QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-04-19 08:04:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: support for import/export masked_encrypted_extra (backend) (#38077)

Browse Source
This commit is contained in:
Vitor Avila
2026-03-04 16:26:28 -03:00
committed by GitHub
parent 63e7ee70bf
commit 8c9efe5659
16 changed files with 799 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
tests/unit_tests/utils/json_tests.py
View File

@@ -19,6 +19,7 @@ import math
import uuid
from datetime import date, datetime, time, timedelta
from decimal import Decimal
from typing import Any
from unittest.mock import MagicMock
import numpy as np
@@ -26,6 +27,7 @@ import pandas as pd
import pytest
import pytz
from superset.constants import PASSWORD_MASK
from superset.utils import json
from superset.utils.core import (
zlib_compress,
@@ -264,6 +266,143 @@ def test_json_int_dttm_ser():
json.json_int_dttm_ser(np.datetime64())
@pytest.mark.parametrize(
"payload,path_values,expected_result",
[
(
{
"credentials_info": {
"type": "service_account",
"private_key": "XXXXXXXXXX",
},
},
{"$.credentials_info.private_key": "NEW_KEY"},
{
"credentials_info": {
"type": "service_account",
"private_key": "NEW_KEY",
},
},
),
(
{
"auth_params": {
"privatekey_body": "XXXXXXXXXX",
"privatekey_pass": "XXXXXXXXXX",
},
"other": "value",
},
{
"$.auth_params.privatekey_body": "-----BEGIN PRIVATE KEY-----",
"$.auth_params.privatekey_pass": "passphrase",
},
{
"auth_params": {
"privatekey_body": "-----BEGIN PRIVATE KEY-----",
"privatekey_pass": "passphrase",
},
"other": "value",
},
),
(
{"existing": "value"},
{"$.nonexistent.path": "new_value"},
{"existing": "value"},
),
],
)
def test_set_masked_fields(
payload: dict[str, Any],
path_values: dict[str, Any],
expected_result: dict[str, Any],
) -> None:
"""
Test setting a value at a JSONPath location.
"""
result = json.set_masked_fields(payload, path_values)
assert result == expected_result
@pytest.mark.parametrize(
"payload,sensitive_fields,expected_result",
[
(
{
"credentials_info": {
"type": "service_account",
"private_key": PASSWORD_MASK,
},
},
{"$.credentials_info.private_key", "$.credentials_info.type"},
["$.credentials_info.private_key"],
),
(
{
"credentials_info": {
"private_key": "ACTUAL_KEY",
},
},
{"$.credentials_info.private_key"},
[],
),
(
{
"auth_params": {
"privatekey_body": PASSWORD_MASK,
"privatekey_pass": "actual_pass",
},
"oauth2_client_info": {
"secret": PASSWORD_MASK,
},
},
{
"$.auth_params.privatekey_body",
"$.auth_params.privatekey_pass",
"$.oauth2_client_info.secret",
},
[
"$.auth_params.privatekey_body",
"$.oauth2_client_info.secret",
],
),
(
{
"foo": PASSWORD_MASK,
"service_account_info": PASSWORD_MASK,
},
{"$.*"},
["$.foo", "$.service_account_info"],
),
(
{
"foo": PASSWORD_MASK,
"bar": "actual_value",
},
{"$.*"},
["$.foo"],
),
(
{
"foo": "actual_value",
"bar": "other_value",
},
{"$.*"},
[],
),
],
)
def test_get_masked_fields(
payload: dict[str, Any],
sensitive_fields: set[str],
expected_result: dict[str, Any],
) -> None:
"""
Test that get_masked_fields returns paths where value equals PASSWORD_MASK.
"""
masked = json.get_masked_fields(payload, sensitive_fields)
assert sorted(masked) == sorted(expected_result)
def test_format_timedelta():
assert json.format_timedelta(timedelta(0)) == "0:00:00"
assert json.format_timedelta(timedelta(days=1)) == "1 day, 0:00:00"