You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Blizzke (via GitHub)" <gi...@apache.org> on 2024/02/22 08:24:44 UTC
[I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]
Blizzke opened a new issue, #37611:
URL: https://github.com/apache/airflow/issues/37611
### Apache Airflow version
2.8.1
### If "Other Airflow 2 version" selected, which one?
_No response_
### What happened?
When specifying a VAULT_CAPATH for self signed certificates, they [are correctly loaded](https://github.com/hvac/hvac/blob/main/hvac/v1/__init__.py#L128) by the HCP vault client, but because the AF internal client pre-creates a session and passes that along, [the adapter throws that value away](https://github.com/hvac/hvac/blob/main/hvac/adapters.py#L97) in favor of the one from the session.
Since the internal client does not read those environment settings, and does nothing to "correctly" configure the session.verify, it is impossible to specify a certificate / a path to certificates to the vault client
### What you think should happen instead?
Being able to control the verify behavior.
### How to reproduce
Use a self signed certificate for your vault and try to specify it using the environment variables
### Operating System
arch
### Versions of Apache Airflow Providers
apache-airflow-providers-hashicorp==3.6.3
### Deployment
Docker-Compose
### Deployment details
_No response_
### Anything else?
_No response_
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]
Posted by "Blizzke (via GitHub)" <gi...@apache.org>.
Blizzke commented on issue #37611:
URL: https://github.com/apache/airflow/issues/37611#issuecomment-1959262702
Sorry, this should've been a provider bug.
Mea culpa.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]
Posted by "Blizzke (via GitHub)" <gi...@apache.org>.
Blizzke commented on issue #37611:
URL: https://github.com/apache/airflow/issues/37611#issuecomment-1961858208
Not sure I get what you mean.
I just encountered this problem first while I was trying to connect airflow to our vault (with self signed certs).
I encountered #37619 after I managed to work around this issue.
So they're related in a sense that they're problems with the same provider, but they don't have anything in common otherwise...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]
Posted by "eladkal (via GitHub)" <gi...@apache.org>.
eladkal commented on issue #37611:
URL: https://github.com/apache/airflow/issues/37611#issuecomment-1961850606
@Blizzke Is this report related to https://github.com/apache/airflow/issues/37619 ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]
Posted by "eladkal (via GitHub)" <gi...@apache.org>.
eladkal commented on issue #37611:
URL: https://github.com/apache/airflow/issues/37611#issuecomment-1961999446
@tungbq maybe you can look into this issue ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]
Posted by "tungbq (via GitHub)" <gi...@apache.org>.
tungbq commented on issue #37611:
URL: https://github.com/apache/airflow/issues/37611#issuecomment-1981007757
Hi @Blizzke thanks for catching and opening the issue. Could you please provide the detailed script/function you are using when specifying a VAULT_CAPATH and the error log you are facing? It would help me understand/debug the issue better. Thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]
Posted by "tungbq (via GitHub)" <gi...@apache.org>.
tungbq commented on issue #37611:
URL: https://github.com/apache/airflow/issues/37611#issuecomment-1968016358
> @tungbq maybe you can look into this issue ?
Sure, I will take a look
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org