github/OpenHands
1
0
Fork 0
mirror of https://github.com/OpenHands/OpenHands.git synced 2026-03-22 13:47:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix V1 resolver custom secrets validation error (#11976)

Browse Source 
Co-authored-by: openhands <openhands@all-hands.dev>
This commit is contained in:
Rohit Malhotra
2025-12-09 11:47:31 -05:00
committed by GitHub
parent df92923959
commit 0aaad16d35
2 changed files with 143 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
enterprise/integrations/resolver_context.py
View File

@@ -2,6 +2,7 @@ from openhands.app_server.user.user_context import UserContext
from openhands.app_server.user.user_models import UserInfo
from openhands.integrations.provider import PROVIDER_TOKEN_TYPE
from openhands.integrations.service_types import ProviderType
from openhands.sdk.conversation.secret_source import SecretSource, StaticSecret
from openhands.server.user_auth.user_auth import UserAuth
@@ -44,11 +45,18 @@ class ResolverUserContext(UserContext):
async def get_provider_tokens(self) -> PROVIDER_TOKEN_TYPE | None:
return await self.saas_user_auth.get_provider_tokens()
async def get_secrets(self) -> dict[str, str]:
async def get_secrets(self) -> dict[str, SecretSource]:
"""Get secrets for the user, including custom secrets."""
secrets = await self.saas_user_auth.get_secrets()
if secrets:
return dict(secrets.custom_secrets)
# Convert custom secrets to StaticSecret objects for SDK compatibility
# secrets.custom_secrets is of type Mapping[str, CustomSecret]
converted_secrets = {}
for key, custom_secret in secrets.custom_secrets.items():
# Extract the secret value from CustomSecret and convert to StaticSecret
secret_value = custom_secret.secret.get_secret_value()
converted_secrets[key] = StaticSecret(value=secret_value)
return converted_secrets
return {}
async def get_mcp_api_key(self) -> str | None:

133
enterprise/tests/unit/integrations/test_resolver_context.py Normal file
View File

@@ -0,0 +1,133 @@
"""Test for ResolverUserContext get_secrets conversion logic.
This test focuses on testing the actual ResolverUserContext implementation.
"""
from types import MappingProxyType
from unittest.mock import AsyncMock
import pytest
from pydantic import SecretStr
from enterprise.integrations.resolver_context import ResolverUserContext
# Import the real classes we want to test
from openhands.integrations.provider import CustomSecret
# Import the SDK types we need for testing
from openhands.sdk.conversation.secret_source import SecretSource, StaticSecret
from openhands.storage.data_models.secrets import Secrets
@pytest.fixture
def mock_saas_user_auth():
"""Mock SaasUserAuth for testing."""
return AsyncMock()
@pytest.fixture
def resolver_context(mock_saas_user_auth):
"""Create a ResolverUserContext instance for testing."""
return ResolverUserContext(saas_user_auth=mock_saas_user_auth)
def create_custom_secret(value: str, description: str = 'Test secret') -> CustomSecret:
"""Helper to create CustomSecret instances."""
return CustomSecret(secret=SecretStr(value), description=description)
def create_secrets(custom_secrets_dict: dict[str, CustomSecret]) -> Secrets:
"""Helper to create Secrets instances."""
return Secrets(custom_secrets=MappingProxyType(custom_secrets_dict))
@pytest.mark.asyncio
async def test_get_secrets_converts_custom_to_static(
resolver_context, mock_saas_user_auth
):
"""Test that get_secrets correctly converts CustomSecret objects to StaticSecret objects."""
# Arrange
secrets = create_secrets(
{
'TEST_SECRET_1': create_custom_secret('secret_value_1'),
'TEST_SECRET_2': create_custom_secret('secret_value_2'),
}
)
mock_saas_user_auth.get_secrets.return_value = secrets
# Act
result = await resolver_context.get_secrets()
# Assert
assert len(result) == 2
assert all(isinstance(secret, StaticSecret) for secret in result.values())
assert result['TEST_SECRET_1'].value.get_secret_value() == 'secret_value_1'
assert result['TEST_SECRET_2'].value.get_secret_value() == 'secret_value_2'
@pytest.mark.asyncio
async def test_get_secrets_with_special_characters(
resolver_context, mock_saas_user_auth
):
"""Test that secret values with special characters are preserved during conversion."""
# Arrange
special_value = 'very_secret_password_123!@#$%^&*()'
secrets = create_secrets({'SPECIAL_SECRET': create_custom_secret(special_value)})
mock_saas_user_auth.get_secrets.return_value = secrets
# Act
result = await resolver_context.get_secrets()
# Assert
assert len(result) == 1
assert isinstance(result['SPECIAL_SECRET'], StaticSecret)
assert result['SPECIAL_SECRET'].value.get_secret_value() == special_value
@pytest.mark.asyncio
@pytest.mark.parametrize(
'secrets_input,expected_result',
[
(None, {}), # No secrets available
(create_secrets({}), {}), # Empty custom secrets
],
)
async def test_get_secrets_empty_cases(
resolver_context, mock_saas_user_auth, secrets_input, expected_result
):
"""Test that get_secrets handles empty cases correctly."""
# Arrange
mock_saas_user_auth.get_secrets.return_value = secrets_input
# Act
result = await resolver_context.get_secrets()
# Assert
assert result == expected_result
def test_static_secret_is_valid_secret_source():
"""Test that StaticSecret is a valid SecretSource for SDK validation."""
# Arrange & Act
static_secret = StaticSecret(value='test_secret_123')
# Assert
assert isinstance(static_secret, StaticSecret)
assert isinstance(static_secret, SecretSource)
assert static_secret.value.get_secret_value() == 'test_secret_123'
def test_custom_to_static_conversion():
"""Test the complete conversion flow from CustomSecret to StaticSecret."""
# Arrange
secret_value = 'conversion_test_secret'
custom_secret = create_custom_secret(secret_value, 'Conversion test')
# Act - simulate the conversion logic from the actual method
extracted_value = custom_secret.secret.get_secret_value()
static_secret = StaticSecret(value=extracted_value)
# Assert
assert isinstance(static_secret, StaticSecret)
assert isinstance(static_secret, SecretSource)
assert static_secret.value.get_secret_value() == secret_value