feat: hmac hashing jinja filter

[Natik Gadzhi (natikgadzhi)]

What

This PR adds hmac hashing filter! We need this for TikTok Shops API because reasons /shrug

Summary by CodeRabbit

• New Features

  • Introduced a new HMAC filter for secure message digest generation using the SHA-256 algorithm, enhancing template processing capabilities.

• Tests

  • Expanded test coverage to verify proper HMAC generation and error handling for various input scenarios, including tests for default and explicit hash types, numeric values, and invalid hash types.

[Copilot]

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (1)

airbyte_cdk/sources/declarative/interpolation/filters.py:151

• The docstring example uses 'hmac_hash', which is inconsistent with the actual filter name 'hmac'. Please update the example to use 'hmac' to avoid confusion.

      signature: "{{ 'message_to_sign' | hmac_hash('my_secret_key') }}"

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces a new custom Jinja2 filter, hmac, in the filters module to compute HMAC digests using SHA-256. Additionally, the filters list is updated to include this new filter. Four unit tests are added to verify correct behavior for default and explicit SHA-256 usage, numeric input handling, and proper error handling for unsupported hash types.

Changes

File(s)	Changes Summary
airbyte_cdk/sources/declarative/interpolation/filters.py	Added a new hmac function that computes an HMAC using the SHA-256 algorithm and updated the _filters_list to include this new filter. Imported the HMAC library.
unit_tests/sources/declarative/interpolation/test_filters.py	Added four unit tests for the new HMAC filter covering default SHA-256 usage, explicit hash type specification, numeric values handling, and invalid hash type errors.

Sequence Diagram(s)

sequenceDiagram
    participant T as Template Engine
    participant F as hmac Filter
    participant H as HMAC Library

    T->>F: Call hmac(value, key, hash_type)
    alt Supported hash type (SHA-256)
      F->>H: Compute HMAC using SHA-256
      H-->>F: Return hex digest
      F-->>T: Return computed HMAC digest
    else Unsupported hash type
      F-->>T: Raise ValueError
    end

Loading

Does this updated summary and the diagram meet your expectations, or is there anything you’d like to modify or expand upon? wdyt?

Tip

⚡💬 Agentic Chat (Pro Plan, General Availability)

• We're introducing multi-step agentic chat in review comments and issue comments, within and outside of PR's. This feature enhances review and issue discussions with the CodeRabbit agentic chat by enabling advanced interactions, including the ability to create pull requests directly from comments and add commits to existing pull requests.

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

airbyte_cdk/sources/declarative/interpolation/filters.py (1)

159-166: Consider defining ALLOWED_HASH_TYPES as a module-level constant

The ALLOWED_HASH_TYPES dictionary is recreated every time the function is called. For better performance and maintainability, perhaps defining it as a module-level constant would be better? This way it's only created once when the module is loaded, wdyt?

+# Supported hash types for HMAC
+_HMAC_ALLOWED_HASH_TYPES: Dict[str, Any] = {
+    "sha256": hashlib.sha256,
+}
+

 def hmac(value: Any, key: str, hash_type: str = "sha256") -> str:
     # ...
-    # Define allowed hash functions
-    ALLOWED_HASH_TYPES: Dict[str, Any] = {
-        "sha256": hashlib.sha256,
-    }

-    if hash_type not in ALLOWED_HASH_TYPES:
+    if hash_type not in _HMAC_ALLOWED_HASH_TYPES:
         raise ValueError(
-            f"Hash type '{hash_type}' is not allowed. Allowed types: {', '.join(ALLOWED_HASH_TYPES.keys())}"
+            f"Hash type '{hash_type}' is not allowed. Allowed types: {', '.join(_HMAC_ALLOWED_HASH_TYPES.keys())}"
         )

unit_tests/sources/declarative/interpolation/test_filters.py (1)

159-166: Could be more specific with the expected exception type

The test is currently checking for any exception, but the hmac function specifically raises a ValueError for invalid hash types. Would it be clearer to expect the specific exception, wdyt?

-    with pytest.raises(Exception):
+    with pytest.raises(ValueError):
         interpolation.eval(s, config={})

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3e82436 and 8481137.

