(airflow) branch main updated: Explicitly passing `raise_on_deleted_version=True` to `read_secret_version` in Hashicorp operator (#36532)

Wed, 10 Jan 2024 11:05:57 -0800 

This is an automated email from the ASF dual-hosted git repository.

husseinawala pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new cd5ab08d95 Explicitly passing `raise_on_deleted_version=True` to 
`read_secret_version` in Hashicorp operator (#36532)
cd5ab08d95 is described below

commit cd5ab08d95aaf4c65e56a91f1843d04c09f27cb1
Author: rom sharon <[email protected]>
AuthorDate: Wed Jan 10 21:04:50 2024 +0200

    Explicitly passing `raise_on_deleted_version=True` to `read_secret_version` 
in Hashicorp operator (#36532)
    
    * explicitly passing raise_on_deleted_version=True to read_secret_version
    
    * fix tests
    
    * update hvac version
---
 airflow/providers/hashicorp/_internal_client/vault_client.py | 10 ++++++++--
 airflow/providers/hashicorp/provider.yaml                    |  2 +-
 generated/provider_dependencies.json                         |  2 +-
 .../hashicorp/_internal_client/test_vault_client.py          | 12 ++++++------
 tests/providers/hashicorp/hooks/test_vault.py                |  6 +++---
 tests/providers/hashicorp/secrets/test_vault.py              |  4 ++--
 6 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/airflow/providers/hashicorp/_internal_client/vault_client.py 
b/airflow/providers/hashicorp/_internal_client/vault_client.py
index f8e5c254d4..0012d95802 100644
--- a/airflow/providers/hashicorp/_internal_client/vault_client.py
+++ b/airflow/providers/hashicorp/_internal_client/vault_client.py
@@ -373,7 +373,10 @@ class _VaultClient(LoggingMixin):
                 response = 
self.client.secrets.kv.v1.read_secret(path=secret_path, mount_point=mount_point)
             else:
                 response = self.client.secrets.kv.v2.read_secret_version(
-                    path=secret_path, mount_point=mount_point, 
version=secret_version
+                    path=secret_path,
+                    mount_point=mount_point,
+                    version=secret_version,
+                    raise_on_deleted_version=True,
                 )
         except InvalidPath:
             self.log.debug("Secret not found %s with mount point %s", 
secret_path, mount_point)
@@ -422,7 +425,10 @@ class _VaultClient(LoggingMixin):
         try:
             mount_point, secret_path = self._parse_secret_path(secret_path)
             return self.client.secrets.kv.v2.read_secret_version(
-                path=secret_path, mount_point=mount_point, 
version=secret_version
+                path=secret_path,
+                mount_point=mount_point,
+                version=secret_version,
+                raise_on_deleted_version=True,
             )
         except InvalidPath:
             self.log.debug(
diff --git a/airflow/providers/hashicorp/provider.yaml 
b/airflow/providers/hashicorp/provider.yaml
index ce2b3846b4..e42cad0ff9 100644
--- a/airflow/providers/hashicorp/provider.yaml
+++ b/airflow/providers/hashicorp/provider.yaml
@@ -50,7 +50,7 @@ versions:
 
 dependencies:
   - apache-airflow>=2.6.0
-  - hvac>=0.10
+  - hvac>=1.1.0
 
 integrations:
   - integration-name: Hashicorp Vault
diff --git a/generated/provider_dependencies.json 
b/generated/provider_dependencies.json
index 76f27a032e..3cba566e52 100644
--- a/generated/provider_dependencies.json
+++ b/generated/provider_dependencies.json
@@ -550,7 +550,7 @@
   "hashicorp": {
     "deps": [
       "apache-airflow>=2.6.0",
-      "hvac>=0.10"
+      "hvac>=1.1.0"
     ],
     "cross-providers-deps": [
       "google"
diff --git a/tests/providers/hashicorp/_internal_client/test_vault_client.py 
b/tests/providers/hashicorp/_internal_client/test_vault_client.py
index bb9a53ceb5..28c6944fa6 100644
--- a/tests/providers/hashicorp/_internal_client/test_vault_client.py
+++ b/tests/providers/hashicorp/_internal_client/test_vault_client.py
@@ -641,7 +641,7 @@ class TestVaultClient:
         secret = vault_client.get_secret(secret_path="missing")
         assert secret is None
         mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
-            mount_point="secret", path="missing", version=None
+            mount_point="secret", path="missing", version=None, 
raise_on_deleted_version=True
         )
 
