feat: filter parameters from DB API (#21248)

2026-04-19 08:04:53 +00:00 · 2022-09-02 11:50:04 -07:00
parent 99a4f05069
commit 34a79add04
29 changed files with 445 additions and 82 deletions
--- a/tests/unit_tests/db_engine_specs/test_bigquery.py
+++ b/tests/unit_tests/db_engine_specs/test_bigquery.py
@@ -14,7 +14,8 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-# pylint: disable=unused-argument, import-outside-toplevel, protected-access
+
+# pylint: disable=line-too-long, import-outside-toplevel, protected-access, invalid-name

 import json

@@ -148,7 +149,7 @@ LIMIT :param_1"""
    )


-def test_get_parameters_from_uri() -> None:
+def test_get_parameters_from_uri_serializable() -> None:
    """
    Test that the result from ``get_parameters_from_uri`` is JSON serializable.
    """
@@ -160,3 +161,34 @@ def test_get_parameters_from_uri() -> None:
    )
    assert parameters == {"access_token": "TOP_SECRET", "query": {}}
    assert json.loads(json.dumps(parameters)) == parameters
+
+
+def test_unmask_encrypted_extra() -> None:
+    """
+    Test that the private key can be reused from the previous ``encrypted_extra``.
+    """
+    from superset.db_engine_specs.bigquery import BigQueryEngineSpec
+
+    old = json.dumps(
+        {
+            "credentials_info": {
+                "project_id": "black-sanctum-314419",
+                "private_key": "SECRET",
+            },
+        }
+    )
+    new = json.dumps(
+        {
+            "credentials_info": {
+                "project_id": "yellow-unicorn-314419",
+                "private_key": "XXXXXXXXXX",
+            },
+        }
+    )
+
+    assert json.loads(BigQueryEngineSpec.unmask_encrypted_extra(old, new)) == {
+        "credentials_info": {
+            "project_id": "yellow-unicorn-314419",
+            "private_key": "SECRET",
+        },
+    }