dstandish edited a comment on pull request #19324: URL: https://github.com/apache/airflow/pull/19324#issuecomment-969377230
> The fundamental way that a secrets backend works is to try all connections, variables, and configurations there first and, if it returns None, try the OS environment variables and finally the metadb. Partially true. But, to make it retrieve config from secrets backend you have to jump through hoops. E.g. you have to do something like this: ``` export AIRFLOW__CORE__SQL_ALCHEMY_CONN_SECRET=sql_alchemy_conn ``` So if airflow is trying to retrieve a config from secrets backend, I think it's fair to say that it should exist and airflow should have access to it. And I tested this with secrets manager yesterday, created an IAM account, gave it access to just one key (thanks for clarifying that scenario). And I observed that scheduler and webserver had no problem running. So I think config is a non-issue here. But yes, if you ask for a conn that exists but you don't have access to it will throw that error. And yeah I think it's reasonable to add that catch. And now that you have removed `except Exception` I think we're in pretty uncontroversial territory. Thanks -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
