You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Blizzke (via GitHub)" <gi...@apache.org> on 2024/02/22 08:24:44 UTC

[I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]

Blizzke opened a new issue, #37611:
URL: https://github.com/apache/airflow/issues/37611

   ### Apache Airflow version
   
   2.8.1
   
   ### If "Other Airflow 2 version" selected, which one?
   
   _No response_
   
   ### What happened?
   
   When specifying a VAULT_CAPATH for self signed certificates, they [are correctly loaded](https://github.com/hvac/hvac/blob/main/hvac/v1/__init__.py#L128) by the HCP vault client, but because the AF  internal client pre-creates a session and passes that along, [the adapter throws that value away](https://github.com/hvac/hvac/blob/main/hvac/adapters.py#L97) in favor of the one from the session. 
   
   Since the internal client does not read those environment settings, and does nothing to "correctly" configure the session.verify, it is impossible to specify a certificate / a path to certificates to the vault client
   
   ### What you think should happen instead?
   
   Being able to control the verify behavior.
   
   ### How to reproduce
   
   Use a self signed certificate for your vault and try to specify it using the environment variables
   
   ### Operating System
   
   arch
   
   ### Versions of Apache Airflow Providers
   
   apache-airflow-providers-hashicorp==3.6.3
   
   
   ### Deployment
   
   Docker-Compose
   
   ### Deployment details
   
   _No response_
   
   ### Anything else?
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [ ] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]

Posted by "Blizzke (via GitHub)" <gi...@apache.org>.

Blizzke commented on issue #37611:
URL: https://github.com/apache/airflow/issues/37611#issuecomment-1959262702

   Sorry, this should've been a provider bug.
   Mea culpa.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]

Posted by "Blizzke (via GitHub)" <gi...@apache.org>.

Blizzke commented on issue #37611:
URL: https://github.com/apache/airflow/issues/37611#issuecomment-1961858208

   Not sure I get what you mean.
   I just encountered this problem first while I was trying to connect airflow to our vault (with self signed certs). 
   I encountered #37619 after I managed to work around this issue. 
   So they're related in a sense that they're problems with the same provider, but they don't have anything in common otherwise... 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]

Posted by "eladkal (via GitHub)" <gi...@apache.org>.

eladkal commented on issue #37611:
URL: https://github.com/apache/airflow/issues/37611#issuecomment-1961850606

   @Blizzke Is this report related to https://github.com/apache/airflow/issues/37619 ?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]

Posted by "eladkal (via GitHub)" <gi...@apache.org>.

eladkal commented on issue #37611:
URL: https://github.com/apache/airflow/issues/37611#issuecomment-1961999446

   @tungbq maybe you can look into this issue ?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]

Posted by "tungbq (via GitHub)" <gi...@apache.org>.

tungbq commented on issue #37611:
URL: https://github.com/apache/airflow/issues/37611#issuecomment-1981007757

   Hi @Blizzke thanks for catching and opening the issue. Could you please provide the detailed script/function you are using when specifying a VAULT_CAPATH and the error log you are facing? It would help me understand/debug the issue better. Thanks!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Hashicorp Vault: VAULT_CAPATH & VAULT_CACERT broken by pre-creating session to pass along [airflow]

Posted by "tungbq (via GitHub)" <gi...@apache.org>.

tungbq commented on issue #37611:
URL: https://github.com/apache/airflow/issues/37611#issuecomment-1968016358

   > @tungbq maybe you can look into this issue ?
   
   Sure, I will take a look


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org