2022-06-16 18:53:59 -04:00
|
|
|
# Licensed to the Apache Software Foundation (ASF) under one
|
|
|
|
# or more contributor license agreements. See the NOTICE file
|
|
|
|
# distributed with this work for additional information
|
|
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
|
|
# to you under the Apache License, Version 2.0 (the
|
|
|
|
# "License"); you may not use this file except in compliance
|
|
|
|
# with the License. You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing,
|
|
|
|
# software distributed under the License is distributed on an
|
|
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
|
|
# KIND, either express or implied. See the License for the
|
|
|
|
# specific language governing permissions and limitations
|
|
|
|
# under the License.
|
|
|
|
|
2022-09-02 14:50:04 -04:00
|
|
|
# pylint: disable=unused-argument, import-outside-toplevel, line-too-long
|
2022-06-16 18:53:59 -04:00
|
|
|
|
2022-09-02 14:50:04 -04:00
|
|
|
import json
|
2022-06-16 18:53:59 -04:00
|
|
|
from typing import Any
|
|
|
|
from uuid import UUID
|
|
|
|
|
2022-09-02 14:50:04 -04:00
|
|
|
import pytest
|
2022-10-03 20:48:54 -04:00
|
|
|
from pytest_mock import MockFixture
|
2022-06-16 18:53:59 -04:00
|
|
|
from sqlalchemy.orm.session import Session
|
|
|
|
|
|
|
|
|
|
|
|
def test_post_with_uuid(
|
|
|
|
session: Session,
|
|
|
|
client: Any,
|
|
|
|
full_api_access: None,
|
|
|
|
) -> None:
|
|
|
|
"""
|
|
|
|
Test that we can set the database UUID when creating it.
|
|
|
|
"""
|
|
|
|
from superset.models.core import Database
|
|
|
|
|
|
|
|
# create table for databases
|
|
|
|
Database.metadata.create_all(session.get_bind()) # pylint: disable=no-member
|
|
|
|
|
|
|
|
response = client.post(
|
|
|
|
"/api/v1/database/",
|
|
|
|
json={
|
|
|
|
"database_name": "my_db",
|
|
|
|
"sqlalchemy_uri": "sqlite://",
|
|
|
|
"uuid": "7c1b7880-a59d-47cd-8bf1-f1eb8d2863cb",
|
|
|
|
},
|
|
|
|
)
|
|
|
|
assert response.status_code == 201
|
|
|
|
|
|
|
|
database = session.query(Database).one()
|
|
|
|
assert database.uuid == UUID("7c1b7880-a59d-47cd-8bf1-f1eb8d2863cb")
|
2022-09-02 14:50:04 -04:00
|
|
|
|
|
|
|
|
|
|
|
def test_password_mask(
|
2022-10-03 20:48:54 -04:00
|
|
|
mocker: MockFixture,
|
2022-09-02 14:50:04 -04:00
|
|
|
app: Any,
|
|
|
|
session: Session,
|
|
|
|
client: Any,
|
|
|
|
full_api_access: None,
|
|
|
|
) -> None:
|
|
|
|
"""
|
|
|
|
Test that sensitive information is masked.
|
|
|
|
"""
|
|
|
|
from superset.databases.api import DatabaseRestApi
|
|
|
|
from superset.models.core import Database
|
|
|
|
|
|
|
|
DatabaseRestApi.datamodel.session = session
|
|
|
|
|
|
|
|
# create table for databases
|
|
|
|
Database.metadata.create_all(session.get_bind()) # pylint: disable=no-member
|
|
|
|
|
|
|
|
database = Database(
|
|
|
|
database_name="my_database",
|
|
|
|
sqlalchemy_uri="gsheets://",
|
|
|
|
encrypted_extra=json.dumps(
|
|
|
|
{
|
|
|
|
"service_account_info": {
|
|
|
|
"type": "service_account",
|
|
|
|
"project_id": "black-sanctum-314419",
|
|
|
|
"private_key_id": "259b0d419a8f840056158763ff54d8b08f7b8173",
|
|
|
|
"private_key": "SECRET",
|
|
|
|
"client_email": "google-spreadsheets-demo-servi@black-sanctum-314419.iam.gserviceaccount.com",
|
|
|
|
"client_id": "114567578578109757129",
|
|
|
|
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
|
|
|
"token_uri": "https://oauth2.googleapis.com/token",
|
|
|
|
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
|
|
|
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/google-spreadsheets-demo-servi%40black-sanctum-314419.iam.gserviceaccount.com",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
),
|
|
|
|
)
|
|
|
|
session.add(database)
|
|
|
|
session.commit()
|
|
|
|
|
2022-10-03 20:48:54 -04:00
|
|
|
# mock the lookup so that we don't need to include the driver
|
|
|
|
mocker.patch("sqlalchemy.engine.URL.get_driver_name", return_value="gsheets")
|
|
|
|
mocker.patch("superset.utils.log.DBEventLogger.log")
|
|
|
|
|
2022-09-02 14:50:04 -04:00
|
|
|
response = client.get("/api/v1/database/1")
|
|
|
|
assert (
|
|
|
|
response.json["result"]["parameters"]["service_account_info"]["private_key"]
|
|
|
|
== "XXXXXXXXXX"
|
|
|
|
)
|
|
|
|
assert "encrypted_extra" not in response.json["result"]
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.skip(reason="Works locally but fails on CI")
|
|
|
|
def test_update_with_password_mask(
|
|
|
|
app: Any,
|
|
|
|
session: Session,
|
|
|
|
client: Any,
|
|
|
|
full_api_access: None,
|
|
|
|
) -> None:
|
|
|
|
"""
|
|
|
|
Test that an update with a masked password doesn't overwrite the existing password.
|
|
|
|
"""
|
|
|
|
from superset.databases.api import DatabaseRestApi
|
|
|
|
from superset.models.core import Database
|
|
|
|
|
|
|
|
DatabaseRestApi.datamodel.session = session
|
|
|
|
|
|
|
|
# create table for databases
|
|
|
|
Database.metadata.create_all(session.get_bind()) # pylint: disable=no-member
|
|
|
|
|
|
|
|
database = Database(
|
|
|
|
database_name="my_database",
|
|
|
|
sqlalchemy_uri="gsheets://",
|
|
|
|
encrypted_extra=json.dumps(
|
|
|
|
{
|
|
|
|
"service_account_info": {
|
|
|
|
"project_id": "black-sanctum-314419",
|
|
|
|
"private_key": "SECRET",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
),
|
|
|
|
)
|
|
|
|
session.add(database)
|
|
|
|
session.commit()
|
|
|
|
|
|
|
|
client.put(
|
|
|
|
"/api/v1/database/1",
|
|
|
|
json={
|
|
|
|
"encrypted_extra": json.dumps(
|
|
|
|
{
|
|
|
|
"service_account_info": {
|
|
|
|
"project_id": "yellow-unicorn-314419",
|
|
|
|
"private_key": "XXXXXXXXXX",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
),
|
|
|
|
},
|
|
|
|
)
|
|
|
|
database = session.query(Database).one()
|
|
|
|
assert (
|
|
|
|
database.encrypted_extra
|
|
|
|
== '{"service_account_info": {"project_id": "yellow-unicorn-314419", "private_key": "SECRET"}}'
|
|
|
|
)
|