You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/06/10 16:32:39 UTC

[GitHub] [airflow] rjrbt opened a new pull request #9214: flipped boolean to support KMS decryption for ssm ps

rjrbt opened a new pull request #9214:
URL: https://github.com/apache/airflow/pull/9214


   This is my first PR, so pardon me if I missed any steps, but this proposed change is also _very_ simple. 
   
   
   The current implementation of `SystemsManagerParameterStoreBackend` `_get_secret` uses
   
   ```python
               response = self.client.get_parameter(
                   Name=ssm_path, WithDecryption=False
               )
   ```
   
   but this only allows for secrets to be stored in clear text. 
   
   This PR changes the value to `WithDecryption=True`, which is backwards compatible with clear text values, but also supports KMS decryption in the API call.
   
   After reviewing the test coverage and the documentation, I don't think there are any changes that need to be made. The are no behavior changes for users other than this will support a storage option and will natively support tools like [chamber cli tooling](https://github.com/segmentio/chamber)
   
   I guess there could be an argument made to update documentation stating this feature is now supported? 
   
   ---
   Make sure to mark the boxes below before creating PR: [x]
   
   - [X] Description above provides context of the change
   - [X] Unit tests coverage for changes (not needed for documentation changes)
   - [ ] Target Github ISSUE in description if exists
   - [ ] Commits follow "[How to write a good git commit message](http://chris.beams.io/posts/git-commit/)"
   - [] Relevant documentation is updated including usage instructions.
   - [ ] I will engage committers as explained in [Contribution Workflow Example](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#contribution-workflow-example).
   
   ---
   In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed.
   In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
   In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/master/UPDATING.md).
   Read the [Pull Request Guidelines](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pull-request-guidelines) for more information.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] boring-cyborg[bot] commented on pull request #9214: Decrypt secrets from SystemsManagerParameterStoreBackend

Posted by GitBox <gi...@apache.org>.
boring-cyborg[bot] commented on pull request #9214:
URL: https://github.com/apache/airflow/pull/9214#issuecomment-643790749


   Awesome work, congrats on your first merged pull request!
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] boring-cyborg[bot] commented on pull request #9214: flipped boolean to support KMS decryption for ssm ps

Posted by GitBox <gi...@apache.org>.
boring-cyborg[bot] commented on pull request #9214:
URL: https://github.com/apache/airflow/pull/9214#issuecomment-642123308


   Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst)
   Here are some useful points:
   - Pay attention to the quality of your code (flake8, pylint and type annotations). Our [pre-commits]( https://github.com/apache/airflow/blob/master/STATIC_CODE_CHECKS.rst#prerequisites-for-pre-commit-hooks) will help you with that.
   - In case of a new feature add useful documentation (in docstrings or in `docs/` directory). Adding a new operator? Check this short [guide](https://github.com/apache/airflow/blob/master/docs/howto/custom-operator.rst) Consider adding an example DAG that shows how users should use it.
   - Consider using [Breeze environment](https://github.com/apache/airflow/blob/master/BREEZE.rst) for testing locally, itโ€™s a heavy docker but it ships with a working Airflow and a lot of integrations.
   - Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
   - Be sure to read the [Airflow Coding style]( https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#coding-style-and-best-practices).
   Apache Airflow is a community-driven project and together we are making it better ๐Ÿš€.
   In case of doubts contact the developers at:
   Mailing List: dev@airflow.apache.org
   Slack: https://apache-airflow-slack.herokuapp.com/
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] BasPH commented on pull request #9214: flipped boolean to support KMS decryption for ssm ps

Posted by GitBox <gi...@apache.org>.
BasPH commented on pull request #9214:
URL: https://github.com/apache/airflow/pull/9214#issuecomment-642174397


   How is this change backwards compatible? Does AWS automatically "fallback" in case of a non-secure string?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] kaxil merged pull request #9214: Decrypt secrets from SystemsManagerParameterStoreBackend

Posted by GitBox <gi...@apache.org>.
kaxil merged pull request #9214:
URL: https://github.com/apache/airflow/pull/9214


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org