You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/08/06 10:52:02 UTC

[GitHub] [airflow] JavierLopezT commented on pull request #9008: Get connections uri with AWS Secrets Manager backend

JavierLopezT commented on pull request #9008:
URL: https://github.com/apache/airflow/pull/9008#issuecomment-669857264


   > The way this is implemented is far to specialized, and hacky.
   > 
   > They way I would expect this to work:
   > 
   > * We first try to get the named secret -- if that finds a valid secret then we use the existing conn_uri approach; otherwise
   > * We list secrets under the named path (i.e. `List("/airflow/connections/my_conn_id")` and then we fetch each of those secrets, feeding them in to a `Connection()` call in some manner.
   > 
   > This way we an support arbitrary extra parameters, i.e. the all the extra params for a Connection too, and we don't ever need to use `ast`.
   > 
   > Probably something like: if the name is not one of conn_type, host, login, password, schema, or port, extra then it gets fed in to the extra dict. (That way you can specify extra fields individually in Secrets Manager without having to manage a JSON value.)
   
   Thanks for your answer ash. Sorry, I am not sure I am following you. I am a bit lost with your proposition of functionality. Could you be more specific using this example of how I use AWS Secrets Manager in my company, please?
   ![Captura de pantalla 2020-08-06 a las 12 45 13](https://user-images.githubusercontent.com/11339132/89523210-c96a7780-d7e2-11ea-95f9-5ebfca3879db.png)
   
   In the picture, there are three secrets, and within each of them, there are secret keys (pass, user, api_key.. whatever) with its corresponding secret values.
   
   I do understand what you say about removing the ast, and I think it's a very good idea, thank you for your suggestion. 
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org