superset/tests/unit_tests/databases/api_test.py

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

# pylint: disable=unused-argument, import-outside-toplevel, line-too-long

import json
from io import BytesIO
from typing import Any
from uuid import UUID

import pytest
from pytest_mock import MockFixture
from sqlalchemy.orm.session import Session


def test_post_with_uuid(
    session: Session,
    client: Any,
    full_api_access: None,
) -> None:
    """
    Test that we can set the database UUID when creating it.
    """
    from superset.models.core import Database

    # create table for databases
    Database.metadata.create_all(session.get_bind())  # pylint: disable=no-member

    response = client.post(
        "/api/v1/database/",
        json={
            "database_name": "my_db",
            "sqlalchemy_uri": "sqlite://",
            "uuid": "7c1b7880-a59d-47cd-8bf1-f1eb8d2863cb",
        },
    )
    assert response.status_code == 201

    database = session.query(Database).one()
    assert database.uuid == UUID("7c1b7880-a59d-47cd-8bf1-f1eb8d2863cb")


def test_password_mask(
    mocker: MockFixture,
    app: Any,
    session: Session,
    client: Any,
    full_api_access: None,
) -> None:
    """
    Test that sensitive information is masked.
    """
    from superset.databases.api import DatabaseRestApi
    from superset.models.core import Database

    DatabaseRestApi.datamodel.session = session

    # create table for databases
    Database.metadata.create_all(session.get_bind())  # pylint: disable=no-member

    database = Database(
        database_name="my_database",
        sqlalchemy_uri="gsheets://",
        encrypted_extra=json.dumps(
            {
                "service_account_info": {
                    "type": "service_account",
                    "project_id": "black-sanctum-314419",
                    "private_key_id": "259b0d419a8f840056158763ff54d8b08f7b8173",
                    "private_key": "SECRET",
                    "client_email": "google-spreadsheets-demo-servi@black-sanctum-314419.iam.gserviceaccount.com",
                    "client_id": "114567578578109757129",
                    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
                    "token_uri": "https://oauth2.googleapis.com/token",
                    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
                    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/google-spreadsheets-demo-servi%40black-sanctum-314419.iam.gserviceaccount.com",
                },
            }
        ),
    )
    session.add(database)
    session.commit()

    # mock the lookup so that we don't need to include the driver
    mocker.patch("sqlalchemy.engine.URL.get_driver_name", return_value="gsheets")
    mocker.patch("superset.utils.log.DBEventLogger.log")

    response = client.get("/api/v1/database/1")
    assert (
        response.json["result"]["parameters"]["service_account_info"]["private_key"]
        == "XXXXXXXXXX"
    )
    assert "encrypted_extra" not in response.json["result"]


@pytest.mark.skip(reason="Works locally but fails on CI")
def test_update_with_password_mask(
    app: Any,
    session: Session,
    client: Any,
    full_api_access: None,
) -> None:
    """
    Test that an update with a masked password doesn't overwrite the existing password.
    """
    from superset.databases.api import DatabaseRestApi
    from superset.models.core import Database

    DatabaseRestApi.datamodel.session = session

    # create table for databases
    Database.metadata.create_all(session.get_bind())  # pylint: disable=no-member

    database = Database(
        database_name="my_database",
        sqlalchemy_uri="gsheets://",
        encrypted_extra=json.dumps(
            {
                "service_account_info": {
                    "project_id": "black-sanctum-314419",
                    "private_key": "SECRET",
                },
            }
        ),
    )
    session.add(database)
    session.commit()

    client.put(
        "/api/v1/database/1",
        json={
            "encrypted_extra": json.dumps(
                {
                    "service_account_info": {
                        "project_id": "yellow-unicorn-314419",
                        "private_key": "XXXXXXXXXX",
                    },
                }
            ),
        },
    )
    database = session.query(Database).one()
    assert (
        database.encrypted_extra
        == '{"service_account_info": {"project_id": "yellow-unicorn-314419", "private_key": "SECRET"}}'
    )


