You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by po...@apache.org on 2021/06/12 21:00:35 UTC

[airflow] branch main updated: Sanitize end of line character when loading token from a file (vault) (#16407)

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 70cfe01  Sanitize end of line character when loading token from a file (vault) (#16407)
70cfe01 is described below

commit 70cfe0135373d1f0400e7d9b275ebb017429794b
Author: mmenarguezpear <61...@users.noreply.github.com>
AuthorDate: Sat Jun 12 23:00:06 2021 +0200

    Sanitize end of line character when loading token from a file (vault) (#16407)
    
    This commit addresses https://github.com/apache/airflow/issues/16406
---
 .../providers/hashicorp/_internal_client/vault_client.py |  4 ++--
 .../hashicorp/_internal_client/test_vault_client.py      | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/airflow/providers/hashicorp/_internal_client/vault_client.py b/airflow/providers/hashicorp/_internal_client/vault_client.py
index 5b6d8de..7abe54d 100644
--- a/airflow/providers/hashicorp/_internal_client/vault_client.py
+++ b/airflow/providers/hashicorp/_internal_client/vault_client.py
@@ -262,7 +262,7 @@ class _VaultClient(LoggingMixin):  # pylint: disable=too-many-instance-attribute
         if not self.kubernetes_jwt_path:
             raise VaultError("The kubernetes_jwt_path should be set here. This should not happen.")
         with open(self.kubernetes_jwt_path) as f:
-            jwt = f.read()
+            jwt = f.read().strip()
             if self.auth_mount_point:
                 _client.auth_kubernetes(role=self.kubernetes_role, jwt=jwt, mount_point=self.auth_mount_point)
             else:
@@ -328,7 +328,7 @@ class _VaultClient(LoggingMixin):  # pylint: disable=too-many-instance-attribute
     def _set_token(self, _client: hvac.Client) -> None:
         if self.token_path:
             with open(self.token_path) as f:
-                _client.token = f.read()
+                _client.token = f.read().strip()
         else:
             _client.token = self.token
 
diff --git a/tests/providers/hashicorp/_internal_client/test_vault_client.py b/tests/providers/hashicorp/_internal_client/test_vault_client.py
index 6b7d4aa..3df03dc 100644
--- a/tests/providers/hashicorp/_internal_client/test_vault_client.py
+++ b/tests/providers/hashicorp/_internal_client/test_vault_client.py
@@ -512,6 +512,22 @@ class TestVaultClient(TestCase):
         assert "secret" == vault_client.mount_point
 
     @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
+    def test_token_path_strip(self, mock_hvac):
+        mock_client = mock.MagicMock()
+        mock_hvac.Client.return_value = mock_client
+        with open('/tmp/test_token.txt', 'w+') as the_file:
+            the_file.write('  s.7AU0I51yv1Q1lxOIg1F3ZRAS\n')
+        vault_client = _VaultClient(
+            auth_type="token", token_path="/tmp/test_token.txt", url="http://localhost:8180"
+        )
+        client = vault_client.client
+        mock_hvac.Client.assert_called_with(url='http://localhost:8180')
+        client.is_authenticated.assert_called_with()
+        assert "s.7AU0I51yv1Q1lxOIg1F3ZRAS" == client.token
+        assert 2 == vault_client.kv_engine_version
+        assert "secret" == vault_client.mount_point
+
+    @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
     def test_default_auth_type(self, mock_hvac):
         mock_client = mock.MagicMock()
         mock_hvac.Client.return_value = mock_client