Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explicitly passing raise_on_deleted_version=True to read_secret_version in Hashicorp operator #36532

Merged
merged 3 commits into from
Jan 10, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions airflow/providers/hashicorp/_internal_client/vault_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -373,7 +373,10 @@ def get_secret(self, secret_path: str, secret_version: int | None = None) -> dic
response = self.client.secrets.kv.v1.read_secret(path=secret_path, mount_point=mount_point)
else:
response = self.client.secrets.kv.v2.read_secret_version(
path=secret_path, mount_point=mount_point, version=secret_version
path=secret_path,
mount_point=mount_point,
version=secret_version,
raise_on_deleted_version=True,
)
except InvalidPath:
self.log.debug("Secret not found %s with mount point %s", secret_path, mount_point)
Expand Down Expand Up @@ -422,7 +425,10 @@ def get_secret_including_metadata(
try:
mount_point, secret_path = self._parse_secret_path(secret_path)
return self.client.secrets.kv.v2.read_secret_version(
path=secret_path, mount_point=mount_point, version=secret_version
path=secret_path,
mount_point=mount_point,
version=secret_version,
raise_on_deleted_version=True,
)
except InvalidPath:
self.log.debug(
Expand Down
2 changes: 1 addition & 1 deletion airflow/providers/hashicorp/provider.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ versions:

dependencies:
- apache-airflow>=2.6.0
- hvac>=0.10
- hvac>=1.1.0

integrations:
- integration-name: Hashicorp Vault
Expand Down
2 changes: 1 addition & 1 deletion generated/provider_dependencies.json
Original file line number Diff line number Diff line change
Expand Up @@ -546,7 +546,7 @@
"hashicorp": {
"deps": [
"apache-airflow>=2.6.0",
"hvac>=0.10"
"hvac>=1.1.0"
],
"cross-providers-deps": [
"google"
Expand Down
12 changes: 6 additions & 6 deletions tests/providers/hashicorp/_internal_client/test_vault_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -641,7 +641,7 @@ def test_get_non_existing_key_v2(self, mock_hvac):
secret = vault_client.get_secret(secret_path="missing")
assert secret is None
mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
mount_point="secret", path="missing", version=None
mount_point="secret", path="missing", version=None, raise_on_deleted_version=True
)

@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
Expand All @@ -661,7 +661,7 @@ def test_get_non_existing_key_v2_different_auth(self, mock_hvac):
assert secret is None
assert "secret" == vault_client.mount_point
mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
mount_point="secret", path="missing", version=None
mount_point="secret", path="missing", version=None, raise_on_deleted_version=True
)

@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
Expand Down Expand Up @@ -716,7 +716,7 @@ def test_get_existing_key_v2(self, mock_hvac):
secret = vault_client.get_secret(secret_path="path/to/secret")
assert {"secret_key": "secret_value"} == secret
mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
mount_point="secret", path="path/to/secret", version=None
mount_point="secret", path="path/to/secret", version=None, raise_on_deleted_version=True
)

@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
Expand Down Expand Up @@ -754,7 +754,7 @@ def test_get_existing_key_v2_without_preconfigured_mount_point(self, mock_hvac):
secret = vault_client.get_secret(secret_path="mount_point/path/to/secret")
assert {"secret_key": "secret_value"} == secret
mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
mount_point="mount_point", path="path/to/secret", version=None
mount_point="mount_point", path="path/to/secret", version=None, raise_on_deleted_version=True
)

@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
Expand Down Expand Up @@ -791,7 +791,7 @@ def test_get_existing_key_v2_version(self, mock_hvac):
secret = vault_client.get_secret(secret_path="missing", secret_version=1)
assert {"secret_key": "secret_value"} == secret
mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
mount_point="secret", path="missing", version=1
mount_point="secret", path="missing", version=1, raise_on_deleted_version=True
)

@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
Expand Down Expand Up @@ -1015,7 +1015,7 @@ def test_get_secret_including_metadata_v2(self, mock_hvac):
"auth": None,
} == metadata
mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
mount_point="secret", path="missing", version=None
mount_point="secret", path="missing", version=None, raise_on_deleted_version=True
)

@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
Expand Down
6 changes: 3 additions & 3 deletions tests/providers/hashicorp/hooks/test_vault.py
Original file line number Diff line number Diff line change
Expand Up @@ -1005,7 +1005,7 @@ def test_get_existing_key_v2(self, mock_hvac, mock_get_connection):
secret = test_hook.get_secret(secret_path="missing")
assert {"secret_key": "secret_value"} == secret
mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
mount_point="secret", path="missing", version=None
mount_point="secret", path="missing", version=None, raise_on_deleted_version=True
)

@mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection")
Expand Down Expand Up @@ -1044,7 +1044,7 @@ def test_get_existing_key_v2_version(self, mock_hvac, mock_get_connection):
secret = test_hook.get_secret(secret_path="missing", secret_version=1)
assert {"secret_key": "secret_value"} == secret
mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
mount_point="secret", path="missing", version=1
mount_point="secret", path="missing", version=1, raise_on_deleted_version=True
)

@mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection")
Expand Down Expand Up @@ -1189,7 +1189,7 @@ def test_get_secret_including_metadata_v2(self, mock_hvac, mock_get_connection):
"auth": None,
} == metadata
mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
mount_point="secret", path="missing", version=None
mount_point="secret", path="missing", version=None, raise_on_deleted_version=True
)

@mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection")
Expand Down
4 changes: 2 additions & 2 deletions tests/providers/hashicorp/secrets/test_vault.py
Original file line number Diff line number Diff line change
Expand Up @@ -302,7 +302,7 @@ def test_get_conn_uri_non_existent_key(self, mock_hvac):
test_client = VaultBackend(**kwargs)
assert test_client.get_conn_uri(conn_id="test_mysql") is None
mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
mount_point="airflow", path="connections/test_mysql", version=None
mount_point="airflow", path="connections/test_mysql", version=None, raise_on_deleted_version=True
)
assert test_client.get_connection(conn_id="test_mysql") is None

Expand Down Expand Up @@ -454,7 +454,7 @@ def test_get_variable_value_non_existent_key(self, mock_hvac):
test_client = VaultBackend(**kwargs)
assert test_client.get_variable("hello") is None
mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
mount_point="airflow", path="variables/hello", version=None
mount_point="airflow", path="variables/hello", version=None, raise_on_deleted_version=True
)
assert test_client.get_variable("hello") is None

Expand Down