📒 Files selected for processing (2)

• airbyte_cdk/sources/declarative/interpolation/filters.py (2 hunks)
• unit_tests/sources/declarative/interpolation/test_filters.py (2 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

unit_tests/sources/declarative/interpolation/test_filters.py (2)

airbyte_cdk/sources/declarative/interpolation/filters.py (1)

• hmac (139-174)

airbyte_cdk/sources/declarative/interpolation/jinja.py (1)

• eval (85-123)

⏰ Context from checks skipped due to timeout of 90000ms (9)

• GitHub Check: Check: 'source-pokeapi' (skip=false)
• GitHub Check: Check: 'source-amplitude' (skip=false)
• GitHub Check: Check: 'source-shopify' (skip=false)
• GitHub Check: Check: 'source-hardcoded-records' (skip=false)
• GitHub Check: SDM Docker Image Build
• GitHub Check: Pytest (All, Python 3.11, Ubuntu)
• GitHub Check: Pytest (Fast)
• GitHub Check: Pytest (All, Python 3.10, Ubuntu)
• GitHub Check: Analyze (python)

🔇 Additional comments (5)

airbyte_cdk/sources/declarative/interpolation/filters.py (2)

168-174: The implementation for hmac looks good!

The implementation correctly:

1. Handles string conversion for both key and value
2. Uses the specified hash algorithm
3. Returns the hexadecimal digest

---

177-185: Filter successfully added to _filters_list

The new HMAC filter has been correctly added to the list of available filters.

unit_tests/sources/declarative/interpolation/test_filters.py (3)

111-125: Test for default HMAC usage is well-structured

This test correctly verifies the default behavior of the HMAC filter (using SHA-256). Good job computing the expected value directly with the hmac library for comparison!

---

127-141: Test for explicit SHA-256 specification is thorough

This test nicely complements the default test by explicitly specifying 'sha256' as the hash type.

---

143-157: Test for numeric value handling is comprehensive

Great job testing numeric values! This ensures the filter handles non-string inputs correctly by converting them to strings.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

unit_tests/sources/declarative/interpolation/test_filters.py (1)

111-166: Comprehensive test coverage for the new HMAC filter

The test suite thoroughly covers all important aspects of the new filter: default behavior, explicit parameters, edge cases with different input types, and error handling. Have you considered adding a test for an empty message or key? Just a thought - the current coverage is already quite solid, wdyt?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8481137 and 06d1f17.

📒 Files selected for processing (2)

• airbyte_cdk/sources/declarative/interpolation/filters.py (2 hunks)
• unit_tests/sources/declarative/interpolation/test_filters.py (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• airbyte_cdk/sources/declarative/interpolation/filters.py

🧰 Additional context used

🧬 Code Graph Analysis (1)

unit_tests/sources/declarative/interpolation/test_filters.py (2)

airbyte_cdk/sources/declarative/interpolation/filters.py (1)

• hmac (139-174)

airbyte_cdk/sources/declarative/interpolation/jinja.py (1)

• eval (85-123)

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: Pytest (All, Python 3.11, Ubuntu)
• GitHub Check: SDM Docker Image Build
• GitHub Check: Pytest (All, Python 3.10, Ubuntu)
• GitHub Check: Pytest (Fast)
• GitHub Check: Analyze (python)

🔇 Additional comments (5)

unit_tests/sources/declarative/interpolation/test_filters.py (5)

6-6: Good addition of the hmac import aliased as hmac_lib

This is a clean way to avoid naming conflicts with the filter function. The import is essential for verifying the filter's output against a reference implementation.

---

111-124: LGTM! Test for default HMAC behavior with SHA-256

The test follows the established pattern in the file and properly validates the HMAC filter with default parameters against the expected output from the hmac_lib implementation. This ensures the filter works correctly with its default settings.

---

127-140: LGTM! Test for explicit SHA-256 specification

Good test to verify that explicitly specifying 'sha256' works correctly. This reinforces that the filter properly handles parameter specification and maintains consistent behavior regardless of how it's invoked.

---

143-156: LGTM! Testing numeric input handling

Excellent edge case testing! Verifying that numeric inputs are properly converted to strings before hashing is important for robustness. The test confirms that the filter correctly handles different input types.

---

159-166: LGTM! Proper error handling test

Good validation of error handling behavior. The test ensures that the filter rejects unsupported hash types with an appropriate exception, following the implementation's requirement to only accept SHA-256.

[Ben Church (bnchrch)]

No argument here. Its additive, I trust you that it works, and this is your last day so no need to go back and forth.

[Ben Church (bnchrch)]

Ah gotcha, so to use this in many cases its up to the caller to create the list of query params by hand to sign.

Think thats a fine work around.

But it seems like the next win is

1. a jinja function to get all query params
2. a jinja function to transform it into a delimited string (after you optionally sort / filter / map the list)

[Natik Gadzhi (natikgadzhi)]

Yes, that would indeed make things easier.