akerone opened a new issue #21940: URL: https://github.com/apache/airflow/issues/21940
### Apache Airflow Provider(s) google ### Versions of Apache Airflow Providers apache-airflow-providers-google==5.1.0 ### Apache Airflow version 2.1.4 ### Operating System Google Cloud Composer (GKE Autopilot, composer-2.0.1-airflow-2.1.4) ### Deployment Composer ### Deployment details Using Composer 2 which uses Workload Identity as the way to interact with GCP services, rather than the traditional Service Account Key in the connection extras. ### What happened ## The Google Ads Hook is broken for Composer 2 # Details Trying to use the airflow.providers.google.ads.hooks.ads.GoogleAdsHook on Composer 2 raises: `KeyError: 'extra__google_cloud_platform__keyfile_dict'` This is due to Composer 2 using Workload Identity rather than a Service Account Key in the connection extras. Creating a key is *not* an option for us, since it creates an avoidable security risk on a highly privileged SA. The `"path_to_private_key_file"` key is also completely unnecessary in the config YAML, and we've successfully called the REST API without it. ### What you expected to happen We expect the hook to work in Composer 2. As Composer 2 is being rolled out, this will happen to more and more users. A possible solution would make the path_to_private_key_file key optional, so the hook doesn't have to retrieve it if it's not necessary. ### How to reproduce 1. Create a Composer 2 environment on GCP 2. Create a connection to Google Ads 3. Create a DAG with a task using the GoogleAdsHook that uses the default GCP connection provided by Composer 4. Run it the dag ### Anything else We lost the logs so I can't provide a full stack trace, but this happens on line 206 of [airflow/providers/google/ads/hooks/ads.py](https://github.com/apache/airflow/blob/2c57ad4ff9ddde8102c62f2e25c2a2e82cceb3e7/airflow/providers/google/ads/hooks/ads.py) There's *nothing* in the extras section of the GCP default connection in Composer 2, so secret_conn.extra_dejson["extra__google_cloud_platform__keyfile_dict"] will always fail. ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
