mmenarguezpear opened a new issue #16406: URL: https://github.com/apache/airflow/issues/16406
Apache Airflow version: 2.1.0 Kubernetes version (if you are using kubernetes) (use kubectl version): **Environment:** Kubernetes with base image apache/airflow:2.1.0-python3.8 **Cloud provider or hardware configuration:** bare metal k8s in AWS EC2 **OS (e.g. from /etc/os-release):** ``` cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/"; SUPPORT_URL="https://www.debian.org/support"; BUG_REPORT_URL="https://bugs.debian.org/"; ``` Install tools: Others: **What happened:** While reading the vault token through `token_path` parameter injected by vault sidecar on an operator run to load connections, the process fails with the following stacktrace due to the end of line \n character not being stripped correctly. ``` [2021-06-11 22:15:25,854] {taskinstance.py:1481} ERROR - Task failed with exception Traceback (most recent call last): File "/home/airflow/.local/lib/python3.8/site-packages/airflow/models/taskinstance.py", line 1137, in _run_raw_task self._prepare_and_execute_task_with_callbacks(context, task) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/models/taskinstance.py", line 1311, in _prepare_and_execute_task_with_callbacks result = self._execute_task(context, task_copy) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/models/taskinstance.py", line 1341, in _execute_task result = task_copy.execute(context=context) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/amazon/aws/operators/glue.py", line 106, in execute s3_hook.load_file(self.script_location, self.s3_bucket, self.s3_artifacts_prefix + script_name) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/amazon/aws/hooks/s3.py", line 62, in wrapper return func(*bound_args.args, **bound_args.kwargs) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/amazon/aws/hooks/s3.py", line 91, in wrapper return func(*bound_args.args, **bound_args.kwargs) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/amazon/aws/hooks/s3.py", line 499, in load_file if not replace and self.check_for_key(key, bucket_name): File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/amazon/aws/hooks/s3.py", line 62, in wrapper return func(*bound_args.args, **bound_args.kwargs) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/amazon/aws/hooks/s3.py", line 91, in wrapper return func(*bound_args.args, **bound_args.kwargs) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/amazon/aws/hooks/s3.py", line 323, in check_for_key self.get_conn().head_object(Bucket=bucket_name, Key=key) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/amazon/aws/hooks/base_aws.py", line 461, in get_conn return self.conn File "/usr/local/lib/python3.8/functools.py", line 967, in __get__ val = self.func(instance) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/amazon/aws/hooks/base_aws.py", line 443, in conn return self.get_client_type(self.client_type, region_name=self.region_name) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/amazon/aws/hooks/base_aws.py", line 409, in get_client_type session, endpoint_url = self._get_credentials(region_name) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/amazon/aws/hooks/base_aws.py", line 372, in _get_credentials connection_object = self.get_connection(self.aws_conn_id) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/hooks/base.py", line 67, in get_connection conn = Connection.get_connection_from_secrets(conn_id) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/models/connection.py", line 376, in get_connection_from_secrets conn = secrets_backend.get_connection(conn_id=conn_id) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/secrets/base_secrets.py", line 64, in get_connection conn_uri = self.get_conn_uri(conn_id=conn_id) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/secrets/vault.py", line 195, in get_conn_uri response = self.vault_client.get_secret(secret_path=secret_path) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/_internal_client/vault_client.py", line 358, in get_secret response = self.client.secrets.kv.v2.read_secret_version( File "/usr/local/lib/python3.8/functools.py", line 967, in __get__ val = self.func(instance) File "/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/_internal_client/vault_client.py", line 227, in client if _client.is_authenticated(): File "/home/airflow/.local/lib/python3.8/site-packages/hvac/v1/__init__.py", line 555, in is_authenticated self.lookup_token() File "/home/airflow/.local/lib/python3.8/site-packages/hvac/v1/__init__.py", line 383, in lookup_token return self._adapter.get(path, wrap_ttl=wrap_ttl) File "/home/airflow/.local/lib/python3.8/site-packages/hvac/adapters.py", line 97, in get return self.request('get', url, **kwargs) File "/home/airflow/.local/lib/python3.8/site-packages/hvac/adapters.py", line 353, in request response = super(JSONAdapter, self).request(*args, **kwargs) File "/home/airflow/.local/lib/python3.8/site-packages/hvac/adapters.py", line 298, in request response = self.session.request( File "/home/airflow/.local/lib/python3.8/site-packages/requests/sessions.py", line 542, in request resp = self.send(prep, **send_kwargs) File "/home/airflow/.local/lib/python3.8/site-packages/requests/sessions.py", line 655, in send r = adapter.send(request, **kwargs) File "/home/airflow/.local/lib/python3.8/site-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/home/airflow/.local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen httplib_response = self._make_request( File "/home/airflow/.local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 392, in _make_request conn.request(method, url, **httplib_request_kw) File "/usr/local/lib/python3.8/http/client.py", line 1252, in request self._send_request(method, url, body, headers, encode_chunked) File "/usr/local/lib/python3.8/http/client.py", line 1293, in _send_request self.putheader(hdr, value) File "/usr/local/lib/python3.8/http/client.py", line 1230, in putheader raise ValueError('Invalid header value %r' % (values[i],)) ValueError: Invalid header value b's.REDACTED\n' ``` **What you expected to happen:** Vault backend plugin should read the file and strip whitespaces and end of line characters **How to reproduce it:** Set up vault injection, replace the service account by the one generated, then add Helm chart values (specific): ``` airflow: podAnnotations: vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/role: "your_role" vault.hashicorp.com/agent-inject-token: "true" config: AIRFLOW__SECRETS__BACKEND: airflow.providers.hashicorp.secrets.vault.VaultBackend AIRFLOW__SECRETS__BACKEND_KWARGS: '{"connections_path": "connections", "variables_path": "variables", "mount_point": "your-path", "url": "https://vault-url-here.com";, "auth_type": "token", "token_path": "/vault/secrets/token"}' serviceAccount: create: false name: "your-vault-service-account" ``` Anything else we need to know: to resolve it is as easy as add a .strip() [here](https://github.com/apache/airflow/blob/0c80a7d41100bf8d18b661c8286d6056e6d5d2f1/airflow/providers/hashicorp/_internal_client/vault_client.py#L331) so ``` with open(self.token_path) as f: _client.token = f.read().strip() ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
