Several endpoints are in the list of endpoints uncovered by the authz test because they're essentially public -- all authenticated users can access them. This includes the ssh key endpoints and after #1261 it will include the endpoint to list users in the Silo. We could augment the "unauthorized" test to better support these: it would still verify that unauthorized users get a 401, and it could verify that authenticated users get a 200. It's tempting to have it check that all authorized users get the same result, but that won't be true for things like the ssh keys endpoint because they'll have different keys (with different ids if nothing else).
Several endpoints are in the list of endpoints uncovered by the authz test because they're essentially public -- all authenticated users can access them. This includes the ssh key endpoints and after #1261 it will include the endpoint to list users in the Silo. We could augment the "unauthorized" test to better support these: it would still verify that unauthorized users get a 401, and it could verify that authenticated users get a 200. It's tempting to have it check that all authorized users get the same result, but that won't be true for things like the ssh keys endpoint because they'll have different keys (with different ids if nothing else).