feat(cdk): allow empty secrets (bing-ads)

[Aldo Gonzalez (aldogonzalez8)]

Allow empty secrets during oauth

Required for: airbytehq/airbyte#59136
Resolves: https://github.com/airbytehq/airbyte-internal-issues/issues/12679

Summary by CodeRabbit

• Bug Fixes
  • Improved error handling in OAuth2 authentication by logging a warning when the client secret is missing, allowing smoother authentication without interruptions.
  • Ensured the client secret field is included as empty in authentication requests when not provided, enhancing stability.

[Aldo Gonzalez (aldogonzalez8)]

/autofix

Auto-Fix Job Info

This job attempts to auto-fix any linting or formating issues. If any fixes are made,
those changes will be automatically committed and pushed back to the PR.

Note: This job can only be run by maintainers. On PRs from forks, this command requires
that the PR author has enabled the Allow edits from maintainers option.

PR auto-fix job started... Check job output.

✅ Changes applied successfully.

[coderabbitai]

📝 Walkthrough

Walkthrough

The update modifies the behavior of the DeclarativeOauth2Authenticator class in the OAuth authentication module. Instead of raising a ValueError when the client secret cannot be evaluated, the code now logs a warning and proceeds without a client secret. This change involves importing the logging module, initializing a logger, and updating the error handling logic within the get_client_secret method. Additionally, a new unit test was added to verify that when the client secret is missing from the configuration, the authenticator returns an empty string in the refresh request body. No changes were made to the public interface or method signatures.

Changes

File(s)	Change Summary
airbyte_cdk/sources/declarative/auth/oauth.py	Replaced exception raising with warning log in get_client_secret; added logging initialization.
unit_tests/sources/declarative/auth/test_oauth.py	Added test test_client_secret_empty to verify behavior when client secret is missing in the config.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant DeclarativeOauth2Authenticator
    participant Logger

    User->>DeclarativeOauth2Authenticator: Call get_client_secret()
    DeclarativeOauth2Authenticator->>DeclarativeOauth2Authenticator: Evaluate client secret
    alt Client secret cannot be evaluated
        DeclarativeOauth2Authenticator->>Logger: Log warning
        DeclarativeOauth2Authenticator-->>User: Return empty/None client secret
    else Client secret evaluated
        DeclarativeOauth2Authenticator-->>User: Return client secret
    end

Loading

Would you like me to suggest adding a test case that specifically asserts the warning log is emitted when the client secret is empty? Wdyt?

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

airbyte_cdk/sources/declarative/auth/oauth.py (2)

207-211: Nice improvement to handle empty client secrets.

The change from raising an error to logging a warning is well-justified by the comment explaining that some APIs allow empty client secrets. This makes the authenticator more flexible while still alerting users to potential issues.

Would it make sense to also update the type annotation comment on line 211? It still mentions "or an error will be raised" which is no longer true for empty client secrets. wdyt?

-        return client_secret  # type: ignore # value will be returned as a string, or an error will be raised
+        return client_secret  # type: ignore # value will be returned as a string, which might be empty

---

26-50: Consider updating class documentation.

Since this class now supports empty client secrets, it might be helpful to update the documentation to mention this capability, especially in the client_secret attribute description on line 36.

Would something like this be useful? wdyt?

-        client_secret (Union[InterpolatedString, str]): Client secret
+        client_secret (Union[InterpolatedString, str]): Client secret (can be empty for APIs that support this)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a1dd40b and 4e0ebc4.

📒 Files selected for processing (1)

• airbyte_cdk/sources/declarative/auth/oauth.py (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (9)

• GitHub Check: Check: 'source-pokeapi' (skip=false)
• GitHub Check: Check: 'source-amplitude' (skip=false)
• GitHub Check: Check: 'source-shopify' (skip=false)
• GitHub Check: Check: 'source-hardcoded-records' (skip=false)
• GitHub Check: Pytest (Fast)
• GitHub Check: Pytest (All, Python 3.11, Ubuntu)
• GitHub Check: Pytest (All, Python 3.10, Ubuntu)
• GitHub Check: SDM Docker Image Build
• GitHub Check: Analyze (python)

🔇 Additional comments (3)

airbyte_cdk/sources/declarative/auth/oauth.py (3)

5-5: Good choice adding the logging module.

