OpenMetadata/ingestion/tests/integration/ometa/test_ometa_secrets_manager.py

#  Copyright 2022 Collate
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#  http://www.apache.org/licenses/LICENSE-2.0
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
import os
from unittest import TestCase, mock

from metadata.generated.schema.entity.services.connections.metadata.openMetadataConnection import (
    OpenMetadataConnection,
)
from metadata.generated.schema.security.secrets.secretsManagerClientLoader import (
    SecretsManagerClientLoader,
)
from metadata.generated.schema.security.secrets.secretsManagerProvider import (
    SecretsManagerProvider,
)
from metadata.ingestion.ometa.auth_provider import OpenMetadataAuthenticationProvider
from metadata.ingestion.ometa.ometa_api import OpenMetadata
from metadata.utils.secrets.aws_secrets_manager import AWSSecretsManager
from metadata.utils.secrets.noop_secrets_manager import DBSecretsManager
from metadata.utils.singleton import Singleton


class OMetaSecretManagerTest(TestCase):
    metadata: OpenMetadata
    aws_server_config: OpenMetadataConnection
    local_server_config: OpenMetadataConnection

    @classmethod
    def setUp(cls) -> None:
        Singleton.clear_all()
        cls.local_server_config = OpenMetadataConnection(
            hostPort="http://localhost:8585/api",
            enableVersionValidation=False,
        )
        cls.aws_server_config = OpenMetadataConnection(
            hostPort="http://localhost:8585/api",
            secretsManagerProvider=SecretsManagerProvider.aws,
            secretsManagerLoader=SecretsManagerClientLoader.noop,
            enableVersionValidation=False,
        )

    def test_ometa_with_local_secret_manager(self):
        self._init_local_secret_manager()
        assert type(self.metadata.secrets_manager_client) is DBSecretsManager
        assert type(self.metadata._auth_provider) is OpenMetadataAuthenticationProvider

    @mock.patch.dict(os.environ, {"AWS_DEFAULT_REGION": "us-east-2"}, clear=True)
    def test_ometa_with_aws_secret_manager(self):
        self._init_aws_secret_manager()
        assert type(self.metadata.secrets_manager_client) is AWSSecretsManager
        assert type(self.metadata._auth_provider) is OpenMetadataAuthenticationProvider

    def _init_local_secret_manager(self):
        self.metadata = OpenMetadata(self.local_server_config)

