[airflow] branch main updated: GCP Secret Manager error handling for missing credentials (#17264)

kaxilnaik Thu, 29 Jul 2021 15:41:48 -0700

This is an automated email from the ASF dual-hosted git repository.

kaxilnaik pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git



The following commit(s) were added to refs/heads/main by this push:
     new c384f9b  GCP Secret Manager error handling for missing credentials 
(#17264)
c384f9b is described below

commit c384f9b0f509bab704a70380465be18754800a52
Author: Faisal <[email protected]>
AuthorDate: Thu Jul 29 17:41:28 2021 -0500

    GCP Secret Manager error handling for missing credentials (#17264)
---
 .../providers/google/cloud/secrets/secret_manager.py  | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/airflow/providers/google/cloud/secrets/secret_manager.py 
b/airflow/providers/google/cloud/secrets/secret_manager.py
index 919927f..8c2cc9a 100644
--- a/airflow/providers/google/cloud/secrets/secret_manager.py
+++ b/airflow/providers/google/cloud/secrets/secret_manager.py
@@ -16,6 +16,7 @@
 # under the License.
 
 """Objects relating to sourcing connections from Google Cloud Secrets 
Manager"""
+import logging
 from typing import Optional
 
 try:
@@ -23,12 +24,16 @@ try:
 except ImportError:
     from cached_property import cached_property
 
+from google.auth.exceptions import DefaultCredentialsError
+
 from airflow.exceptions import AirflowException
 from airflow.providers.google.cloud._internal_client.secret_manager_client 
import _SecretManagerClient
 from airflow.providers.google.cloud.utils.credentials_provider import 
get_credentials_and_project_id
 from airflow.secrets import BaseSecretsBackend
 from airflow.utils.log.logging_mixin import LoggingMixin
 
+log = logging.getLogger(__name__)
+
 SECRET_ID_PATTERN = r"^[a-zA-Z0-9-_]*$"
 
 
@@ -101,9 +106,17 @@ class CloudSecretManagerBackend(BaseSecretsBackend, 
LoggingMixin):
                     "`connections_prefix`, `variables_prefix` and `sep` should 
"
                     f"follows that pattern {SECRET_ID_PATTERN}"
                 )
-        self.credentials, self.project_id = get_credentials_and_project_id(
-            keyfile_dict=gcp_keyfile_dict, key_path=gcp_key_path, 
scopes=gcp_scopes
-        )
+        try:
+            self.credentials, self.project_id = get_credentials_and_project_id(
+                keyfile_dict=gcp_keyfile_dict, key_path=gcp_key_path, 
scopes=gcp_scopes
+            )
+        except (DefaultCredentialsError, FileNotFoundError):
+            log.exception(
+                'Unable to load credentials for GCP Secret Manager. '
+                'Make sure that the keyfile path, dictionary, or 
GOOGLE_APPLICATION_CREDENTIALS '
+                'environment variable is correct and properly configured.'
+            )
+
         # In case project id provided
         if project_id:
             self.project_id = project_id

[airflow] branch main updated: GCP Secret Manager error handling for missing credentials (#17264)

Reply via email to