fix: docker-compose api-gw config and DS credential handling

- Use duration strings for api-gw cache config (60 -> 1m)
- Persist DS password after layout upload via entities PATCH
- Fix _patch_ds_credentials to fall back to test_config ds_password

risk: low

Author: tychtjan

docker-compose.yaml

@@ -515,9 +515,9 @@ services:
       GATEWAY_DB_POOL_MIN_IDLE: 0
       GATEWAY_DB_POOL_MAX_LIFE_TIME: 300000
       ORGANIZATION_CACHE_SIZE: 1000
-      CACHE_EXPIRE_AFTER_WRITE: 60
+      CACHE_EXPIRE_AFTER_WRITE: 1m
       USER_CACHE_SIZE: 1000
-      USER_CACHE_EXPIRE_AFTER_WRITE: 60
+      USER_CACHE_EXPIRE_AFTER_WRITE: 1m
       ORGANIZATION_CACHE_METRICS: "true"
       USER_CACHE_METRICS: "true"
       CALL_FORWARDER_CONNECT_TIMEOUT: 1m

packages/gooddata-sdk/tests/conftest.py

@@ -60,15 +60,15 @@ def test_config(request):
 
 @pytest.fixture(scope="session", autouse=True)
 def _patch_ds_credentials(test_config):
-    """Override demo-test-ds password in memory when DS_PASSWORD env var is set.
+    """Override demo-test-ds password in memory.
 
-    The credentials file (data_sources_credentials.yaml) is read by
-    _credentials_from_file() and used by put_declarative_data_sources and
-    test_data_sources_connection. Instead of rewriting the file on disk,
-    we wrap the static method to patch the returned dict in memory.
+    The credentials file (data_sources_credentials.yaml) contains a placeholder
+    value for demo-test-ds. This fixture patches _credentials_from_file() to
+    replace it with the real password — from DS_PASSWORD env var (staging) or
+    from the test config ds_password (local).
     """
-    env_ds_password = os.environ.get("DS_PASSWORD")
-    if not env_ds_password:
+    ds_password = os.environ.get("DS_PASSWORD") or test_config.get("ds_password")
+    if not ds_password:
         yield
         return
 
@@ -80,7 +80,7 @@ def _patch_ds_credentials(test_config):
     def _patched_credentials_from_file(credentials_path):
         credentials = original(credentials_path)
         if "demo-test-ds" in credentials:
-            credentials["demo-test-ds"] = env_ds_password
+            credentials["demo-test-ds"] = ds_password
         return credentials
 
     CatalogDataSourceService._credentials_from_file = _patched_credentials_from_file

packages/tests-support/upload_demo_layout.py

@@ -207,6 +207,19 @@ def update_layout():
     print("Uploading test DS with physical model for demo", flush=True)
     rest_op_default("put", f"api/{api_version}/layout/dataSources", data_sources)
 
+    # Layout PUT does not persist passwords — set them via entities PATCH
+    print("Setting data source passwords via entities API...", flush=True)
+    for ds in data_sources.get("dataSources", []):
+        ds_id = ds["id"]
+        ds_password = ds.get("password")
+        if ds_password:
+            rest_op_jsonapi(
+                "patch",
+                f"api/{api_version}/entities/dataSources/{ds_id}",
+                {"data": {"id": ds_id, "type": "dataSource", "attributes": {"password": ds_password}}},
+            )
+            print(f"  Set password for DS '{ds_id}'", flush=True)
+
     # Verify data sources were uploaded with permissions
     print("Verifying data source permissions...", flush=True)
     result = rest_op_default("get", f"api/{api_version}/layout/dataSources", raise_ex=False)