    def _init_aws_secret_manager(self):
        self.metadata = OpenMetadata(self.aws_server_config)
Fix#5921: Implentation for retrieving auth provider config from Secret Manager (#6330) * Implentation for retrieving auth provider config from Secret Manager * Address PR comments * Address code smells from SonarCloud Co-authored-by: Pere Miquel Brull <peremiquelbrull@gmail.com> 2022-07-26 15:42:40 +02:00			`# Copyright 2022 Collate`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
Fix #11548 - Secrets Managers comms with OMeta (#11602) * Remove secretsManagerCredentials from backend * Remove secretsManagerCredentials from backend * Add secrets manager loader * Load SM in the ometa client * Fix tests * Fix tests * Fix Lint * Mock AWS region --------- Co-authored-by: Ayush Shah <ayush@getcollate.io> 2023-05-19 09:43:11 +02:00			`import os`
			`from unittest import TestCase, mock`
Fix#5921: Implentation for retrieving auth provider config from Secret Manager (#6330) * Implentation for retrieving auth provider config from Secret Manager * Address PR comments * Address code smells from SonarCloud Co-authored-by: Pere Miquel Brull <peremiquelbrull@gmail.com> 2022-07-26 15:42:40 +02:00
			`from metadata.generated.schema.entity.services.connections.metadata.openMetadataConnection import (`
			`OpenMetadataConnection,`
Fix#5917: Implementation of temp secret for testing connection (#6832) * Implementation of temp secret for testing connection * Fix tests 2022-08-22 08:43:23 +02:00			`)`
Fix #11548 - Secrets Managers comms with OMeta (#11602) * Remove secretsManagerCredentials from backend * Remove secretsManagerCredentials from backend * Add secrets manager loader * Load SM in the ometa client * Fix tests * Fix tests * Fix Lint * Mock AWS region --------- Co-authored-by: Ayush Shah <ayush@getcollate.io> 2023-05-19 09:43:11 +02:00			`from metadata.generated.schema.security.secrets.secretsManagerClientLoader import (`
			`SecretsManagerClientLoader,`
			`)`
Review sensitive data not marked as password in the JSON schemas (#8818) 2022-11-18 11:35:08 +01:00			`from metadata.generated.schema.security.secrets.secretsManagerProvider import (`
			`SecretsManagerProvider,`
			`)`
MINOR - Clean ingestion ES code and auth providers (#14358) * MINOR - Clean ingestion ES code and auth providers * clean parser * Clean security config for the client * Clean security config for the client * Improve class conversion exceptions * Fix tests * Clean up java client * Clean up java client * clean parser * Fix test * Fix test * fix NO_AUTH error * Fix test * Format --------- Co-authored-by: Chirag Madlani <12962843+chirag-madlani@users.noreply.github.com> 2023-12-19 12:08:48 +01:00			`from metadata.ingestion.ometa.auth_provider import OpenMetadataAuthenticationProvider`
Fix#5921: Implentation for retrieving auth provider config from Secret Manager (#6330) * Implentation for retrieving auth provider config from Secret Manager * Address PR comments * Address code smells from SonarCloud Co-authored-by: Pere Miquel Brull <peremiquelbrull@gmail.com> 2022-07-26 15:42:40 +02:00			`from metadata.ingestion.ometa.ometa_api import OpenMetadata`
AWS SSM secrets manager implementation on ingestion (#6805) * Implementation of AWS SSM as secrets manager * Remove dead code * Minor fixes * Allow using default credentials in AWS client * Fixed py style * Fixed tests imports * Minor changes * Add patch to failing test * Fix how we were storing dbtConfigSource * Address PR comments 2022-08-19 16:15:40 +02:00			`from metadata.utils.secrets.aws_secrets_manager import AWSSecretsManager`
#14340 & #13849 - Clean secret ID and improve encrypt/decrypt exception management (#14356) * Fix supported characters in SM * Update SM * Fixes * Fixes * Improve class conversion exceptions * Comments * Rename noop to db secrets manager providee * Update sm * Fix * db SM * db SM * Fix test * UI * Update openmetadata-ui/src/main/resources/ui/src/mocks/IngestionListTable.mock.ts * update default 2023-12-18 06:43:20 +01:00			`from metadata.utils.secrets.noop_secrets_manager import DBSecretsManager`
Fix#8577: Refactor part of the secrets manager implementation (#8617) * Removed part of the secrets manager implementation in the server side * Removed part of the secrets manager implementation in the openmetadata python library side * Remove deprecated test * Address pylint checks * Address new pylint checks * Address PR comments * Fix import on airflows apis * Clear singleton instances for running Ometa secrets manager test 2022-11-11 09:59:15 +01:00			`from metadata.utils.singleton import Singleton`
Fix#5921: Implentation for retrieving auth provider config from Secret Manager (#6330) * Implentation for retrieving auth provider config from Secret Manager * Address PR comments * Address code smells from SonarCloud Co-authored-by: Pere Miquel Brull <peremiquelbrull@gmail.com> 2022-07-26 15:42:40 +02:00

			`class OMetaSecretManagerTest(TestCase):`
			`metadata: OpenMetadata`
			`aws_server_config: OpenMetadataConnection`
			`local_server_config: OpenMetadataConnection`

			`@classmethod`
			`def setUp(cls) -> None:`
Fix#8577: Refactor part of the secrets manager implementation (#8617) * Removed part of the secrets manager implementation in the server side * Removed part of the secrets manager implementation in the openmetadata python library side * Remove deprecated test * Address pylint checks * Address new pylint checks * Address PR comments * Fix import on airflows apis * Clear singleton instances for running Ometa secrets manager test 2022-11-11 09:59:15 +01:00			`Singleton.clear_all()`
Fix#5921: Implentation for retrieving auth provider config from Secret Manager (#6330) * Implentation for retrieving auth provider config from Secret Manager * Address PR comments * Address code smells from SonarCloud Co-authored-by: Pere Miquel Brull <peremiquelbrull@gmail.com> 2022-07-26 15:42:40 +02:00			`cls.local_server_config = OpenMetadataConnection(`
			`hostPort="http://localhost:8585/api",`
			`enableVersionValidation=False,`
			`)`
			`cls.aws_server_config = OpenMetadataConnection(`
			`hostPort="http://localhost:8585/api",`
			`secretsManagerProvider=SecretsManagerProvider.aws,`
Fix #11548 - Secrets Managers comms with OMeta (#11602) * Remove secretsManagerCredentials from backend * Remove secretsManagerCredentials from backend * Add secrets manager loader * Load SM in the ometa client * Fix tests * Fix tests * Fix Lint * Mock AWS region --------- Co-authored-by: Ayush Shah <ayush@getcollate.io> 2023-05-19 09:43:11 +02:00			`secretsManagerLoader=SecretsManagerClientLoader.noop,`
Fix#5921: Implentation for retrieving auth provider config from Secret Manager (#6330) * Implentation for retrieving auth provider config from Secret Manager * Address PR comments * Address code smells from SonarCloud Co-authored-by: Pere Miquel Brull <peremiquelbrull@gmail.com> 2022-07-26 15:42:40 +02:00			`enableVersionValidation=False,`
			`)`