def test_non_zip_import(client: Any, full_api_access: None) -> None:
    """
    Test that non-ZIP imports are not allowed.
    """
    buf = BytesIO(b"definitely_not_a_zip_file")
    form_data = {
        "formData": (buf, "evil.pdf"),
    }
    response = client.post(
        "/api/v1/database/import/",
        data=form_data,
        content_type="multipart/form-data",
    )
    assert response.status_code == 422
    assert response.json == {
        "errors": [
            {
                "message": "Not a ZIP file",
                "error_type": "GENERIC_COMMAND_ERROR",
                "level": "warning",
                "extra": {
                    "issue_codes": [
                        {
                            "code": 1010,
                            "message": "Issue 1010 - Superset encountered an error while running a command.",
                        }
                    ]
                },
            }
        ]
    }
feat: allow setting db UUID (#20412) * WIP * feat: allow passing UUID when creating a DB * Test * Fix field 2022-06-16 18:53:59 -04:00			`# Licensed to the Apache Software Foundation (ASF) under one`
			`# or more contributor license agreements. See the NOTICE file`
			`# distributed with this work for additional information`
			`# regarding copyright ownership. The ASF licenses this file`
			`# to you under the Apache License, Version 2.0 (the`
			`# "License"); you may not use this file except in compliance`
			`# with the License. You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing,`
			`# software distributed under the License is distributed on an`
			`# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY`
			`# KIND, either express or implied. See the License for the`
			`# specific language governing permissions and limitations`
			`# under the License.`

feat: filter parameters from DB API (#21248) 2022-09-02 14:50:04 -04:00			`# pylint: disable=unused-argument, import-outside-toplevel, line-too-long`
feat: allow setting db UUID (#20412) * WIP * feat: allow passing UUID when creating a DB * Test * Fix field 2022-06-16 18:53:59 -04:00
feat: filter parameters from DB API (#21248) 2022-09-02 14:50:04 -04:00			`import json`
fix: check that imports are ZIPs (#21875) 2022-10-26 15:15:46 -04:00			`from io import BytesIO`
feat: allow setting db UUID (#20412) * WIP * feat: allow passing UUID when creating a DB * Test * Fix field 2022-06-16 18:53:59 -04:00			`from typing import Any`
			`from uuid import UUID`

feat: filter parameters from DB API (#21248) 2022-09-02 14:50:04 -04:00			`import pytest`
refactor: pass all properties to validate_parameters (#21487) 2022-10-03 20:48:54 -04:00			`from pytest_mock import MockFixture`
feat: allow setting db UUID (#20412) * WIP * feat: allow passing UUID when creating a DB * Test * Fix field 2022-06-16 18:53:59 -04:00			`from sqlalchemy.orm.session import Session`


			`def test_post_with_uuid(`
			`session: Session,`
			`client: Any,`
			`full_api_access: None,`
			`) -> None:`
			`"""`
			`Test that we can set the database UUID when creating it.`
			`"""`
			`from superset.models.core import Database`

			`# create table for databases`
			`Database.metadata.create_all(session.get_bind()) # pylint: disable=no-member`

			`response = client.post(`
			`"/api/v1/database/",`
			`json={`
			`"database_name": "my_db",`
			`"sqlalchemy_uri": "sqlite://",`
			`"uuid": "7c1b7880-a59d-47cd-8bf1-f1eb8d2863cb",`
			`},`
			`)`
			`assert response.status_code == 201`

			`database = session.query(Database).one()`
			`assert database.uuid == UUID("7c1b7880-a59d-47cd-8bf1-f1eb8d2863cb")`
feat: filter parameters from DB API (#21248) 2022-09-02 14:50:04 -04:00

			`def test_password_mask(`
refactor: pass all properties to validate_parameters (#21487) 2022-10-03 20:48:54 -04:00			`mocker: MockFixture,`
feat: filter parameters from DB API (#21248) 2022-09-02 14:50:04 -04:00			`app: Any,`
			`session: Session,`
			`client: Any,`
			`full_api_access: None,`
			`) -> None:`
			`"""`
			`Test that sensitive information is masked.`
			`"""`
			`from superset.databases.api import DatabaseRestApi`
			`from superset.models.core import Database`

			`DatabaseRestApi.datamodel.session = session`

			`# create table for databases`
			`Database.metadata.create_all(session.get_bind()) # pylint: disable=no-member`