The import of the logging module is appropriate for the warning functionality you're adding. Clean integration with the existing imports.

Also applies to: 8-8

---

23-24: Logger initialization looks good.

Creating a logger with the "airbyte" name follows standard Python logging practices and aligns with the package organization. The empty line after it helps with code readability.

---

164-170: Consider updating validation logic for consistency.

This validation block requires both client_id and client_secret when not using profile assertion. Since we now allow empty client_secret values, should we consider relaxing this validation too? Or perhaps clarify that client_secret can be empty but must be provided?

I'm not suggesting a change is needed, just highlighting a potential inconsistency between this validation and the new behavior. wdyt?

[Maxime Carbonneau-Leclerc (maxi297)]

LGTM!

Can we add this test as well?

[Aldo Gonzalez (aldogonzalez8)]

LGTM!

Can we add this test as well?

I will allow it

[Aldo Gonzalez (aldogonzalez8)]

LGTM!

Can we add this test as well?

Tests added Maxime Carbonneau-Leclerc (@maxi297)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

unit_tests/sources/declarative/auth/test_oauth.py (1)

132-145: Test correctly verifies handling of empty client secrets.

This test nicely complements the implementation change that allows empty secrets during OAuth authentication. It ensures that when the client secret is missing, the authenticator includes an empty string in the refresh request body instead of raising an error.

Would it be helpful to also add tests for cases where "client_secret": "" or "client_secret": None? These might be useful edge cases to consider, especially with Bing Ads implementation. Also, adding a docstring to explain the test purpose (similar to other test methods) might be helpful for future developers, wdyt?

 def test_client_secret_empty(self):
+    """
+    Test that when client_secret is missing from config, an empty string is used in the refresh request body.
+    This ensures compatibility with services like Bing Ads that allow empty secrets.
+    """
     config_without_client_secret = deepcopy(config)
     del config_without_client_secret["client_secret"]
     oauth = DeclarativeOauth2Authenticator(

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b9d1930 and aec8361.

📒 Files selected for processing (1)

• unit_tests/sources/declarative/auth/test_oauth.py (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (9)

• GitHub Check: Check: 'source-pokeapi' (skip=false)
• GitHub Check: Check: 'source-amplitude' (skip=false)
• GitHub Check: Check: 'source-shopify' (skip=false)
• GitHub Check: Check: 'source-hardcoded-records' (skip=false)
• GitHub Check: Pytest (Fast)
• GitHub Check: Pytest (All, Python 3.11, Ubuntu)
• GitHub Check: Pytest (All, Python 3.10, Ubuntu)
• GitHub Check: SDM Docker Image Build
• GitHub Check: Analyze (python)

🔇 Additional comments (1)

unit_tests/sources/declarative/auth/test_oauth.py (1)

8-8: Good addition of the deepcopy import.

The import of deepcopy is used appropriately in the new test to avoid modifying the shared config dictionary, which could affect other tests.

[Maxime Carbonneau-Leclerc (maxi297)]

Why are all the smoke tests failing? If we're fine with this, let's move forward

[Aldo Gonzalez (aldogonzalez8)]

Why are all the smoke tests failing? If we're fine with this, let's move forward

Maxime Carbonneau-Leclerc (@maxi297) :( More context here

creating virtual environment...
determining package name from '/home/runner/work/airbyte-python-cdk/airbyte-python-cdk/airbyte/airbyte-ci/connectors/pipelines'...
creating virtual environment...
installing pipelines from spec '/home/runner/work/airbyte-python-cdk/airbyte-python-cdk/airbyte/airbyte-ci/connectors/pipelines'...
Fatal error from pip prevented installation. Full pip output in file:
    /opt/pipx/logs/cmd_20[25](https://github.com/airbytehq/airbyte-python-cdk/actions/runs/14760798146/job/41442045120?pr=519#step:7:26)-04-30_18.04.42_pip_errors.log