You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by ka...@apache.org on 2020/06/22 20:48:57 UTC

[airflow] branch v1-10-test updated: Decrypt secrets from SystemsManagerParameterStoreBackend (#9214)

This is an automated email from the ASF dual-hosted git repository.

kaxilnaik pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/v1-10-test by this push:
     new 0a4ec72  Decrypt secrets from SystemsManagerParameterStoreBackend (#9214)
0a4ec72 is described below

commit 0a4ec7253ff20644fb04faf80e0ac3d23bd69389
Author: Nathan Toups <rj...@users.noreply.github.com>
AuthorDate: Sun Jun 14 10:35:59 2020 -0600

    Decrypt secrets from SystemsManagerParameterStoreBackend (#9214)
    
    (cherry picked from commit ffb85740373f7adb70d28ec7d5a8886380170e5e)
---
 airflow/contrib/secrets/aws_systems_manager.py    |  2 +-
 tests/contrib/secrets/test_aws_systems_manager.py | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/airflow/contrib/secrets/aws_systems_manager.py b/airflow/contrib/secrets/aws_systems_manager.py
index 971ad18..862fa96 100644
--- a/airflow/contrib/secrets/aws_systems_manager.py
+++ b/airflow/contrib/secrets/aws_systems_manager.py
@@ -100,7 +100,7 @@ class SystemsManagerParameterStoreBackend(BaseSecretsBackend, LoggingMixin):
         ssm_path = self.build_path(path_prefix, secret_id)
         try:
             response = self.client.get_parameter(
-                Name=ssm_path, WithDecryption=False
+                Name=ssm_path, WithDecryption=True
             )
             value = response["Parameter"]["Value"]
             return value
diff --git a/tests/contrib/secrets/test_aws_systems_manager.py b/tests/contrib/secrets/test_aws_systems_manager.py
index 975e298..9801f19 100644
--- a/tests/contrib/secrets/test_aws_systems_manager.py
+++ b/tests/contrib/secrets/test_aws_systems_manager.py
@@ -81,6 +81,18 @@ class TestSystemsManagerParameterStoreBackend(unittest.TestCase):
         self.assertEqual('world', returned_uri)
 
     @mock_ssm
+    def test_get_variable_secret_string(self):
+        param = {
+            'Name': '/airflow/variables/hello',
+            'Type': 'SecureString',
+            'Value': 'world'
+        }
+        ssm_backend = SystemsManagerParameterStoreBackend()
+        ssm_backend.client.put_parameter(**param)
+        returned_uri = ssm_backend.get_variable('hello')
+        self.assertEqual('world', returned_uri)
+
+    @mock_ssm
     def test_get_variable_non_existent_key(self):
         """
         Test that if Variable key is not present in SSM,