Source TikTok Marketing : Access token is null #14299

[alexandr-shegeda]

What

After recent changes introduced in this PR logic related to path recalculation for JSON nodes we faced an issue for connectors that contain oneOf elements that have the same field names. So, for described case getSortedSecretPaths() returned duplicates, which lead to incorrect postprocessing during secret replacement.

How

Made getSortedSecretPaths() return a unique values.

Recommended reading order

1. SecretsHelpers.java

🚨 User Impact 🚨

Without these changes, users are not able to configure a proper connection using multiple auth options on spec.

Pre-merge Checklist

Updating a connector

Airbyter

If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.

• Create a non-forked branch based on this PR and test the below items on it
• Build is successful
• If new credentials are required for use in CI, add them to GSM. Instructions.
• /test connector=connectors/<name> command is passing
• New Connector version released on Dockerhub and connector version bumped by running the /publish command described here

Tests

Unit

Before fix:

After fix:

Integration

Put your integration tests output here.

Acceptance

Put your acceptance tests output here.

[grishick]

because this change affects many connectors, please test that it does not break any GA and Beta connectors and also verify that it does not break jobs after a user upgrades to a platform version

[sherifnada]

can you add a unit test for this?

[alexandr-shegeda]

added unit tests. will attach screenshots with failed tests without this change

[cgardens]

can you add in the javadoc comment that it will not return duplicates?

[alexandr-shegeda]

added javadoc

[kimerinn]

TikTok works well

[kimerinn]

BigQuery also

[kimerinn]

GitHub

[cgardens]

We need tests here that show the problem and then how this fixes it.

[alexandr-shegeda]

We need tests here that show the problem and then how this fixes it.

hi @cgardens, I have added unit tests for the described case, and also updated the description with failed unit tests without the fix.

[cgardens]

thanks! the test is great.

can you point to what line of code causes things to work in an unexpected way when there are duplicates? this is still not intuitive to me, and i want to understand where the brittleness is coming from.

[cgardens]

can you add in the javadoc comment that it will not return duplicates?

[alexandr-shegeda]

thanks! the test is great.

can you point to what line of code causes things to work in an unexpected way when there are duplicates? this is still not intuitive to me, and i want to understand where the brittleness is coming from.

@cgardens in case SecretsHelpers#getSortedSecretPaths return duplicate path
then inside of SecretsHelpers#internalSplitAndUpdateConfig we will replace incoming config value with the secret, and then after the second run of method JsonPaths.replaceAt()
it will not find a value of the original field, because it was replaced with {"_secret" : "..."}, so we will just erase the secret value as it showed on this screenshot

[supertopher]

Based on local testing and my understanding of the problem space this looks good to go.

Tik Tok access token are broken so we hope to see a more different error here.

[cgardens]

Thank, @alexandr-shegeda ! That explanation makes sense to me too. I think we are good to go on this.

[benmoriceau]

thanks! the test is great.

can you point to what line of code causes things to work in an unexpected way when there are duplicates? this is still not intuitive to me, and i want to understand where the brittleness is coming from.

@cgardens The issue is because this duplicated are secrets. Here is what happens:

• We have 2 paths for the secret that are deplicated (because they are in a oneOf)
• For each path we will try to sanitize the config in order to hide the secret and store in the secret manager
• The first one works well, store the secret in the secret store and replace the value by a coordiante
• The second on can read the secret value because it has been replace by a coordinate but doesn't error out and replace the first coordinate by a new coordinate.
• Then when we try to retrieve the secret value, it is invalid.
  Does it makes sense?

Edit: Sorry I didn't saw that the explaination was post already

[supertopher]

triple approve?