You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/11/24 08:01:15 UTC
[GitHub] [airflow] dlampa commented on issue #17500: Incorrect implementation of GCP auth type in VaultBackend?
dlampa commented on issue #17500:
URL: https://github.com/apache/airflow/issues/17500#issuecomment-977622724
Unfortunately I ran into this very issue trying to configure Vault as secrets backend using GCP Auth. The "credentials" returned by the `/auth/gcp/config` call cannot be serialized into JSON , triggering the following:
```
[2021-11-24 07:45:00,858] {taskinstance.py:1463} ERROR - Task failed with exception
Traceback (most recent call last):
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/models/taskinstance.py", line 1165, in _run_raw_task
self._prepare_and_execute_task_with_callbacks(context, task)
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/models/taskinstance.py", line 1283, in _prepare_and_execute_task_with_callbacks
result = self._execute_task(context, task_copy)
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/models/taskinstance.py", line 1313, in _execute_task
result = task_copy.execute(context=context)
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/operators/python.py", line 150, in execute
return_value = self.execute_callable()
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/operators/python.py", line 161, in execute_callable
return self.python_callable(*self.op_args, **self.op_kwargs)
File "/opt/airflow/dags/fa43208e955dbded1f92788fdabc5945cc1cabfb/vault_test.py", line 8, in get_secrets
conn = BaseHook.get_connection(kwargs['my_conn_id'])
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/hooks/base.py", line 68, in get_connection
conn = Connection.get_connection_from_secrets(conn_id)
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/models/connection.py", line 376, in get_connection_from_secrets
conn = secrets_backend.get_connection(conn_id=conn_id)
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/secrets/vault.py", line 226, in get_connection
response = self.get_response(conn_id)
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/secrets/vault.py", line 193, in get_response
return self.vault_client.get_secret(secret_path=secret_path)
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/_internal_client/vault_client.py", line 375, in get_secret
response = self.client.secrets.kv.v2.read_secret_version(
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/_internal_client/vault_client.py", line 205, in client
if not self._client.is_authenticated():
File "/usr/local/lib/python3.8/functools.py", line 967, in __get__
val = self.func(instance)
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/_internal_client/vault_client.py", line 228, in _client
self._auth_gcp(_client)
File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/_internal_client/vault_client.py", line 307, in _auth_gcp
_client.auth.gcp.configure(credentials=credentials)
File "/home/airflow/.local/lib/python3.8/site-packages/hvac/api/auth_methods/gcp.py", line 59, in configure
return self._adapter.post(
File "/home/airflow/.local/lib/python3.8/site-packages/hvac/adapters.py", line 121, in post
return self.request("post", url, **kwargs)
File "/home/airflow/.local/lib/python3.8/site-packages/hvac/adapters.py", line 356, in request
response = super(JSONAdapter, self).request(*args, **kwargs)
File "/home/airflow/.local/lib/python3.8/site-packages/hvac/adapters.py", line 305, in request
response = self.session.request(
File "/home/airflow/.local/lib/python3.8/site-packages/requests/sessions.py", line 528, in request
prep = self.prepare_request(req)
File "/home/airflow/.local/lib/python3.8/site-packages/requests/sessions.py", line 456, in prepare_request
p.prepare(
File "/home/airflow/.local/lib/python3.8/site-packages/requests/models.py", line 319, in prepare
self.prepare_body(data, files, json)
File "/home/airflow/.local/lib/python3.8/site-packages/requests/models.py", line 471, in prepare_body
body = complexjson.dumps(json, allow_nan=False)
File "/usr/local/lib/python3.8/json/__init__.py", line 234, in dumps
return cls(
File "/usr/local/lib/python3.8/json/encoder.py", line 199, in encode
chunks = self.iterencode(o, _one_shot=True)
File "/usr/local/lib/python3.8/json/encoder.py", line 257, in iterencode
return _iterencode(o, 0)
File "/usr/local/lib/python3.8/json/encoder.py", line 179, in default
raise TypeError(f'Object of type {o.__class__.__name__} '
TypeError: Object of type Credentials is not JSON serializable
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org