From 4f9e646b4ce2ce2a1fc8d62fed94f84954b1001d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joakim=20S=C3=B8rensen?= <joasoe@gmail.com>
Date: Mon, 14 Jun 2021 11:33:53 +0200
Subject: [PATCH] Fix addon_pwned enabled setter (#2952)

* Fix addon_pwned enabled setter

* whatever

* adjust
---
 supervisor/resolution/checks/addon_pwned.py      | 13 ++++++-------
 tests/resolution/check/test_check_addon_pwned.py | 16 ++++++++++++++++
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/supervisor/resolution/checks/addon_pwned.py b/supervisor/resolution/checks/addon_pwned.py
index 40856c4a9..9d69b30e0 100644
--- a/supervisor/resolution/checks/addon_pwned.py
+++ b/supervisor/resolution/checks/addon_pwned.py
@@ -1,5 +1,6 @@
 """Helpers to check core security."""
 from datetime import timedelta
+import logging
 from typing import List, Optional
 
 from ...const import AddonState, CoreState
@@ -10,6 +11,8 @@ from ...jobs.decorator import Job
 from ..const import ContextType, IssueType, SuggestionType
 from .base import CheckBase
 
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
 
 def setup(coresys: CoreSys) -> CheckBase:
     """Check setup function."""
@@ -19,13 +22,6 @@ def setup(coresys: CoreSys) -> CheckBase:
 class CheckAddonPwned(CheckBase):
     """CheckAddonPwned class for check."""
 
-    @property
-    def enabled(self) -> bool:
-        """Return True if the check is enabled."""
-        if not self.sys_security.pwned:
-            return False
-        return super().enabled
-
     @Job(
         conditions=[JobCondition.INTERNET_SYSTEM],
         limit=JobExecutionLimit.THROTTLE,
@@ -33,6 +29,9 @@ class CheckAddonPwned(CheckBase):
     )
     async def run_check(self) -> None:
         """Run check if not affected by issue."""
+        if not self.sys_security.pwned:
+            _LOGGER.warning("Skipping %s, pwned is globally disabled", self.slug)
+            return
         await self.sys_homeassistant.secrets.reload()
 
         for addon in self.sys_addons.installed:
diff --git a/tests/resolution/check/test_check_addon_pwned.py b/tests/resolution/check/test_check_addon_pwned.py
index 49d1403d4..aff246cbe 100644
--- a/tests/resolution/check/test_check_addon_pwned.py
+++ b/tests/resolution/check/test_check_addon_pwned.py
@@ -77,6 +77,22 @@ async def test_approve(coresys: CoreSys):
     assert not await addon_pwned.approve_check(reference=addon.slug)
 
 
+async def test_with_global_disable(coresys: CoreSys, caplog):
+    """Test when pwned is globally disabled."""
+    coresys.security.pwned = False
+    addon_pwned = CheckAddonPwned(coresys)
+    coresys.core.state = CoreState.RUNNING
+
+    addon = TestAddon()
+    coresys.addons.local[addon.slug] = addon
+
+    assert len(coresys.resolution.issues) == 0
+    coresys.security.verify_secret = AsyncMock(side_effect=PwnedSecret)
+    await addon_pwned.run_check.__wrapped__(addon_pwned)
+    assert not coresys.security.verify_secret.called
+    assert "Skipping addon_pwned, pwned is globally disabled" in caplog.text
+
+
 async def test_did_run(coresys: CoreSys):
     """Test that the check ran as expected."""
     addon_pwned = CheckAddonPwned(coresys)