Add test for sensitive config masking in airflowctl#60361
Add test for sensitive config masking in airflowctl#60361bugraoz93 merged 3 commits intoapache:mainfrom
Conversation
Subham-KRLX
force-pushed
the
fix/airflowctl-config-masking-clean
branch
from
3fc9d40 to
0332c5f
Compare
|
@potiuk @bugraoz93 thanks for the review setup. |
|
You can use It's actually even written in the error message - no need to post questions and wait for someone- better to read what error message says and apply the remediation it suggests. |
bugraoz93
left a comment
bugraoz93
left a comment
There was a problem hiding this comment.
Thanks for raising a PR! It would be cleaner if we didn't create a new file, but instead put the test in the file we already have for config command. We generally tend to have a test per Python file, which can serve for multiple purposes under the unit test category
As Jarek suggested, please use prek to fix. You can check the CI job and use the --all-files param on prek to rerun those for all files
|
We also have some under here for auto generated ones Export will be on specific file in above message |
|
@bugraoz93 @potiuk I have reorganized the tests per your suggestions: Moved test_config_list_masking_preservation() to test_config_command.py (for CLI list command) |
bugraoz93
left a comment
bugraoz93
left a comment
There was a problem hiding this comment.
Looks better! Thanks!
Sorry for being double, but could you please add a test to airflow-ctl-test as well on this specific case? It could be on another PR as well, then we can just make this PR relates: #<issue> and next PR closes: #<issue> in the description? Because we are indeed testing if these lines work well with the line of codes but actual integration test can only be proven there. Although I am not sure if we need to put this integration test on both sides. For me, they should exist in both places since they are different distributions and released separately to fully show our tooling follows up on what has been written.
What do you think, @potiuk?
|
In integration tests, we should consider creating different test cases (different file, we can still use debug mode as initiation) then usual happy path. Splitting the integration test over the test scenario paths could be easier to manage for integration tests. |
|
@bugraoz93 Thanks for the approval I will create a separate PR for the integration tests in airflow-ctl-tests. Will update this to |
|
@Subham-KRLX Could you please also update the description about AI usage? We have added a template that explains the AI usage on the solution |
|
@bugraoz93 All necessary changes have been made including the updated AI usage section in the description as requested. |
Test verifies that ConfigOperations.list() correctly preserves masked values (e.g., '< hidden >') from the API response without accidentally exposing or modifying them during JSON parsing and model validation. Addresses apache#59843
- Move test_config_sensitive_masking.py tests to existing test files: - test_config_list_masking_preservation() added to test_config_command.py for CLI list command - test_get_masked_value() added to test_operations.py for API get operation - Remove standalone test file to maintain one test per Python file convention - Run prek to fix all static check issues (ruff formatting) - All tests verify API-masked sensitive values are preserved through the CLI Closes apache#59843
bugraoz93
force-pushed
the
fix/airflowctl-config-masking-clean
branch
from
0721b0a to
ea0c26e
Compare
* Add unittest to add a mechanism if adding to airflowctl preserves the API's sensitive config masking
* Add unittest to add a mechanism if adding to airflowctl preserves the API's sensitive config masking
* Add unittest to add a mechanism if adding to airflowctl preserves the API's sensitive config masking
* Add unittest to add a mechanism if adding to airflowctl preserves the API's sensitive config masking
* Add unittest to add a mechanism if adding to airflowctl preserves the API's sensitive config masking
3 participants
Description
Added test to verify sensitive config values are properly masked when using airflowctl.
The Airflow API already masks sensitive values (like
fernet_key,sql_alchemy_conn) when returning config data. This test confirms that airflowctl correctly receives and displays those masked values.Changes
tests/airflow_ctl/ctl/commands/test_config_command.py(CLI list command)tests/airflow_ctl/api/test_operations.py(API get operation)ConfigOperations.list()handles masked data correctlyRelated Issue
relates: #59843
AI Usage
Was generative AI tooling used to co-author this PR?
Yes, used an AI coding assistant to help generate test cases and refactor code structure.
Testing