fix: resolve secret references in nested pydantic model fields#41
Merged
Conversation
Addresses gap where secret: prefixed values in nested pydantic models (e.g., AuthSpec fields loaded from YAML) are not resolved. Separates general reference resolution mechanism from secrets domain. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
6 tasks: create resolve.py with recursive model tree walking, rewire call sites, delete secrets/resolve.py, integration tests, principles update, final verification. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
General-purpose reference resolution separated from secrets domain. resolve_references_in_dict handles nested dicts, resolve_references_in_model_tree handles pydantic model trees including frozen nested models via rebuild. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All three interception points now import from the general-purpose resolve module instead of the secrets-specific one. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Delete the old secrets-specific resolution module and its tests. Update secrets/__init__.py docstring to clarify scope. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Tests frozen AuthSpec (PasswordAuth) with secret: prefixed values loaded from YAML and from kwargs — both resolve correctly. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #41 +/- ##
===========================================
+ Coverage 96.90% 97.07% +0.16%
===========================================
Files 36 36
Lines 938 958 +20
Branches 123 130 +7
===========================================
+ Hits 909 930 +21
+ Misses 16 15 -1
Partials 13 13 ☔ View full report in Codecov by Sentry. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
secret:references in nested model fields (e.g.,AuthSpecsubclasses) loaded from YAML config filesresolve.py) from secrets domain (secrets/)resolve_secrets_in_dict→resolve_references_in_dict,resolve_secrets_on_instance→resolve_references_in_model_treeAuthSpec) via dict extraction + rebuild instead of in-place mutationTest plan
tests/unit/test_resolve.pycovering flat fields, nested models, frozen models, deep nesting, and no-rebuild optimizationtests/test_base_settings.pycovering frozenPasswordAuthwith secrets from YAML and from kwargssecrets.resolvemodule raisesModuleNotFoundErrorSecretsResolver, registry functions) unchanged🤖 Generated with Claude Code