fix(config): make Swagger UI opt-in (off by default)#41300
Conversation
Code Review Agent Run #8bb57aActionable Suggestions - 0Filtered by Review RulesBito filtered these suggestions based on rules created automatically for your feedback. Manage rules.
Review Details
Bito Usage GuideCommands Type the following command in the pull request comment and save the comment.
Refer to the documentation for additional commands. Configuration This repository uses Documentation & Help AI Code Review powered by |
![codeant-ai-for-open-source[bot]](https://avatars.githubusercontent.com/u/151810221?s=60&v=4){kind=small}
|
The suggestion to add type annotations to the new test function is correct, as it improves code maintainability and adheres to the project's typing standards. You can resolve this by updating the function signature in from typing import Any
@pytest.mark.parametrize(
"env_value, expected",
[
(None, False),
("true", True),
("True", True),
("false", False),
("", False),
],
)
def test_fab_api_swagger_ui_is_env_driven_and_off_by_default(
monkeypatch: pytest.MonkeyPatch, env_value: str | None, expected: bool
) -> None:There are no other comments on this pull request to address. Would you like me to assist with anything else? tests/unit_tests/config_swagger_ui_test.py |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #41300 +/- ##
=======================================
Coverage 64.35% 64.35%
=======================================
Files 2653 2653
Lines 144952 144952
Branches 33433 33433
=======================================
Hits 93288 93288
Misses 49978 49978
Partials 1686 1686
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
FAB_API_SWAGGER_UI was hardcoded to True in the base config, so the interactive Swagger UI / OpenAPI spec endpoints were exposed by default in every deployment that inherits it. Make it environment-driven and default it off so the API documentation surface is opt-in. Enable via SUPERSET_ENABLE_SWAGGER_UI=true (set in the Docker development env so local DX is unchanged) or by overriding FAB_API_SWAGGER_UI in superset_config.py. Adds a unit test for the env-driven default and documents the change in UPDATING.md. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
rusackas
force-pushed
the
fix/swagger-ui-opt-in
branch
from
ceceb0e to
f392207
Compare
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…onfig The previous unit test reloaded superset.config in-process, mutating the shared config module and cascading failures into unrelated unit tests. Evaluate the env-driven default in a fresh subprocess instead, so no global state is mutated. Also enable FAB_API_SWAGGER_UI in the integration test config so the /api/v1/_openapi spec endpoint remains available to the OpenAPI-spec tests now that Swagger is opt-in (off) by default. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
test_csrf_exempt_blueprints expects the OpenApi blueprint in the exempt set, but it is only registered when FAB_API_SWAGGER_UI is enabled — now opt-in (off by default). Enable it in the test's app config so the OpenApi blueprint is registered; the test exercises CSRF exemption, not the Swagger default. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Add docstrings to the helper and test, strip config-path env vars from the subprocess, and read only the final stdout line so banner output from local config loading can't taint the result. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Code Review Agent Run #0bfe32Actionable Suggestions - 0Review Details
Bito Usage GuideCommands Type the following command in the pull request comment and save the comment.
Refer to the documentation for additional commands. Configuration This repository uses Documentation & Help AI Code Review powered by |
2 participants
SUMMARY
FAB_API_SWAGGER_UIwas hardcoded toTruein the base configuration, so Flask-AppBuilder registered the interactive Swagger UI and OpenAPI spec endpoints (e.g./swagger/v1) by default in every deployment that inherits the base config.This makes the documentation surface opt-in:
FAB_API_SWAGGER_UIis now driven by theSUPERSET_ENABLE_SWAGGER_UIenvironment variable and defaults to off. The bundled Docker development environment setsSUPERSET_ENABLE_SWAGGER_UI=true, so local development behavior is unchanged; production deployments are documentation-off by default and can opt in via the env var or by overridingFAB_API_SWAGGER_UIinsuperset_config.py.BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
N/A — configuration default change.
TESTING INSTRUCTIONS
Unit test added in
tests/unit_tests/config_swagger_ui_test.pyasserting the env-driven default (off when unset, on whenSUPERSET_ENABLE_SWAGGER_UI=true).Run:
pytest tests/unit_tests/config_swagger_ui_test.pyManual: with the env var unset,
/swagger/v1is not registered; withSUPERSET_ENABLE_SWAGGER_UI=trueit is.ADDITIONAL INFORMATION