You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by ka...@apache.org on 2020/06/22 20:48:57 UTC
[airflow] branch v1-10-test updated: Decrypt secrets from
SystemsManagerParameterStoreBackend (#9214)
This is an automated email from the ASF dual-hosted git repository.
kaxilnaik pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/v1-10-test by this push:
new 0a4ec72 Decrypt secrets from SystemsManagerParameterStoreBackend (#9214)
0a4ec72 is described below
commit 0a4ec7253ff20644fb04faf80e0ac3d23bd69389
Author: Nathan Toups <rj...@users.noreply.github.com>
AuthorDate: Sun Jun 14 10:35:59 2020 -0600
Decrypt secrets from SystemsManagerParameterStoreBackend (#9214)
(cherry picked from commit ffb85740373f7adb70d28ec7d5a8886380170e5e)
---
airflow/contrib/secrets/aws_systems_manager.py | 2 +-
tests/contrib/secrets/test_aws_systems_manager.py | 12 ++++++++++++
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/airflow/contrib/secrets/aws_systems_manager.py b/airflow/contrib/secrets/aws_systems_manager.py
index 971ad18..862fa96 100644
--- a/airflow/contrib/secrets/aws_systems_manager.py
+++ b/airflow/contrib/secrets/aws_systems_manager.py
@@ -100,7 +100,7 @@ class SystemsManagerParameterStoreBackend(BaseSecretsBackend, LoggingMixin):
ssm_path = self.build_path(path_prefix, secret_id)
try:
response = self.client.get_parameter(
- Name=ssm_path, WithDecryption=False
+ Name=ssm_path, WithDecryption=True
)
value = response["Parameter"]["Value"]
return value
diff --git a/tests/contrib/secrets/test_aws_systems_manager.py b/tests/contrib/secrets/test_aws_systems_manager.py
index 975e298..9801f19 100644
--- a/tests/contrib/secrets/test_aws_systems_manager.py
+++ b/tests/contrib/secrets/test_aws_systems_manager.py
@@ -81,6 +81,18 @@ class TestSystemsManagerParameterStoreBackend(unittest.TestCase):
self.assertEqual('world', returned_uri)
@mock_ssm
+ def test_get_variable_secret_string(self):
+ param = {
+ 'Name': '/airflow/variables/hello',
+ 'Type': 'SecureString',
+ 'Value': 'world'
+ }
+ ssm_backend = SystemsManagerParameterStoreBackend()
+ ssm_backend.client.put_parameter(**param)
+ returned_uri = ssm_backend.get_variable('hello')
+ self.assertEqual('world', returned_uri)
+
+ @mock_ssm
def test_get_variable_non_existent_key(self):
"""
Test that if Variable key is not present in SSM,