QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-29 20:29:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(re-encrypt-secrets): use db.Model.metadata to discover encrypted … (#39390)

Browse Source 
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Andy
2026-05-12 00:16:41 -04:00
committed by GitHub
parent fed29b3017
commit a6ad0bf169
2 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
tests/integration_tests/utils/encrypt_tests.py
View File

@@ -89,6 +89,21 @@ class EncryptedFieldTest(SupersetTestCase):
" encrypted_field_factory"
)
def test_discover_encrypted_fields_finds_dbs_table(self):
"""
Ensure discover_encrypted_fields finds the encrypted columns on the
dbs table (password, encrypted_extra, server_cert). This guards
against db.metadata diverging from db.Model.metadata.
"""
migrator = SecretsMigrator("")
encrypted_fields = migrator.discover_encrypted_fields()
assert "dbs" in encrypted_fields, (
"dbs table not found in encrypted fields — "
"discover_encrypted_fields may be using the wrong MetaData instance"
)
dbs_cols = set(encrypted_fields["dbs"].keys())
assert {"password", "encrypted_extra", "server_cert"}.issubset(dbs_cols)
def test_lazy_key_resolution(self):
"""
Verify that the encryption key is resolved lazily at runtime,