test: trust test modules under Haystack 3.0's deserialization allowlist#3537
Merged
Conversation
Haystack 3.0 refuses to deserialize classes and callables from modules outside its trusted-module allowlist. Tests that round-trip tools, splitting functions, transports, or token sources defined in the test modules now fail with DeserializationError. Add an autouse fixture that allowlists the test modules via HAYSTACK_DESERIALIZATION_ALLOWLIST (ignored by 2.x), and let the oauth unknown-source test accept the new error type. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related Issues
Haystack 3.0 introduces a trusted-module allowlist for deserialization:
from_dict/Pipeline.loadsraiseDeserializationErrorfor classes and callables from modules outsidehaystack*,builtins,typing, andcollections. Tests in ten integrations round-trip tools, splitting functions (hanlp), MCP transports, or OAuth token sources defined in the test modules themselves, which are not on that allowlist.Proposed Changes:
For google_genai, hanlp, huggingface_api, langfuse, llama_cpp, mcp, nvidia, oauth, transformers, watsonx, plus (second commit) aimlapi, cometapi, meta_llama, mistral, openrouter, orcarouter, togetherai — whose
test_serde_in_pipelinetests round-trip test-module tool functions throughPipeline.loadsand hit the same guard once #3533/#3535 fix their other failures:HAYSTACK_DESERIALIZATION_ALLOWLIST="tests,test_*"— Haystack 3.0's documented opt-in mechanism, read per deserialization call, somonkeypatch.setenvis enough. Haystack 2.x ignores the variable entirely, so nothing changes there.test_from_dict_unknown_source_type_raisesnow acceptsDeserializationErrorin addition toImportError— for an unknown/untrusted module, 3.0 refuses upfront withDeserializationErrorwhere 2.x fails at import time. (The guard working as intended for genuinely unknown types.)How did you test it?
git+https://github.com/deepset-ai/haystack.git@v3into the test envs): every trusted-modulesDeserializationErrorfailure is gone. google_genai, hanlp, langfuse, llama_cpp, mcp, and oauth unit suites are now fully green under v3. The remaining v3 failures in the other four are exactly the ones addressed by the sibling draft PRs:to_dict-format tests in huggingface_api/transformers/watsonx (test: make Tool/Agent serialization assertions version-agnostic for Haystack 2.x/3.x #3533) and lazy-client init tests in nvidia (fix: support Haystack 3.0's lazy OpenAI client initialization in OpenAI-inheriting generators #3536).Notes for the reviewer
Checklist
fix:,feat:,build:,chore:,ci:,docs:,style:,refactor:,perf:,test:.🤖 Generated with Claude Code