			`database = Database(`
			`database_name="my_database",`
			`sqlalchemy_uri="gsheets://",`
			`encrypted_extra=json.dumps(`
			`{`
			`"service_account_info": {`
			`"type": "service_account",`
			`"project_id": "black-sanctum-314419",`
			`"private_key_id": "259b0d419a8f840056158763ff54d8b08f7b8173",`
			`"private_key": "SECRET",`
			`"client_email": "google-spreadsheets-demo-servi@black-sanctum-314419.iam.gserviceaccount.com",`
			`"client_id": "114567578578109757129",`
			`"auth_uri": "https://accounts.google.com/o/oauth2/auth",`
			`"token_uri": "https://oauth2.googleapis.com/token",`
			`"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",`
			`"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/google-spreadsheets-demo-servi%40black-sanctum-314419.iam.gserviceaccount.com",`
			`},`
			`}`
			`),`
			`)`
			`session.add(database)`
			`session.commit()`

refactor: pass all properties to validate_parameters (#21487) 2022-10-03 20:48:54 -04:00			`# mock the lookup so that we don't need to include the driver`
			`mocker.patch("sqlalchemy.engine.URL.get_driver_name", return_value="gsheets")`
			`mocker.patch("superset.utils.log.DBEventLogger.log")`

feat: filter parameters from DB API (#21248) 2022-09-02 14:50:04 -04:00			`response = client.get("/api/v1/database/1")`
			`assert (`
			`response.json["result"]["parameters"]["service_account_info"]["private_key"]`
			`== "XXXXXXXXXX"`
			`)`
			`assert "encrypted_extra" not in response.json["result"]`


			`@pytest.mark.skip(reason="Works locally but fails on CI")`
			`def test_update_with_password_mask(`
			`app: Any,`
			`session: Session,`
			`client: Any,`
			`full_api_access: None,`
			`) -> None:`
			`"""`
			`Test that an update with a masked password doesn't overwrite the existing password.`
			`"""`
			`from superset.databases.api import DatabaseRestApi`
			`from superset.models.core import Database`

			`DatabaseRestApi.datamodel.session = session`

			`# create table for databases`
			`Database.metadata.create_all(session.get_bind()) # pylint: disable=no-member`

			`database = Database(`
			`database_name="my_database",`
			`sqlalchemy_uri="gsheets://",`
			`encrypted_extra=json.dumps(`
			`{`
			`"service_account_info": {`
			`"project_id": "black-sanctum-314419",`
			`"private_key": "SECRET",`
			`},`
			`}`
			`),`
			`)`
			`session.add(database)`
			`session.commit()`

			`client.put(`
			`"/api/v1/database/1",`
			`json={`
			`"encrypted_extra": json.dumps(`
			`{`
			`"service_account_info": {`
			`"project_id": "yellow-unicorn-314419",`
			`"private_key": "XXXXXXXXXX",`
			`},`
			`}`
			`),`
			`},`
			`)`
			`database = session.query(Database).one()`
			`assert (`
			`database.encrypted_extra`
			`== '{"service_account_info": {"project_id": "yellow-unicorn-314419", "private_key": "SECRET"}}'`
			`)`
fix: check that imports are ZIPs (#21875) 2022-10-26 15:15:46 -04:00

			`def test_non_zip_import(client: Any, full_api_access: None) -> None:`
			`"""`
			`Test that non-ZIP imports are not allowed.`
			`"""`
			`buf = BytesIO(b"definitely_not_a_zip_file")`
			`form_data = {`
			`"formData": (buf, "evil.pdf"),`
			`}`
			`response = client.post(`
			`"/api/v1/database/import/",`
			`data=form_data,`
			`content_type="multipart/form-data",`
			`)`
			`assert response.status_code == 422`
			`assert response.json == {`
			`"errors": [`
			`{`
			`"message": "Not a ZIP file",`
			`"error_type": "GENERIC_COMMAND_ERROR",`
			`"level": "warning",`
			`"extra": {`
			`"issue_codes": [`
			`{`
			`"code": 1010,`
			`"message": "Issue 1010 - Superset encountered an error while running a command.",`
			`}`
			`]`
			`},`
			`}`
			`]`
			`}`