Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed load_samples to wrap variables in quotes to prevent YAML parsing errors #5858

Merged
merged 1 commit into from
Mar 8, 2025
Merged

Fixed load_samples to wrap variables in quotes to prevent YAML parsing errors #5858

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ Changes can also be flagged with a GitHub label for tracking purposes. The URL o

### Fixed
- Fixed pagination bugs on some tables [#5819](https://github.com/ethyca/fides/pull/5819)
- Fixed load_samples to wrap variables in quotes to prevent YAML parsing errors [#5857](https://github.com/ethyca/fides/pull/5857)

## [2.56.2](https://github.com/ethyca/fides/compare/2.56.1...2.56.2)

Expand Down
58 changes: 29 additions & 29 deletions src/fides/data/sample_project/sample_connections/sample_connections.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,24 +6,24 @@ connection:
dataset: postgres_example_test_dataset
system_key: cookie_house_postgresql_database
secrets:
host: $FIDES_DEPLOY__CONNECTORS__POSTGRES__HOST
port: $FIDES_DEPLOY__CONNECTORS__POSTGRES__PORT
dbname: $FIDES_DEPLOY__CONNECTORS__POSTGRES__DBNAME
username: $FIDES_DEPLOY__CONNECTORS__POSTGRES__USERNAME
password: $FIDES_DEPLOY__CONNECTORS__POSTGRES__PASSWORD
ssh_required: $FIDES_DEPLOY__CONNECTORS__POSTGRES__SSH_REQUIRED
host: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__HOST"
port: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__PORT"
dbname: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__DBNAME"
username: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__USERNAME"
password: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__PASSWORD"
ssh_required: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__SSH_REQUIRED"
- key: cookie_house_loyalty_database
name: Postgres Connector (Loyalty)
connection_type: postgres
access: write
dataset: postgres_example_test_extended_dataset
system_key: cookie_house_loyalty_database
secrets:
host: $FIDES_DEPLOY__CONNECTORS__POSTGRES_LOYALTY__HOST
port: $FIDES_DEPLOY__CONNECTORS__POSTGRES__PORT
dbname: $FIDES_DEPLOY__CONNECTORS__POSTGRES__DBNAME
username: $FIDES_DEPLOY__CONNECTORS__POSTGRES__USERNAME
password: $FIDES_DEPLOY__CONNECTORS__POSTGRES__PASSWORD
host: "$FIDES_DEPLOY__CONNECTORS__POSTGRES_LOYALTY__HOST"
port: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__PORT"
dbname: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__DBNAME"
username: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__USERNAME"
password: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__PASSWORD"
disabled: True
- key: cookie_house_customer_database_mongodb
name: MongoDB Connector
Expand All @@ -32,52 +32,52 @@ connection:
dataset: mongo_test
system_key: cookie_house_customer_database
secrets:
host: $FIDES_DEPLOY__CONNECTORS__MONGO_HOST
port: $FIDES_DEPLOY__CONNECTORS__MONGO_PORT
defaultauthdb: $FIDES_DEPLOY__CONNECTORS__MONGO_DEFAULTAUTHDB
username: $FIDES_DEPLOY__CONNECTORS__MONGO_USERNAME
password: $FIDES_DEPLOY__CONNECTORS__MONGO_PASSWORD
host: "$FIDES_DEPLOY__CONNECTORS__MONGO_HOST"
port: "$FIDES_DEPLOY__CONNECTORS__MONGO_PORT"
defaultauthdb: "$FIDES_DEPLOY__CONNECTORS__MONGO_DEFAULTAUTHDB"
username: "$FIDES_DEPLOY__CONNECTORS__MONGO_USERNAME"
password: "$FIDES_DEPLOY__CONNECTORS__MONGO_PASSWORD"
- key: mailchimp_connector
name: Mailchimp Connector
connection_type: saas
saas_connector_type: mailchimp
access: write
secrets:
domain: $FIDES_DEPLOY__CONNECTORS__MAILCHIMP__DOMAIN
username: $FIDES_DEPLOY__CONNECTORS__MAILCHIMP__USERNAME
api_key: $FIDES_DEPLOY__CONNECTORS__MAILCHIMP__API_KEY
domain: "$FIDES_DEPLOY__CONNECTORS__MAILCHIMP__DOMAIN"
username: "$FIDES_DEPLOY__CONNECTORS__MAILCHIMP__USERNAME"
api_key: "$FIDES_DEPLOY__CONNECTORS__MAILCHIMP__API_KEY"
- key: stripe_connector
name: Stripe Connector
connection_type: saas
saas_connector_type: stripe
access: write
secrets:
domain: $FIDES_DEPLOY__CONNECTORS__STRIPE__DOMAIN
api_key: $FIDES_DEPLOY__CONNECTORS__STRIPE__API_KEY
domain: "$FIDES_DEPLOY__CONNECTORS__STRIPE__DOMAIN"
api_key: "$FIDES_DEPLOY__CONNECTORS__STRIPE__API_KEY"
- key: hubspot_connector
name: Hubspot Connector
connection_type: saas
saas_connector_type: hubspot
access: write
secrets:
domain: $FIDES_DEPLOY__CONNECTORS__HUBSPOT__DOMAIN
private_app_token: $FIDES_DEPLOY__CONNECTORS__HUBSPOT__PRIVATE_APP_TOKEN
domain: "$FIDES_DEPLOY__CONNECTORS__HUBSPOT__DOMAIN"
private_app_token: "$FIDES_DEPLOY__CONNECTORS__HUBSPOT__PRIVATE_APP_TOKEN"
- key: mailchimp_transactional_connector
name: Mailchimp Transactional Connector
connection_type: saas
saas_connector_type: mailchimp_transactional
access: write
secrets:
api_key: $FIDES_DEPLOY__CONNECTORS__MAILCHIMP_TRANSACTIONAL_API_KEY
api_key: "$FIDES_DEPLOY__CONNECTORS__MAILCHIMP_TRANSACTIONAL_API_KEY"
- key: cookie_house_custom_request_fields_database
name: Postgres Connector (Custom Request Fields)
connection_type: postgres
access: write
dataset: postgres_example_custom_request_field_dataset
system_key: cookie_house_custom_request_fields_database
secrets:
host: $FIDES_DEPLOY__CONNECTORS__POSTGRES__HOST
port: $FIDES_DEPLOY__CONNECTORS__POSTGRES__PORT
dbname: $FIDES_DEPLOY__CONNECTORS__POSTGRES__DBNAME
username: $FIDES_DEPLOY__CONNECTORS__POSTGRES__USERNAME
password: $FIDES_DEPLOY__CONNECTORS__POSTGRES__PASSWORD
host: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__HOST"
port: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__PORT"
dbname: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__DBNAME"
username: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__USERNAME"
password: "$FIDES_DEPLOY__CONNECTORS__POSTGRES__PASSWORD"
52 changes: 49 additions & 3 deletions tests/ctl/api/test_seed.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
from unittest.mock import patch

