SAT: do not treat spec fields with const values as the ones that can …

…hold secrets (#19465)

* SAT: do not treat spec fields with const values as the ones that can hold secrets

* sat: upd changelog

airbyte-integrations/bases/source-acceptance-test/CHANGELOG.md

@@ -1,6 +1,9 @@
 # Changelog
 
 
+## 0.2.19
+Test for exposed secrets: const values can not hold secrets. [#19465](https://github.com/airbytehq/airbyte/pull/19465).
+
 ## 0.2.18
 Test connector specification against exposed secret fields. [#19124](https://github.com/airbytehq/airbyte/pull/19124).
 

airbyte-integrations/bases/source-acceptance-test/Dockerfile

@@ -33,7 +33,7 @@ COPY pytest.ini setup.py ./
 COPY source_acceptance_test ./source_acceptance_test
 RUN pip install .
 
-LABEL io.airbyte.version=0.2.18
+LABEL io.airbyte.version=0.2.19
 LABEL io.airbyte.name=airbyte/source-acceptance-test
 
 ENTRYPOINT ["python", "-m", "pytest", "-p", "source_acceptance_test.plugin", "-r", "fEsx"]

airbyte-integrations/bases/source-acceptance-test/source_acceptance_test/tests/test_core.py

@@ -212,21 +212,27 @@ def _property_can_store_secret(prop: dict) -> bool:
         A string, a number or an integer type can always store secrets.
         Objects and arrays can hold a secret in case they are generic,
         meaning their inner structure is not described in details with properties/items.
+        A field with a constant value can not hold a secret as well.
         """
         unsecure_types = {"string", "integer", "number"}
         type_ = prop["type"]
         is_property_generic_object = type_ == "object" and not any(
             [prop.get("properties", {}), prop.get("anyOf", []), prop.get("oneOf", []), prop.get("allOf", [])]
         )
         is_property_generic_array = type_ == "array" and not any([prop.get("items", []), prop.get("prefixItems", [])])
-        return any(
+        is_property_constant_value = bool(prop.get("const"))
+        can_store_secret = any(
             [
                 isinstance(type_, str) and type_ in unsecure_types,
                 is_property_generic_object,
                 is_property_generic_array,
                 isinstance(type_, list) and (set(type_) & unsecure_types),
             ]
         )
+        if not can_store_secret:
+            return False
+        # if a property can store a secret, additional check should be done if it's a constant value
+        return not is_property_constant_value
 
     def test_secret_is_properly_marked(self, connector_spec_dict: dict, detailed_logger, secret_property_names):
         """

airbyte-integrations/bases/source-acceptance-test/unit_tests/test_spec.py

@@ -723,6 +723,13 @@ def test_additional_properties_is_true(connector_spec, expectation):
             },
             False,
             False
+        ),
+        (
+            {
+                 "connectionSpecification": {"type": "object", "properties": {"credentials": {"oneOf": [{"type": "string", "const": "OAuth2.0"}]}}}
+            },
+            False,
+            False
         )
     ),
 )
@@ -773,7 +780,8 @@ def test_is_spec_property_name_secret(path, expected_name, expected_result):
         ({"type": "object", "properties": {"api_key": {}}}, False),
         ({"type": "array"}, True),
         # same as object
-        ({"type": "array", "items": {"type": "string"}}, False)
+        ({"type": "array", "items": {"type": "string"}}, False),
+        ({"type": "string", "const": "OAuth2.0"}, False)
     )
 )
 def test_property_can_store_secret(property_def, can_store_secret):