt;!-- Optional for test-only changes. Mandatory for all other changes --&gt;
&lt;!-- Must be detailed enough for reviewers to reproduce --&gt;
### Prerequisites
&lt;!-- List any specific setup required --&gt;

### Steps to Test
1. 
2. 
3. 

### Expected Results
&lt;!-- Describe what should happen after following the steps --&gt;

## Additional Context
&lt;!-- Optional but helpful information --&gt;

### Required Actions
&lt;!-- Check if changes require work in other areas --&gt;
&lt;!-- Remove section if no external actions needed --&gt;
- [ ] Requires documentation updates
  &lt;!-- API docs, feature docs, deployment guides --&gt;
- [ ] Requires downstream repository changes
  &lt;!-- Specify repos: django-ansible-base, eda-server, etc. --&gt;
- [ ] Requires infrastructure/deployment changes
  &lt;!-- CI/CD, installer updates, new services --&gt;
- [ ] Requires coordination with other teams
  &lt;!-- UI team, platform services, infrastructure --&gt;
- [ ] Blocked by PR/MR: #XXX
  &lt;!-- Reference blocking PRs/MRs with brief context --&gt;

### Screenshots/Logs
&lt;!-- Add if relevant to demonstrate the changes --&gt;

Co-authored-by: Claude &lt;claude@anthropic.com&gt;
diff --git a/ansible_base/jwt_consumer/common/auth.py b/ansible_base/jwt_consumer/common/auth.py
@@ -16,7 +16,6 @@
 from ansible_base.lib.logging.runtime import log_excess_runtime
 from ansible_base.lib.utils.auth import get_user_by_ansible_id
 from ansible_base.lib.utils.translations import translatableConditionally as _
-from ansible_base.rbac.claims import get_claims_hash, get_user_claims, get_user_claims_hashable_form, save_user_claims
 from ansible_base.resource_registry.models import Resource, ResourceType
 from ansible_base.resource_registry.rest_client import get_resource_server_client
 from ansible_base.resource_registry.signals.handlers import no_reverse_sync
@@ -230,6 +229,8 @@ def process_rbac_permissions(self):
         """
         Process RBAC permissions using claims hash logic
         """
+        from ansible_base.rbac.claims import get_claims_hash, get_user_claims, get_user_claims_hashable_form, save_user_claims
+
         if self.token is None or self.user is None:
             logger.error("Unable to process rbac permissions because user or token is not defined")
             return
diff --git a/test_app/tests/jwt_consumer/common/test_auth.py b/test_app/tests/jwt_consumer/common/test_auth.py
@@ -480,11 +480,11 @@ def test_process_rbac_permissions_cache_scenarios(
         with (
             mock.patch.object(authentication.cache, 'get_cached_claims_hash') as mock_get_cache,
             mock.patch.object(authentication.cache, 'cache_claims_hash') as mock_set_cache,
-            mock.patch('ansible_base.jwt_consumer.common.auth.get_user_claims') as mock_get_claims,
-            mock.patch('ansible_base.jwt_consumer.common.auth.get_user_claims_hashable_form') as mock_get_hashable,
-            mock.patch('ansible_base.jwt_consumer.common.auth.get_claims_hash') as mock_get_hash,
+            mock.patch('ansible_base.rbac.claims.get_user_claims') as mock_get_claims,
+            mock.patch('ansible_base.rbac.claims.get_user_claims_hashable_form') as mock_get_hashable,
+            mock.patch('ansible_base.rbac.claims.get_claims_hash') as mock_get_hash,
             mock.patch.object(authentication, '_fetch_jwt_claims_from_gateway') as mock_gateway,
-            mock.patch('ansible_base.jwt_consumer.common.auth.save_user_claims') as mock_apply,
+            mock.patch('ansible_base.rbac.claims.save_user_claims') as mock_apply,
         ):
 
             # Setup mocks
