This is an automated email from the ASF dual-hosted git repository.
uranusjr pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 0e95b57 Google provider catch invalid secret name (#18790)
0e95b57 is described below
commit 0e95b5777242b00f41812c099f1cf8e2fc0df40c
Author: raphaelauv <[email protected]>
AuthorDate: Tue Oct 19 08:25:09 2021 +0200
Google provider catch invalid secret name (#18790)
---
.../cloud/_internal_client/secret_manager_client.py | 11 ++++++++++-
.../cloud/_internal_client/test_secret_manager_client.py | 15 +++++++++++++++
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git
a/airflow/providers/google/cloud/_internal_client/secret_manager_client.py
b/airflow/providers/google/cloud/_internal_client/secret_manager_client.py
index 65de522..5042080 100644
--- a/airflow/providers/google/cloud/_internal_client/secret_manager_client.py
+++ b/airflow/providers/google/cloud/_internal_client/secret_manager_client.py
@@ -24,7 +24,7 @@ try:
from functools import cached_property
except ImportError:
from cached_property import cached_property
-from google.api_core.exceptions import NotFound, PermissionDenied
+from google.api_core.exceptions import InvalidArgument, NotFound,
PermissionDenied
from google.api_core.gapic_v1.client_info import ClientInfo
from google.cloud.secretmanager_v1 import SecretManagerServiceClient
@@ -96,3 +96,12 @@ class _SecretManagerClient(LoggingMixin):
secret_id,
)
return None
+ except InvalidArgument:
+ self.log.error(
+ """Google Cloud API Call Error (InvalidArgument): Invalid
secret ID %s.
+ Only ASCII alphabets (a-Z), numbers (0-9), dashes (-), and
underscores (_)
+ are allowed in the secret ID.
+ """,
+ secret_id,
+ )
+ return None
diff --git
a/tests/providers/google/cloud/_internal_client/test_secret_manager_client.py
b/tests/providers/google/cloud/_internal_client/test_secret_manager_client.py
index 4e4b5d8..779af41 100644
---
a/tests/providers/google/cloud/_internal_client/test_secret_manager_client.py
+++
b/tests/providers/google/cloud/_internal_client/test_secret_manager_client.py
@@ -70,6 +70,21 @@ class TestSecretManagerClient(TestCase):
@mock.patch(INTERNAL_CLIENT_MODULE + ".SecretManagerServiceClient")
@mock.patch(INTERNAL_CLIENT_MODULE + ".ClientInfo")
+ def test_get_invalid_id(self, mock_client_info, mock_secrets_client):
+ mock_client = mock.MagicMock()
+ mock_client_info.return_value = mock.MagicMock()
+ mock_secrets_client.return_value = mock_client
+ mock_client.secret_version_path.return_value = "full-path"
+ # The requested secret id is using invalid character
+ mock_client.access_secret_version.side_effect =
PermissionDenied('test-msg')
+ secrets_client = _SecretManagerClient(credentials="credentials")
+ secret = secrets_client.get_secret(secret_id="not.allow",
project_id="project_id")
+ mock_client.secret_version_path.assert_called_once_with("project_id",
'not.allow', 'latest')
+ assert secret is None
+ mock_client.access_secret_version.assert_called_once_with('full-path')
+
+ @mock.patch(INTERNAL_CLIENT_MODULE + ".SecretManagerServiceClient")
+ @mock.patch(INTERNAL_CLIENT_MODULE + ".ClientInfo")
def test_get_existing_key(self, mock_client_info, mock_secrets_client):
mock_client = mock.MagicMock()
mock_client_info.return_value = mock.MagicMock()
