This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new ee3a471a0b1 Add test coverage for untested VaultBackend path branches
(#62694)
ee3a471a0b1 is described below
commit ee3a471a0b1ccff0cf80644712664afdaca84d22
Author: SameerMesiah97 <[email protected]>
AuthorDate: Thu Mar 12 00:48:30 2026 +0000
Add test coverage for untested VaultBackend path branches (#62694)
Add coverage for connections_path="" to ensure connection IDs are not
prefixed.
Extend mount_point=None test to cover non-prefixed keys returning None and
avoiding Vault calls.
Co-authored-by: Sameer Mesiah <[email protected]>
---
.../tests/unit/hashicorp/secrets/test_vault.py | 42 ++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/providers/hashicorp/tests/unit/hashicorp/secrets/test_vault.py
b/providers/hashicorp/tests/unit/hashicorp/secrets/test_vault.py
index 274e07119c9..e1dd064da0c 100644
--- a/providers/hashicorp/tests/unit/hashicorp/secrets/test_vault.py
+++ b/providers/hashicorp/tests/unit/hashicorp/secrets/test_vault.py
@@ -111,6 +111,14 @@ class TestVaultSecrets:
connection =
test_client.get_connection(conn_id="airflow/test_postgres")
assert connection.get_uri() ==
"postgresql://airflow:airflow@host:5432/airflow?foo=bar&baz=taz"
+ # When mount_point=None and conn_id does not contain "/",
+ # backend should return None and not call Vault
+
+ mock_client.reset_mock()
+
+ assert test_client.get_connection("simple_id") is None
+ mock_client.secrets.kv.v2.read_secret_version.assert_not_called()
+
@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
def test_get_variable_value(self, mock_hvac):
mock_client = mock.MagicMock()
@@ -488,6 +496,40 @@ class TestVaultSecrets:
assert test_client.get_connection(conn_id="test") is None
mock_hvac.Client.assert_not_called()
+
@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
+ def test_get_connection_with_empty_connections_path(self, mock_hvac):
+ mock_client = mock.MagicMock()
+ mock_hvac.Client.return_value = mock_client
+
+ mock_client.secrets.kv.v2.read_secret_version.return_value = {
+ "data": {
+ "data": {"conn_uri": "postgresql://user:pass@host:5432/db"},
+ "metadata": {"version": 1},
+ }
+ }
+
+ kwargs = {
+ "connections_path": "",
+ "mount_point": "airflow",
+ "auth_type": "token",
+ "url": "http://127.0.0.1:8200";,
+ "token": "token",
+ }
+
+ backend = VaultBackend(**kwargs)
+
+ connection = backend.get_connection("my_conn")
+
+ # Assert Vault was called without "connections/" prefix
+ mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
+ mount_point="airflow",
+ path="my_conn",
+ version=None,
+ raise_on_deleted_version=True,
+ )
+
+ assert connection.get_uri() == "postgres://user:pass@host:5432/db"
+
@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
def test_variables_path_none_value(self, mock_hvac):
mock_client = mock.MagicMock()
