Re: [PR] Adding connection-backed Kubernetes Secrets to KubernetesPodOperator [airflow]

Tue, 21 Nov 2023 08:26:57 -0800 


NotYuki commented on code in PR #33680:
URL: https://github.com/apache/airflow/pull/33680#discussion_r1400859620


##########
airflow/providers/cncf/kubernetes/operators/pod.py:
##########
@@ -706,10 +715,51 @@ def post_complete_action(self, *, pod, remote_pod, 
**kwargs):
             remote_pod=remote_pod,
         )
 
+    def setup_connection_secrets(self, context):
+        """Create Kubernetes secrets based on Airflow connections."""
+        for s in self.connection_secrets:
+            name = 
f"{context['dag'].dag_id}-{context['task_instance'].task_id}-{_rand_str(8)}"
+            s.secret = name
+            self.log.info("Creating kubernetes secret %s based on connection 
%s", name, s.conn_id)
+            conn = Connection.get_connection_from_secrets(s.conn_id)
+            secret_body = {
+                "extra": conn.extra,
+                "host": conn.host,
+                "login": conn.login,
+                "password": conn.password,
+                "port": conn.port,
+                "schema": conn.schema,
+            }
+            # create secret
+            self.client.create_namespaced_secret(
+                self.namespace,
+                k8s.V1Secret(
+                    data=secret_body,
+                    metadata=k8s.V1ObjectMeta(
+                        namespace=self.namespace,
+                        labels=self._get_ti_pod_labels(context),
+                        name=name,
+                    ),
+                ),
+            )
+            # now that the secret actually exists in Kube, we can
+            # use it alongside the other KubernetesPodOperator secrets.
+            self.secrets.append(s)
+
+    def cleanup_connection_secrets(self):
+        """Delete any ephemeral Kubernetes secrets created by 
connection_secrets."""
+        for s in self.secrets:
+            if isinstance(s, KubernetesConnectionSecret):
+                self.log.info("Attempting to delete connection-backed secret: 
%s", s.secret)
+                try:
+                    self.client.delete_namespaced_secret(self.namespace, 
s.secret)

Review Comment:
   It looks like you need to swap arguments in delete_namespaced_secret() call.
   Signature of the method:
   `delete_namespaced_secret(self, name, namespace, **kwargs)`



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to