airbyte-python-cdk/unit_tests/cli/airbyte_cdk/test_secrets.py at 87902853263e3d6b2aa5addd1235ceed3fdfe0eb · airbytehq/airbyte-python-cdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
from __future__ import annotations

from pathlib import Path
from unittest.mock import MagicMock, patch

import pytest
from click.testing import CliRunner

from airbyte_cdk.cli.airbyte_cdk._secrets import (
    _write_secret_file,
    fetch,
    secretmanager,
)
from airbyte_cdk.cli.airbyte_cdk.exceptions import ConnectorSecretWithNoValidVersionsError


class TestWriteSecretFile:
    @pytest.fixture
    def mock_client(self):
        return MagicMock()

    @pytest.fixture
    def mock_secret(self):
        secret = MagicMock()
        secret.name = "projects/test-project/secrets/test-secret"
        return secret

    @pytest.fixture
    def mock_file_path(self, tmp_path):
        return tmp_path / "test_secret.json"

    def test_write_secret_file_with_enabled_version(self, mock_client, mock_secret, mock_file_path):
        # Mock list_secret_versions to return an enabled version
        mock_version = MagicMock()
        mock_version.name = f"{mock_secret.name}/versions/1"
        mock_client.list_secret_versions.return_value = [mock_version]

        # Mock access_secret_version to return a payload
        mock_response = MagicMock()
        mock_response.payload.data.decode.return_value = '{"key": "value"}'
        mock_client.access_secret_version.return_value = mock_response

        # Call the function
        result = _write_secret_file(mock_secret, mock_client, mock_file_path)

        # Verify that list_secret_versions was called with the correct parameters
        mock_client.list_secret_versions.assert_called_once()
        assert "state:ENABLED" in str(mock_client.list_secret_versions.call_args)

        # Verify that access_secret_version was called with the correct version
        mock_client.access_secret_version.assert_called_once_with(name=mock_version.name)

        # Verify that the file was created with the correct content
        assert mock_file_path.read_text() == '{"key": "value"}'

        # Verify that no error was returned
        assert result is None

    def test_write_secret_file_with_no_enabled_versions(
        self, mock_client, mock_secret, mock_file_path
    ):
        # Mock list_secret_versions to return an empty list (no enabled versions)
        mock_client.list_secret_versions.return_value = []

        # Call the function
        result = _write_secret_file(mock_secret, mock_client, mock_file_path)

        # Verify that list_secret_versions was called with the correct parameters
        mock_client.list_secret_versions.assert_called_once()
        assert "state:ENABLED" in str(mock_client.list_secret_versions.call_args)

        # Verify that access_secret_version was not called
        mock_client.access_secret_version.assert_not_called()

        # Verify that the file was not created
        assert not mock_file_path.exists()

        # Verify that an error was returned
        assert result is not None
        assert "No enabled version found for secret" in result
        assert "test-secret" in result


@patch("airbyte_cdk.cli.airbyte_cdk._secrets._get_gsm_secrets_client")
@patch("airbyte_cdk.cli.airbyte_cdk._secrets.resolve_connector_name_and_directory")
@patch("airbyte_cdk.cli.airbyte_cdk._secrets._get_secrets_dir")
@patch("airbyte_cdk.cli.airbyte_cdk._secrets._fetch_secret_handles")
class TestFetch:
    def test_fetch_with_some_failed_secrets(
        self,
        mock_fetch_secret_handles,
        mock_get_secrets_dir,
        mock_resolve,
        mock_get_client,
        tmp_path,
    ):
        # Setup mocks
        mock_client = MagicMock()
        mock_get_client.return_value = mock_client

        mock_resolve.return_value = ("test-connector", tmp_path)

        secrets_dir = tmp_path / "secrets"
        mock_get_secrets_dir.return_value = secrets_dir

        # Create two secrets, one that will succeed and one that will fail
        secret1 = MagicMock()
        secret1.name = "projects/test-project/secrets/test-secret-1"
        secret1.labels = {}

        secret2 = MagicMock()
        secret2.name = "projects/test-project/secrets/test-secret-2"
        secret2.labels = {}

        mock_fetch_secret_handles.return_value = [secret1, secret2]

        # Mock _write_secret_file to succeed for secret1 and fail for secret2
        with patch(
            "airbyte_cdk.cli.airbyte_cdk._secrets._write_secret_file"
        ) as mock_write_secret_file:
            mock_write_secret_file.side_effect = [
                None,  # Success for secret1
                "No enabled version found for secret: test-secret-2",  # Failure for secret2
            ]

            # Call the function
            runner = CliRunner()
            result = runner.invoke(fetch)

            # Verify that _write_secret_file was called twice
            assert mock_write_secret_file.call_count == 2

            # Verify that the error message was printed
            assert "Failed to retrieve secret 'test-secret-2'" in result.output
            assert "Failed to retrieve 1 secret(s)" in result.output

            # Verify that the function did not raise an exception
            assert result.exit_code == 0

    def test_fetch_with_all_failed_secrets(
        self,
        mock_fetch_secret_handles,
        mock_get_secrets_dir,
        mock_resolve,
        mock_get_client,
        tmp_path,
    ):
        # Setup mocks
        mock_client = MagicMock()
        mock_get_client.return_value = mock_client

        mock_resolve.return_value = ("test-connector", tmp_path)

        secrets_dir = tmp_path / "secrets"
        mock_get_secrets_dir.return_value = secrets_dir

        # Create two secrets that will both fail
        secret1 = MagicMock()
        secret1.name = "projects/test-project/secrets/test-secret-1"
        secret1.labels = {}

        secret2 = MagicMock()
        secret2.name = "projects/test-project/secrets/test-secret-2"
        secret2.labels = {}

        mock_fetch_secret_handles.return_value = [secret1, secret2]

        # Mock _write_secret_file to fail for both secrets
        with patch(
            "airbyte_cdk.cli.airbyte_cdk._secrets._write_secret_file"
        ) as mock_write_secret_file:
            mock_write_secret_file.side_effect = [
                "No enabled version found for secret: test-secret-1",  # Failure for secret1
                "No enabled version found for secret: test-secret-2",  # Failure for secret2
            ]

            # Call the function
            runner = CliRunner()
            result = runner.invoke(fetch)

            # Verify that _write_secret_file was called twice
            assert mock_write_secret_file.call_count == 2

            # Verify that the error message was printed
            assert "Failed to retrieve secret 'test-secret-1'" in result.output
            assert "Failed to retrieve secret 'test-secret-2'" in result.output
            assert "Failed to retrieve 2 secret(s)" in result.output

            # Verify that the function raised an exception
            assert result.exit_code != 0