raphaelauv opened a new issue #19251:
URL: https://github.com/apache/airflow/issues/19251
### Description
I use the gcp secret_manager as a secret_backend
2 problems :
- the implementation always first look for the secret_backend before trying
the airflow variables , no way to skip the check to the secret_backend
something like
```python
Variable.get("totot",skip_secret_backend=True)
```
so change variable.py
```python
@classmethod
def get(
cls,
key: str,
default_var: Any = __NO_DEFAULT_SENTINEL,
deserialize_json: bool = False,
skip_secret_backend:bool =False,
) -> Any:
```
and also change the macro
```
{{ var.value.get('my.var', 'fallback') }}
```
- every variable that is not in the secret_backend but in the airflow
variable will produce an ERROR log line , for some dag is really confusing to
see at every run :
```
[2021-10-27 10:16:19,103] {secret_manager_client.py:93} ERROR - Google Cloud
API Call Error (PermissionDenied): No access for Secret ID
airflow-prod-variable-XXXXXX-XXXXX.
Did you add 'secretmanager.versions.access' permission?
```
Replace the log level ERROR to WARNING would be better since we don't know
if the secret do not exist or if it's really a problem of access permission.
### Use case/motivation
Every Variable.get make a call to the secret_backend , would be great to
make it configurable ( to first control the cost and the load on the
secret_backend )
### Related issues
_No response_
### Are you willing to submit a PR?
- [X] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
