QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-04-21 00:54:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: filter parameters from DB API (#21248)

Browse Source
This commit is contained in:
Beto Dealmeida
2022-09-02 11:50:04 -07:00
committed by GitHub
parent 99a4f05069
commit 34a79add04
29 changed files with 445 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
tests/unit_tests/databases/api_test.py
View File

@@ -15,18 +15,17 @@
# specific language governing permissions and limitations
# under the License.
# pylint: disable=unused-argument, import-outside-toplevel
# pylint: disable=unused-argument, import-outside-toplevel, line-too-long
import json
from typing import Any
from uuid import UUID
from pytest_mock import MockFixture
import pytest
from sqlalchemy.orm.session import Session
def test_post_with_uuid(
mocker: MockFixture,
app_context: None,
session: Session,
client: Any,
full_api_access: None,
@@ -51,3 +50,104 @@ def test_post_with_uuid(
database = session.query(Database).one()
assert database.uuid == UUID("7c1b7880-a59d-47cd-8bf1-f1eb8d2863cb")
def test_password_mask(
app: Any,
session: Session,
client: Any,
full_api_access: None,
) -> None:
"""
Test that sensitive information is masked.
"""
from superset.databases.api import DatabaseRestApi
from superset.models.core import Database
DatabaseRestApi.datamodel.session = session
# create table for databases
Database.metadata.create_all(session.get_bind()) # pylint: disable=no-member
database = Database(
database_name="my_database",
sqlalchemy_uri="gsheets://",
encrypted_extra=json.dumps(
{
"service_account_info": {
"type": "service_account",
"project_id": "black-sanctum-314419",
"private_key_id": "259b0d419a8f840056158763ff54d8b08f7b8173",
"private_key": "SECRET",
"client_email": "google-spreadsheets-demo-servi@black-sanctum-314419.iam.gserviceaccount.com",
"client_id": "114567578578109757129",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/google-spreadsheets-demo-servi%40black-sanctum-314419.iam.gserviceaccount.com",
},
}
),
)
session.add(database)
session.commit()
response = client.get("/api/v1/database/1")
assert (
response.json["result"]["parameters"]["service_account_info"]["private_key"]
== "XXXXXXXXXX"
)
assert "encrypted_extra" not in response.json["result"]
@pytest.mark.skip(reason="Works locally but fails on CI")
def test_update_with_password_mask(
app: Any,
session: Session,
client: Any,
full_api_access: None,
) -> None:
"""
Test that an update with a masked password doesn't overwrite the existing password.
"""
from superset.databases.api import DatabaseRestApi
from superset.models.core import Database
DatabaseRestApi.datamodel.session = session
# create table for databases
Database.metadata.create_all(session.get_bind()) # pylint: disable=no-member
database = Database(
database_name="my_database",
sqlalchemy_uri="gsheets://",
encrypted_extra=json.dumps(
{
"service_account_info": {
"project_id": "black-sanctum-314419",
"private_key": "SECRET",
},
}
),
)
session.add(database)
session.commit()
client.put(
"/api/v1/database/1",
json={
"encrypted_extra": json.dumps(
{
"service_account_info": {
"project_id": "yellow-unicorn-314419",
"private_key": "XXXXXXXXXX",
},
}
),
},
)
database = session.query(Database).one()
assert (
database.encrypted_extra
== '{"service_account_info": {"project_id": "yellow-unicorn-314419", "private_key": "SECRET"}}'
)