Add SecretDumpMixin for auth schemas

Author: Ilyas Gasanov

syncmaster/db/repositories/utils.py

@@ -6,7 +6,6 @@
 from typing import TYPE_CHECKING
 
 from cryptography.fernet import Fernet
-from pydantic import SecretStr
 
 if TYPE_CHECKING:
     from syncmaster.scheduler.settings import SchedulerAppSettings
@@ -23,11 +22,6 @@ def decrypt_auth_data(
     return json.loads(decrypted)
 
 
-def _json_default(value):
-    if isinstance(value, SecretStr):
-        return value.get_secret_value()
-
-
 def encrypt_auth_data(
     value: dict,
     settings: WorkerAppSettings | SchedulerAppSettings | ServerAppSettings,
@@ -37,7 +31,6 @@ def encrypt_auth_data(
         value,
         ensure_ascii=False,
         sort_keys=True,
-        default=_json_default,
     )
     encrypted = encryptor.encrypt(serialized.encode("utf-8"))
     return encrypted.decode("utf-8")

syncmaster/schemas/v1/auth/basic.py

@@ -2,10 +2,12 @@
 # SPDX-License-Identifier: Apache-2.0
 from typing import Literal
 
-from pydantic import BaseModel, Field, SecretStr
+from pydantic import Field, SecretStr
 
+from syncmaster.schemas.v1.auth.mixins import SecretDumpMixin
 
-class ReadBasicAuthSchema(BaseModel):
+
+class ReadBasicAuthSchema(SecretDumpMixin):
     type: Literal["basic"] = Field(description="Auth type")
     user: str
 

syncmaster/schemas/v1/auth/iceberg_rest_s3_delegated/bearer.py

@@ -2,10 +2,12 @@
 # SPDX-License-Identifier: Apache-2.0
 from typing import Literal
 
-from pydantic import BaseModel, Field, SecretStr
+from pydantic import Field, SecretStr
 
+from syncmaster.schemas.v1.auth.mixins import SecretDumpMixin
 
-class ReadIcebergRESTCatalogBearerAuthSchema(BaseModel):
+
+class ReadIcebergRESTCatalogBearerAuthSchema(SecretDumpMixin):
     type: Literal["iceberg_rest_bearer"] = Field(description="Auth type")
 
 

syncmaster/schemas/v1/auth/iceberg_rest_s3_delegated/oauth2_client_credentials.py

@@ -2,12 +2,13 @@
 # SPDX-License-Identifier: Apache-2.0
 from typing import Literal
 
-from pydantic import BaseModel, Field, SecretStr
+from pydantic import Field, SecretStr
 
+from syncmaster.schemas.v1.auth.mixins import SecretDumpMixin
 from syncmaster.schemas.v1.types import URL
 
 
-class ReadIcebergRESTCatalogOAuth2ClientCredentialsAuthSchema(BaseModel):
+class ReadIcebergRESTCatalogOAuth2ClientCredentialsAuthSchema(SecretDumpMixin):
     type: Literal["iceberg_rest_oauth2_client_credentials"] = Field(description="Auth type")
     rest_catalog_oauth2_client_id: str
     rest_catalog_oauth2_scopes: list[str] = Field(default_factory=list)

syncmaster/schemas/v1/auth/iceberg_rest_s3_direct/bearer.py

@@ -2,10 +2,12 @@
 # SPDX-License-Identifier: Apache-2.0
 from typing import Literal
 
-from pydantic import BaseModel, Field, SecretStr
+from pydantic import Field, SecretStr
 
+from syncmaster.schemas.v1.auth.mixins import SecretDumpMixin
 
-class ReadIcebergRESTCatalogBearerS3BasicAuthSchema(BaseModel):
+
+class ReadIcebergRESTCatalogBearerS3BasicAuthSchema(SecretDumpMixin):
     type: Literal["iceberg_rest_bearer_s3_basic"] = Field(description="Auth type")
     s3_access_key: str
 

syncmaster/schemas/v1/auth/iceberg_rest_s3_direct/oauth2_client_credentials.py

@@ -2,10 +2,12 @@
 # SPDX-License-Identifier: Apache-2.0
 from typing import Literal
 
-from pydantic import BaseModel, Field, SecretStr
+from pydantic import Field, SecretStr
 
+from syncmaster.schemas.v1.auth.mixins import SecretDumpMixin
 
-class ReadIcebergRESTCatalogOAuth2ClientCredentialsS3BasicAuthSchema(BaseModel):
+
+class ReadIcebergRESTCatalogOAuth2ClientCredentialsS3BasicAuthSchema(SecretDumpMixin):
     type: Literal["iceberg_rest_oauth2_client_credentials_s3_basic"] = Field(description="Auth type")
     rest_catalog_oauth2_client_id: str
     rest_catalog_oauth2_scopes: list[str] = Field(default_factory=list)

syncmaster/schemas/v1/auth/mixins.py

@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2023-2024 MTS PJSC
+# SPDX-License-Identifier: Apache-2.0
+from pydantic import BaseModel, SecretStr, field_serializer
+
+
+class SecretDumpMixin(BaseModel):
+
+    @field_serializer("*", when_used="json")
+    def dump_secrets(self, value):
+        if isinstance(value, SecretStr):
+            return value.get_secret_value()
+        return value

syncmaster/schemas/v1/auth/s3.py

@@ -2,10 +2,12 @@
 # SPDX-License-Identifier: Apache-2.0
 from typing import Literal
 
-from pydantic import BaseModel, Field, SecretStr
+from pydantic import Field, SecretStr
 
+from syncmaster.schemas.v1.auth.mixins import SecretDumpMixin
 
-class ReadS3AuthSchema(BaseModel):
+
+class ReadS3AuthSchema(SecretDumpMixin):
     type: Literal["s3"] = Field(description="Auth type")
     access_key: str
 

syncmaster/schemas/v1/auth/samba.py

@@ -2,10 +2,12 @@
 # SPDX-License-Identifier: Apache-2.0
 from typing import Literal
 
-from pydantic import BaseModel, Field, SecretStr
+from pydantic import Field, SecretStr
 
+from syncmaster.schemas.v1.auth.mixins import SecretDumpMixin
 
-class ReadSambaAuthSchema(BaseModel):
+
+class ReadSambaAuthSchema(SecretDumpMixin):
     type: Literal["samba"] = Field(description="Auth type")
     user: str
     auth_type: Literal["NTLMv1", "NTLMv2"] = "NTLMv2"