			`def test_ometa_with_local_secret_manager(self):`
			`self._init_local_secret_manager()`
#14340 & #13849 - Clean secret ID and improve encrypt/decrypt exception management (#14356) * Fix supported characters in SM * Update SM * Fixes * Fixes * Improve class conversion exceptions * Comments * Rename noop to db secrets manager providee * Update sm * Fix * db SM * db SM * Fix test * UI * Update openmetadata-ui/src/main/resources/ui/src/mocks/IngestionListTable.mock.ts * update default 2023-12-18 06:43:20 +01:00			`assert type(self.metadata.secrets_manager_client) is DBSecretsManager`
MINOR - Clean ingestion ES code and auth providers (#14358) * MINOR - Clean ingestion ES code and auth providers * clean parser * Clean security config for the client * Clean security config for the client * Improve class conversion exceptions * Fix tests * Clean up java client * Clean up java client * clean parser * Fix test * Fix test * fix NO_AUTH error * Fix test * Format --------- Co-authored-by: Chirag Madlani <12962843+chirag-madlani@users.noreply.github.com> 2023-12-19 12:08:48 +01:00			`assert type(self.metadata._auth_provider) is OpenMetadataAuthenticationProvider`
Fix#5921: Implentation for retrieving auth provider config from Secret Manager (#6330) * Implentation for retrieving auth provider config from Secret Manager * Address PR comments * Address code smells from SonarCloud Co-authored-by: Pere Miquel Brull <peremiquelbrull@gmail.com> 2022-07-26 15:42:40 +02:00
Fix #11548 - Secrets Managers comms with OMeta (#11602) * Remove secretsManagerCredentials from backend * Remove secretsManagerCredentials from backend * Add secrets manager loader * Load SM in the ometa client * Fix tests * Fix tests * Fix Lint * Mock AWS region --------- Co-authored-by: Ayush Shah <ayush@getcollate.io> 2023-05-19 09:43:11 +02:00			`@mock.patch.dict(os.environ, {"AWS_DEFAULT_REGION": "us-east-2"}, clear=True)`
Fix#5921: Implentation for retrieving auth provider config from Secret Manager (#6330) * Implentation for retrieving auth provider config from Secret Manager * Address PR comments * Address code smells from SonarCloud Co-authored-by: Pere Miquel Brull <peremiquelbrull@gmail.com> 2022-07-26 15:42:40 +02:00			`def test_ometa_with_aws_secret_manager(self):`
			`self._init_aws_secret_manager()`
			`assert type(self.metadata.secrets_manager_client) is AWSSecretsManager`
MINOR - Clean ingestion ES code and auth providers (#14358) * MINOR - Clean ingestion ES code and auth providers * clean parser * Clean security config for the client * Clean security config for the client * Improve class conversion exceptions * Fix tests * Clean up java client * Clean up java client * clean parser * Fix test * Fix test * fix NO_AUTH error * Fix test * Format --------- Co-authored-by: Chirag Madlani <12962843+chirag-madlani@users.noreply.github.com> 2023-12-19 12:08:48 +01:00			`assert type(self.metadata._auth_provider) is OpenMetadataAuthenticationProvider`
Fix#5921: Implentation for retrieving auth provider config from Secret Manager (#6330) * Implentation for retrieving auth provider config from Secret Manager * Address PR comments * Address code smells from SonarCloud Co-authored-by: Pere Miquel Brull <peremiquelbrull@gmail.com> 2022-07-26 15:42:40 +02:00
			`def _init_local_secret_manager(self):`
			`self.metadata = OpenMetadata(self.local_server_config)`

			`def _init_aws_secret_manager(self):`
			`self.metadata = OpenMetadata(self.aws_server_config)`