You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/05/23 09:43:36 UTC
[GitHub] [airflow] potiuk commented on a change in pull request #8974: Vault has now VaultHook not only SecretBackend
potiuk commented on a change in pull request #8974:
URL: https://github.com/apache/airflow/pull/8974#discussion_r429531712
##########
File path: airflow/providers/hashicorp/secrets/vault.py
##########
@@ -72,98 +68,90 @@ class VaultBackend(BaseSecretsBackend, LoggingMixin):
:type username: str
:param password: Password for Authentication (for ``ldap`` and ``userpass`` auth_type)
:type password: str
- :param role_id: Role ID for Authentication (for ``approle`` auth_type)
+ :param key_id: Key ID for Authentication (for ``aws_iam`` and ''azure`` auth_type)
+ :type key_id: str
+ :param secret_id: Secret ID for Authentication (for ``approle``, ``aws_iam`` and ``azure`` auth_types)
+ :type secret_id: str
:type role_id: str
+ :param secret_id: Secret ID for Authentication (for ``approle`` auth_type)
+ :type secret_id: str
:param kubernetes_role: Role for Authentication (for ``kubernetes`` auth_type)
:type kubernetes_role: str
- :param kubernetes_jwt_path: Path for kubernetes jwt token (for ``kubernetes`` auth_type, deafult:
+ :param kubernetes_jwt_path: Path for kubernetes jwt token (for ``kubernetes`` auth_type, default:
``/var/run/secrets/kubernetes.io/serviceaccount/token``)
:type kubernetes_jwt_path: str
- :param secret_id: Secret ID for Authentication (for ``approle`` auth_type)
- :type secret_id: str
:param gcp_key_path: Path to GCP Credential JSON file (for ``gcp`` auth_type)
+ Mutually exclusive with gcp_keyfile_dict
:type gcp_key_path: str
+ :param gcp_keyfile_dict: Dictionary of keyfile parameters. (for ``gcp`` auth_type).
+ Mutually exclusive with gcp_key_path
+ :type gcp_keyfile_dict: dict
:param gcp_scopes: Comma-separated string containing GCP scopes (for ``gcp`` auth_type)
:type gcp_scopes: str
+ :param azure_tenant_id: Tenant of azure (for ``azure`` auth_type)
+ :type azure_tenant_id: str
+ :param azure_resource: Resource if of azure (for ``azure`` auth_type)
+ :type azure_resource: str
+ :param radius_host: Host for radius (for ``radius`` auth_type)
+ :type radius_host: str
+ :param radius_secret: Secret for radius (for ``radius`` auth_type)
+ :type radius_secret: str
+ :param radius_port: Port for radius (for ``radius`` auth_type)
+ :type radius_port: str
"""
def __init__( # pylint: disable=too-many-arguments
self,
connections_path: str = 'connections',
variables_path: str = 'variables',
url: Optional[str] = None,
auth_type: str = 'token',
- mount_point: str = 'secret',
+ mount_point: Optional[str] = None,
kv_engine_version: int = 2,
token: Optional[str] = None,
username: Optional[str] = None,
password: Optional[str] = None,
+ key_id: Optional[str] = None,
+ secret_id: Optional[str] = None,
role_id: Optional[str] = None,
kubernetes_role: Optional[str] = None,
kubernetes_jwt_path: str = '/var/run/secrets/kubernetes.io/serviceaccount/token',
- secret_id: Optional[str] = None,
gcp_key_path: Optional[str] = None,
+ gcp_keyfile_dict=None,
gcp_scopes: Optional[str] = None,
+ azure_tenant_id: Optional[str] = None,
+ azure_resource: Optional[str] = None,
+ radius_host: Optional[str] = None,
+ radius_secret: Optional[str] = None,
+ radius_port: Optional[int] = None,
**kwargs
):
super().__init__(**kwargs)
self.connections_path = connections_path.rstrip('/')
self.variables_path = variables_path.rstrip('/')
- self.url = url
- self.auth_type = auth_type
- self.kwargs = kwargs
- self.token = token
- self.username = username
- self.password = password
- self.role_id = role_id
- self.kubernetes_role = kubernetes_role
- self.kubernetes_jwt_path = kubernetes_jwt_path
- self.secret_id = secret_id
self.mount_point = mount_point
self.kv_engine_version = kv_engine_version
- self.gcp_key_path = gcp_key_path
- self.gcp_scopes = gcp_scopes
-
- @cached_property
- def client(self) -> hvac.Client:
- """
- Return an authenticated Hashicorp Vault client
- """
-
- _client = hvac.Client(url=self.url, **self.kwargs)
Review comment:
Good point.
