OpenMetadata/openmetadata-airflow-apis/tests/unit/ingestion_pipeline/test_deploy.py

#  Copyright 2025 Collate
#  Licensed under the Collate Community License, Version 1.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#  https://github.com/open-metadata/OpenMetadata/blob/main/ingestion/LICENSE
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
"""
Test Deploy
"""
import os
import uuid
from unittest.mock import patch

from metadata.generated.schema.entity.services.connections.metadata.openMetadataConnection import (
    AuthProvider,
    OpenMetadataConnection,
)
from metadata.generated.schema.entity.services.ingestionPipelines.ingestionPipeline import (
    AirflowConfig,
    IngestionPipeline,
    PipelineType,
)
from metadata.generated.schema.metadataIngestion.workflow import SourceConfig
from metadata.generated.schema.security.client.openMetadataJWTClientConfig import (
    OpenMetadataJWTClientConfig,
)
from metadata.generated.schema.security.secrets.secretsManagerClientLoader import (
    SecretsManagerClientLoader,
)
from metadata.generated.schema.security.secrets.secretsManagerProvider import (
    SecretsManagerProvider,
)
from metadata.generated.schema.type.basic import EntityName, Uuid
from metadata.utils.secrets.aws_secrets_manager import AWSSecretsManager
from metadata.utils.secrets.secrets_manager_factory import SecretsManagerFactory

SECRET_VALUE = "I am a secret value"
INGESTION_PIPELINE = IngestionPipeline(
    id=Uuid(str(uuid.uuid4())),
    name=EntityName("ingestion-pipeline"),
    pipelineType=PipelineType.metadata,
    sourceConfig=SourceConfig(),
    airflowConfig=AirflowConfig(),
    openMetadataServerConnection=OpenMetadataConnection(
        hostPort="http://localhost:8585/api",
        authProvider=AuthProvider.openmetadata,
        securityConfig=OpenMetadataJWTClientConfig(jwtToken="secret:/super/secret"),
    ),
)


@patch.dict(os.environ, {"AWS_DEFAULT_REGION": "us-east-2", "AIRFLOW_HOME": "/tmp"})
def test_deploy_ingestion_pipeline():
    """We can dump an ingestion pipeline to a file without exposing secrets"""
    from openmetadata_managed_apis.operations.deploy import dump_with_safe_jwt

    # Instantiate the Secrets Manager
    SecretsManagerFactory.clear_all()
    with patch.object(AWSSecretsManager, "get_string_value", return_value=SECRET_VALUE):
        # Prep the singleton
        SecretsManagerFactory(
            SecretsManagerProvider.managed_aws,
            SecretsManagerClientLoader.noop,
        )
        # Now we'll try to dump the ingestion pipeline
        dumped = dump_with_safe_jwt(INGESTION_PIPELINE)

    assert SECRET_VALUE not in dumped
MINOR: Change ingestion licence header (#20549) 2025-04-03 10:39:47 +05:30			`# Copyright 2025 Collate`
			`# Licensed under the Collate Community License, Version 1.0 (the "License");`
FIX CL-548 - Encrypt JWT Token w/ Secrets Manager (#16861) * encrypt jwt * encrypt jwt * Handle token revokes with SM * #10192 - Validate both include and excludes filters * #10192 - Validate both include and excludes filters * docs 2024-07-11 09:16:48 +02:00			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
MINOR: Change ingestion licence header (#20549) 2025-04-03 10:39:47 +05:30			`# https://github.com/open-metadata/OpenMetadata/blob/main/ingestion/LICENSE`
FIX CL-548 - Encrypt JWT Token w/ Secrets Manager (#16861) * encrypt jwt * encrypt jwt * Handle token revokes with SM * #10192 - Validate both include and excludes filters * #10192 - Validate both include and excludes filters * docs 2024-07-11 09:16:48 +02:00			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
			`"""`
			`Test Deploy`
			`"""`
			`import os`
			`import uuid`
			`from unittest.mock import patch`

