Reworke AttrDict for st.secrets to explicitly disallow item and attribute assignment #5621
Conversation
… for python3.7 consistency
lib/streamlit/runtime/secrets.py
Outdated
| except KeyError: | ||
| raise AttributeError(_missing_attr_error_message(attr_name)) | ||
|
|
||
| def __setitem__(self, key, value): |
There was a problem hiding this comment.
nit: I don't think we need to overwrite __setitem__ and __setattr__ since it's not required by mapping and it will return the same error anyways. Or did you do it here to adapt the error message?
There was a problem hiding this comment.
Correct, I did that to keep exceptions similar to high-level Secrets object, to not show internal machinery (expose AttrDict) to the final user.
There was a problem hiding this comment.
ahh, ok that makes sense. But maybe one aspect to think about: if we add those methods, typing checks will think that they actually exist. So there might be a slight benefit of not adding those, to allow type/linters to directly show it as an error.
There was a problem hiding this comment.
hm, my checks show that with or without __setattr__ or __setitem__ neither PyCharm nor mypy does complain about an attempt to assign to attribute or item. Only pyright complains about __setitem__ missing during item assignment.
But without having methods above, user could write something like this
x = st.secrets.servers.alpha
x.some_ip = "7.7.7.7"
st.write(x.some_ip)Which will not work in case __setattrs__ explicitly raise an exception.
Anyway, I explicitly added NoReturn return type to the methods https://peps.python.org/pep-0484/#the-noreturn-type to explicitly indicate that they should never return successfully. Let's hope some linters in the future will highlight warnings for this.
There was a problem hiding this comment.
Alright, sounds good :)
*More type tests added.
* develop: Add mypy fixes (streamlit#5662) Don't render stale st.snow and st.ballons elements (streamlit#5401) Fix unevaluated dataframe exception formatting (streamlit#5657) Update aboutDialog to check SessionInfo.isSet() before referring the instance (streamlit#5518) Replace assertEquals->assertEqual to silence deprecation warnings (streamlit#5648) Reworke AttrDict for st.secrets to explicitly disallow item and attribute assignment (streamlit#5621) Fix pydoc command for streamlit package (streamlit#5535) Temporarily have /st-allowed-message-origins double as a healthcheck (streamlit#5642) Fix Plotly Charts when exiting out of fullscreen (streamlit#5645) Flaky test e2e fixes (streamlit#5610)
📚 Context
Please describe the project or issue background here
We implement
AttrDictasMappinginstead of inheriting directly fromUserDictto prevent unwanted item or attribute assignments for instances ofAttrDict. Also, the goal is to be more specific about the types and protocols and keep it consistent with the Secret object itself.What kind of change does this PR introduce?
🧠 Description of Changes
Add bullet points summarizing your changes here
Revised:
Insert screenshot of your updated UI/code here
Current:
Insert screenshot of existing UI/code here
🧪 Testing Done
🌐 References
Does this depend on other work, documents, or tickets?
Contribution License Agreement
By submitting this pull request you agree that all contributions to this project are made under the Apache 2.0 license.