[GitHub] [airflow] uranusjr commented on a diff in pull request #23560: Add prioritization for secrets backend

Wed, 11 May 2022 07:56:38 -0700 


uranusjr commented on code in PR #23560:
URL: https://github.com/apache/airflow/pull/23560#discussion_r870419105


##########
airflow/configuration.py:
##########
@@ -1260,18 +1260,28 @@ def get_custom_secret_backend() -> 
Optional[BaseSecretsBackend]:
 def initialize_secrets_backends() -> List[BaseSecretsBackend]:
     """
     * import secrets backend classes
+    * sort by prioritisation
     * instantiate them and return them in a list
     """
     backend_list = []
 
+    for class_name in DEFAULT_SECRETS_SEARCH_PATH:
+        secrets_backend_cls = import_string(class_name)
+        backend_list.append(secrets_backend_cls())
+
     custom_secret_backend = get_custom_secret_backend()
 
     if custom_secret_backend is not None:
-        backend_list.append(custom_secret_backend)
+        backend_priority = conf.get('secrets', 'backend_priority', 
fallback='') or 'HIGH'
 
-    for class_name in DEFAULT_SECRETS_SEARCH_PATH:
-        secrets_backend_cls = import_string(class_name)
-        backend_list.append(secrets_backend_cls())
+        # Do enum validation here, because other enums checks run after 
initialise custom secrets backends
+        if backend_priority not in CustomSecretsBackendPriority.priorities():
+            raise AirflowConfigException(
+                f"`['secrets'] backend_priority` should not be 
{backend_priority!r}. "
+                f"Possible values: {', 
'.join(CustomSecretsBackendPriority.priorities())}."
+            )

Review Comment:
   ```suggestion
           if backend_priority not in CustomSecretsBackendPriority.__members__:
               raise AirflowConfigException(
                   f"`['secrets'] backend_priority` should not be 
{backend_priority!r}. "
                   f"Possible values: {', 
'.join(CustomSecretsBackendPriority.__members__)}."
               )
   ```



##########
airflow/secrets/__init__.py:
##########
@@ -22,10 +22,26 @@
     * Metastore database
     * AWS SSM Parameter store
 """
-__all__ = ['BaseSecretsBackend', 'DEFAULT_SECRETS_SEARCH_PATH']
+__all__ = ['BaseSecretsBackend', 'DEFAULT_SECRETS_SEARCH_PATH', 
"CustomSecretsBackendPriority"]
+from enum import IntEnum
+from functools import lru_cache
 
 from airflow.secrets.base_secrets import BaseSecretsBackend
 
+
+class CustomSecretsBackendPriority(IntEnum):
+    """Custom Secrets Backend Priority"""
+
+    HIGH = 0
+    MEDIUM = 1
+    LOW = 2
+
+    @classmethod
+    @lru_cache(maxsize=None)
+    def priorities(cls):
+        return {e.name for e in cls}

Review Comment:
   an we can get rid of this.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to