You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/11/24 08:01:15 UTC

[GitHub] [airflow] dlampa commented on issue #17500: Incorrect implementation of GCP auth type in VaultBackend?

dlampa commented on issue #17500:
URL: https://github.com/apache/airflow/issues/17500#issuecomment-977622724


   Unfortunately I ran into this very issue trying to configure Vault as secrets backend using GCP Auth. The "credentials" returned by the `/auth/gcp/config` call cannot be serialized into JSON , triggering the following:
   
   ```
   [2021-11-24 07:45:00,858] {taskinstance.py:1463} ERROR - Task failed with exception
   Traceback (most recent call last):
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/models/taskinstance.py", line 1165, in _run_raw_task
       self._prepare_and_execute_task_with_callbacks(context, task)
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/models/taskinstance.py", line 1283, in _prepare_and_execute_task_with_callbacks
       result = self._execute_task(context, task_copy)
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/models/taskinstance.py", line 1313, in _execute_task
       result = task_copy.execute(context=context)
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/operators/python.py", line 150, in execute
       return_value = self.execute_callable()
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/operators/python.py", line 161, in execute_callable
       return self.python_callable(*self.op_args, **self.op_kwargs)
     File "/opt/airflow/dags/fa43208e955dbded1f92788fdabc5945cc1cabfb/vault_test.py", line 8, in get_secrets
       conn = BaseHook.get_connection(kwargs['my_conn_id'])
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/hooks/base.py", line 68, in get_connection
       conn = Connection.get_connection_from_secrets(conn_id)
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/models/connection.py", line 376, in get_connection_from_secrets
       conn = secrets_backend.get_connection(conn_id=conn_id)
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/secrets/vault.py", line 226, in get_connection
       response = self.get_response(conn_id)
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/secrets/vault.py", line 193, in get_response
       return self.vault_client.get_secret(secret_path=secret_path)
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/_internal_client/vault_client.py", line 375, in get_secret
       response = self.client.secrets.kv.v2.read_secret_version(
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/_internal_client/vault_client.py", line 205, in client
       if not self._client.is_authenticated():
     File "/usr/local/lib/python3.8/functools.py", line 967, in __get__
       val = self.func(instance)
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/_internal_client/vault_client.py", line 228, in _client
       self._auth_gcp(_client)
     File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/_internal_client/vault_client.py", line 307, in _auth_gcp
       _client.auth.gcp.configure(credentials=credentials)
     File "/home/airflow/.local/lib/python3.8/site-packages/hvac/api/auth_methods/gcp.py", line 59, in configure
       return self._adapter.post(
     File "/home/airflow/.local/lib/python3.8/site-packages/hvac/adapters.py", line 121, in post
       return self.request("post", url, **kwargs)
     File "/home/airflow/.local/lib/python3.8/site-packages/hvac/adapters.py", line 356, in request
       response = super(JSONAdapter, self).request(*args, **kwargs)
     File "/home/airflow/.local/lib/python3.8/site-packages/hvac/adapters.py", line 305, in request
       response = self.session.request(
     File "/home/airflow/.local/lib/python3.8/site-packages/requests/sessions.py", line 528, in request
       prep = self.prepare_request(req)
     File "/home/airflow/.local/lib/python3.8/site-packages/requests/sessions.py", line 456, in prepare_request
       p.prepare(
     File "/home/airflow/.local/lib/python3.8/site-packages/requests/models.py", line 319, in prepare
       self.prepare_body(data, files, json)
     File "/home/airflow/.local/lib/python3.8/site-packages/requests/models.py", line 471, in prepare_body
       body = complexjson.dumps(json, allow_nan=False)
     File "/usr/local/lib/python3.8/json/__init__.py", line 234, in dumps
       return cls(
     File "/usr/local/lib/python3.8/json/encoder.py", line 199, in encode
       chunks = self.iterencode(o, _one_shot=True)
     File "/usr/local/lib/python3.8/json/encoder.py", line 257, in iterencode
       return _iterencode(o, 0)
     File "/usr/local/lib/python3.8/json/encoder.py", line 179, in default
       raise TypeError(f'Object of type {o.__class__.__name__} '
   TypeError: Object of type Credentials is not JSON serializable
   
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org