			`from metadata.generated.schema.entity.services.connections.metadata.openMetadataConnection import (`
			`AuthProvider,`
			`OpenMetadataConnection,`
			`)`
			`from metadata.generated.schema.entity.services.ingestionPipelines.ingestionPipeline import (`
			`AirflowConfig,`
			`IngestionPipeline,`
			`PipelineType,`
			`)`
			`from metadata.generated.schema.metadataIngestion.workflow import SourceConfig`
			`from metadata.generated.schema.security.client.openMetadataJWTClientConfig import (`
			`OpenMetadataJWTClientConfig,`
			`)`
			`from metadata.generated.schema.security.secrets.secretsManagerClientLoader import (`
			`SecretsManagerClientLoader,`
			`)`
			`from metadata.generated.schema.security.secrets.secretsManagerProvider import (`
			`SecretsManagerProvider,`
			`)`
			`from metadata.generated.schema.type.basic import EntityName, Uuid`
			`from metadata.utils.secrets.aws_secrets_manager import AWSSecretsManager`
			`from metadata.utils.secrets.secrets_manager_factory import SecretsManagerFactory`

			`SECRET_VALUE = "I am a secret value"`
			`INGESTION_PIPELINE = IngestionPipeline(`
			`id=Uuid(str(uuid.uuid4())),`
			`name=EntityName("ingestion-pipeline"),`
			`pipelineType=PipelineType.metadata,`
			`sourceConfig=SourceConfig(),`
			`airflowConfig=AirflowConfig(),`
			`openMetadataServerConnection=OpenMetadataConnection(`
			`hostPort="http://localhost:8585/api",`
			`authProvider=AuthProvider.openmetadata,`
			`securityConfig=OpenMetadataJWTClientConfig(jwtToken="secret:/super/secret"),`
			`),`
			`)`


Fix #19147 - Executable Test Suites (#19221) * backend * format & tests * rename backend * migrations and ingestion * format & tests * format & tests * tests * format & tests * tests * updated ui side of changes * addressing comment * fixed failing unit test * fix test list * added e2e test, and fixed existing test --------- Co-authored-by: Shailesh Parmar <shailesh.parmar.webdev@gmail.com> 2025-01-07 17:59:54 +01:00			`@patch.dict(os.environ, {"AWS_DEFAULT_REGION": "us-east-2", "AIRFLOW_HOME": "/tmp"})`
FIX CL-548 - Encrypt JWT Token w/ Secrets Manager (#16861) * encrypt jwt * encrypt jwt * Handle token revokes with SM * #10192 - Validate both include and excludes filters * #10192 - Validate both include and excludes filters * docs 2024-07-11 09:16:48 +02:00			`def test_deploy_ingestion_pipeline():`
			`"""We can dump an ingestion pipeline to a file without exposing secrets"""`
Fix #19147 - Executable Test Suites (#19221) * backend * format & tests * rename backend * migrations and ingestion * format & tests * format & tests * tests * format & tests * tests * updated ui side of changes * addressing comment * fixed failing unit test * fix test list * added e2e test, and fixed existing test --------- Co-authored-by: Shailesh Parmar <shailesh.parmar.webdev@gmail.com> 2025-01-07 17:59:54 +01:00			`from openmetadata_managed_apis.operations.deploy import dump_with_safe_jwt`

FIX CL-548 - Encrypt JWT Token w/ Secrets Manager (#16861) * encrypt jwt * encrypt jwt * Handle token revokes with SM * #10192 - Validate both include and excludes filters * #10192 - Validate both include and excludes filters * docs 2024-07-11 09:16:48 +02:00			`# Instantiate the Secrets Manager`
			`SecretsManagerFactory.clear_all()`
			`with patch.object(AWSSecretsManager, "get_string_value", return_value=SECRET_VALUE):`
			`# Prep the singleton`
			`SecretsManagerFactory(`
			`SecretsManagerProvider.managed_aws,`
			`SecretsManagerClientLoader.noop,`
			`)`
			`# Now we'll try to dump the ingestion pipeline`
			`dumped = dump_with_safe_jwt(INGESTION_PIPELINE)`

			`assert SECRET_VALUE not in dumped`