import pytest
import yaml
from fideslang.default_taxonomy import DEFAULT_TAXONOMY
from fideslang.models import DataCategory, Organization
from sqlalchemy.ext.asyncio import AsyncSession
Expand Down Expand Up @@ -459,15 +460,15 @@ class TestLoadSamples:
"FIDES_DEPLOY__CONNECTORS__POSTGRES__PORT": "9090",
"FIDES_DEPLOY__CONNECTORS__POSTGRES__DBNAME": "test-var-db",
"FIDES_DEPLOY__CONNECTORS__POSTGRES__USERNAME": "test-var-user",
"FIDES_DEPLOY__CONNECTORS__POSTGRES__PASSWORD": "test-var-password",
"FIDES_DEPLOY__CONNECTORS__POSTGRES__PASSWORD": "&anchor!-test-password",
"FIDES_DEPLOY__CONNECTORS__POSTGRES__SSH_REQUIRED": "false",
"FIDES_DEPLOY__CONNECTORS__STRIPE__DOMAIN": "test-stripe-domain",
"FIDES_DEPLOY__CONNECTORS__STRIPE__API_KEY": "test-stripe-api-key",
"FIDES_DEPLOY__CONNECTORS__MONGO_HOST": "test-var-expansion",
"FIDES_DEPLOY__CONNECTORS__MONGO_PORT": "9090",
"FIDES_DEPLOY__CONNECTORS__MONGO_DEFAULTAUTHDB": "test-var-db",
"FIDES_DEPLOY__CONNECTORS__MONGO_USERNAME": "test-var-user",
"FIDES_DEPLOY__CONNECTORS__MONGO_PASSWORD": "test-var-password",
"FIDES_DEPLOY__CONNECTORS__MONGO_PASSWORD": "&anchor!-test-password",
}

@patch.dict(os.environ, SAMPLE_ENV_VARS, clear=True)
Expand Down Expand Up @@ -613,7 +614,8 @@ async def test_load_sample_connections(self):
0
].model_dump(mode="json")
assert postgres["secrets"]["host"] == "test-var-expansion"
assert postgres["secrets"]["port"] == 9090
assert postgres["secrets"]["port"] == "9090"
assert postgres["secrets"]["password"] == "&anchor!-test-password"

@patch.dict(
os.environ,
Expand Down Expand Up @@ -657,3 +659,47 @@ async def test_load_sample_yaml_file(self):
assert sample_connection["secrets"]["dbname"] == "var-2"
assert sample_connection["secrets"]["username"] == "user-var-2"
assert sample_connection["secrets"]["password"] == "var-1-var-2"

@patch.dict(
os.environ,
{
"TEST_PASSWORD": "&anchor!'quote'!@#$%^&*",
},
clear=True,
)
async def test_load_sample_yaml_with_special_chars(self):
"""Test that YAML parsing requires proper quoting for environment variables with special characters"""
# Test safe usage with quotes
safe_yaml = dedent(
"""\
connection:
- key: test_connection
name: Test Connection
connection_type: postgres
access: write
secrets:
password: "$TEST_PASSWORD"
"""
)
sample_file = io.StringIO(safe_yaml)
sample_dict = samples.load_sample_yaml_file(sample_file)
assert (
sample_dict["connection"][0]["secrets"]["password"]
== "&anchor!'quote'!@#$%^&*"
)

# Test unsafe usage without quotes - should raise YAML parsing error
unsafe_yaml = dedent(
"""\
connection:
- key: test_connection
name: Test Connection
connection_type: postgres
access: write
secrets:
password: $TEST_PASSWORD
"""
)
sample_file = io.StringIO(unsafe_yaml)
with pytest.raises(yaml.scanner.ScannerError):
samples.load_sample_yaml_file(sample_file)