##########
File path: airflow/providers/hashicorp/secrets/vault.py
##########
@@ -72,98 +68,90 @@ class VaultBackend(BaseSecretsBackend, LoggingMixin):
:type username: str
:param password: Password for Authentication (for ``ldap`` and ``userpass`` auth_type)
:type password: str
- :param role_id: Role ID for Authentication (for ``approle`` auth_type)
+ :param key_id: Key ID for Authentication (for ``aws_iam`` and ''azure`` auth_type)
+ :type key_id: str
+ :param secret_id: Secret ID for Authentication (for ``approle``, ``aws_iam`` and ``azure`` auth_types)
+ :type secret_id: str
:type role_id: str
+ :param secret_id: Secret ID for Authentication (for ``approle`` auth_type)
+ :type secret_id: str
:param kubernetes_role: Role for Authentication (for ``kubernetes`` auth_type)
:type kubernetes_role: str
- :param kubernetes_jwt_path: Path for kubernetes jwt token (for ``kubernetes`` auth_type, deafult:
+ :param kubernetes_jwt_path: Path for kubernetes jwt token (for ``kubernetes`` auth_type, default:
``/var/run/secrets/kubernetes.io/serviceaccount/token``)
:type kubernetes_jwt_path: str
- :param secret_id: Secret ID for Authentication (for ``approle`` auth_type)
- :type secret_id: str
:param gcp_key_path: Path to GCP Credential JSON file (for ``gcp`` auth_type)
+ Mutually exclusive with gcp_keyfile_dict
:type gcp_key_path: str
+ :param gcp_keyfile_dict: Dictionary of keyfile parameters. (for ``gcp`` auth_type).
+ Mutually exclusive with gcp_key_path
+ :type gcp_keyfile_dict: dict
:param gcp_scopes: Comma-separated string containing GCP scopes (for ``gcp`` auth_type)
:type gcp_scopes: str
+ :param azure_tenant_id: Tenant of azure (for ``azure`` auth_type)
+ :type azure_tenant_id: str
+ :param azure_resource: Resource if of azure (for ``azure`` auth_type)
+ :type azure_resource: str
+ :param radius_host: Host for radius (for ``radius`` auth_type)
+ :type radius_host: str
+ :param radius_secret: Secret for radius (for ``radius`` auth_type)
+ :type radius_secret: str
+ :param radius_port: Port for radius (for ``radius`` auth_type)
+ :type radius_port: str
"""
def __init__( # pylint: disable=too-many-arguments
self,
connections_path: str = 'connections',
variables_path: str = 'variables',
url: Optional[str] = None,
auth_type: str = 'token',
- mount_point: str = 'secret',
+ mount_point: Optional[str] = None,
kv_engine_version: int = 2,
token: Optional[str] = None,
username: Optional[str] = None,
password: Optional[str] = None,
+ key_id: Optional[str] = None,
+ secret_id: Optional[str] = None,
role_id: Optional[str] = None,
kubernetes_role: Optional[str] = None,
kubernetes_jwt_path: str = '/var/run/secrets/kubernetes.io/serviceaccount/token',
- secret_id: Optional[str] = None,
gcp_key_path: Optional[str] = None,
+ gcp_keyfile_dict=None,
Review comment:
Corrected
##########
File path: airflow/providers/hashicorp/secrets/vault.py
##########
@@ -72,98 +68,90 @@ class VaultBackend(BaseSecretsBackend, LoggingMixin):
:type username: str
:param password: Password for Authentication (for ``ldap`` and ``userpass`` auth_type)
:type password: str
- :param role_id: Role ID for Authentication (for ``approle`` auth_type)
+ :param key_id: Key ID for Authentication (for ``aws_iam`` and ''azure`` auth_type)
+ :type key_id: str
+ :param secret_id: Secret ID for Authentication (for ``approle``, ``aws_iam`` and ``azure`` auth_types)
+ :type secret_id: str
:type role_id: str
+ :param secret_id: Secret ID for Authentication (for ``approle`` auth_type)
+ :type secret_id: str
Review comment:
corrected
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org