Fix spend logs v2 route permissions

[ryan-crabbe-berri]

Relevant issues

Reported issue: /spend/logs/v2 returns Unauthorized for virtual keys with Key Type = Management.

Linear ticket

N/A

Pre-Submission checklist

• I have Added testing in the tests/test_litellm/ directory, Adding at least 1 test is a hard requirement - see details
• My PR passes all unit tests on make test-unit
• My PR's scope is as isolated as possible, it only solves 1 specific problem
• I have requested a Greptile review by commenting @greptileai and received a Confidence Score of at least 4/5 before requesting a maintainer review

Delays in PR merge?

If you're seeing a delay in your PR being merged, ping the LiteLLM Team on Slack (#pr-review).

CI (LiteLLM team)

CI status guideline:

• 50-55 passing tests: main is stable with minor issues.
• 45-49 passing tests: acceptable but needs attention
• <= 40 passing tests: unstable; be careful with your merges and assess the risk.

• Branch creation CI run
  Link:

• CI run for the last commit
  Link:

• Merge / cherry-pick CI run
  Links:

Screenshots / Proof of Fix

uv run pytest tests/test_litellm/proxy/auth/test_route_checks.py -q
273 passed in 8.31s

uv run ruff check litellm/proxy/_types.py tests/test_litellm/proxy/auth/test_route_checks.py
All checks passed!

Type

🐛 Bug Fix
✅ Test

Changes

• Adds /spend/logs/v2 to spend-tracking and key-management route inventories.
• Adds route-check regressions verifying Management virtual keys can call /spend/logs/v2 and AI API virtual keys remain denied.

Slack Thread

  

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[greptile-apps]

Greptile Summary

This PR fixes a permission gap where /spend/logs/v2 was missing from the route inventories in _types.py, causing Management virtual keys to receive an Unauthorized error. The fix mirrors the existing /spend/logs treatment exactly.

• Adds SPEND_LOGS_V2 to the KeyManagementRoutes enum and registers its value in both key_management_routes and spend_tracking_routes, propagating the route into internal_user_routes and internal_user_view_only_routes via composition.
• Adds three targeted mock tests covering route classification, management-key allowance, and LLM-API-key denial; also adds the route to the ADMIN_VIEWER_LOGS_PAGE_ROUTES constant used by existing admin-viewer test suites.

Confidence Score: 5/5

Straightforward additive change that follows an established pattern; no existing behavior is modified.

The change adds one enum member and two list entries, both directly parallel to the existing /spend/logs entries that sit beside them. The new tests exercise all three meaningful scenarios (classification, management-key allow, LLM-API-key deny) with no real network calls. No auth logic is changed — only the route inventory consulted during permission checks is extended.

No files require special attention.

Important Files Changed

Filename	Overview
litellm/proxy/_types.py	Adds /spend/logs/v2 to KeyManagementRoutes enum and registers it in both key_management_routes and spend_tracking_routes, mirroring the existing /spend/logs pattern exactly.
tests/test_litellm/proxy/auth/test_route_checks.py	Adds three focused mock-only regression tests for /spend/logs/v2 route classification and virtual-key access control, plus adds the route to ADMIN_VIEWER_LOGS_PAGE_ROUTES.

_{Reviews (1): Last reviewed commit: "Fix spend logs v2 route permissions" | Re-trigger Greptile}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[ryan-crabbe-berri]

Superseded by #28705 (same commits, branch renamed to litellm_* so CI runs).