     
@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
@@ -661,7 +661,7 @@ class TestVaultClient:
         assert secret is None
         assert "secret" == vault_client.mount_point
         mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
-            mount_point="secret", path="missing", version=None
+            mount_point="secret", path="missing", version=None, 
raise_on_deleted_version=True
         )
 
     
@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
@@ -716,7 +716,7 @@ class TestVaultClient:
         secret = vault_client.get_secret(secret_path="path/to/secret")
         assert {"secret_key": "secret_value"} == secret
         mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
-            mount_point="secret", path="path/to/secret", version=None
+            mount_point="secret", path="path/to/secret", version=None, 
raise_on_deleted_version=True
         )
 
     
@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
@@ -754,7 +754,7 @@ class TestVaultClient:
         secret = 
vault_client.get_secret(secret_path="mount_point/path/to/secret")
         assert {"secret_key": "secret_value"} == secret
         mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
-            mount_point="mount_point", path="path/to/secret", version=None
+            mount_point="mount_point", path="path/to/secret", version=None, 
raise_on_deleted_version=True
         )
 
     
@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
@@ -791,7 +791,7 @@ class TestVaultClient:
         secret = vault_client.get_secret(secret_path="missing", 
secret_version=1)
         assert {"secret_key": "secret_value"} == secret
         mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
-            mount_point="secret", path="missing", version=1
+            mount_point="secret", path="missing", version=1, 
raise_on_deleted_version=True
         )
 
     
@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
@@ -1015,7 +1015,7 @@ class TestVaultClient:
             "auth": None,
         } == metadata
         mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
-            mount_point="secret", path="missing", version=None
+            mount_point="secret", path="missing", version=None, 
raise_on_deleted_version=True
         )
 
     
@mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac")
diff --git a/tests/providers/hashicorp/hooks/test_vault.py 
b/tests/providers/hashicorp/hooks/test_vault.py
index 29bace0642..b9db1e7c1f 100644
--- a/tests/providers/hashicorp/hooks/test_vault.py
+++ b/tests/providers/hashicorp/hooks/test_vault.py
@@ -1005,7 +1005,7 @@ class TestVaultHook:
         secret = test_hook.get_secret(secret_path="missing")
         assert {"secret_key": "secret_value"} == secret
         mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
-            mount_point="secret", path="missing", version=None
+            mount_point="secret", path="missing", version=None, 
raise_on_deleted_version=True
         )
 
     
@mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection")
@@ -1044,7 +1044,7 @@ class TestVaultHook:
         secret = test_hook.get_secret(secret_path="missing", secret_version=1)
         assert {"secret_key": "secret_value"} == secret
         mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
-            mount_point="secret", path="missing", version=1
+            mount_point="secret", path="missing", version=1, 
raise_on_deleted_version=True
         )
 
     
@mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection")
@@ -1189,7 +1189,7 @@ class TestVaultHook:
             "auth": None,
         } == metadata
         mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
-            mount_point="secret", path="missing", version=None
+            mount_point="secret", path="missing", version=None, 
raise_on_deleted_version=True
         )
 
     
@mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection")
diff --git a/tests/providers/hashicorp/secrets/test_vault.py 
b/tests/providers/hashicorp/secrets/test_vault.py
index 4897a73c22..fc30da9add 100644
--- a/tests/providers/hashicorp/secrets/test_vault.py
+++ b/tests/providers/hashicorp/secrets/test_vault.py
@@ -302,7 +302,7 @@ class TestVaultSecrets:
         test_client = VaultBackend(**kwargs)
         assert test_client.get_conn_uri(conn_id="test_mysql") is None
         mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
-            mount_point="airflow", path="connections/test_mysql", version=None
+            mount_point="airflow", path="connections/test_mysql", 
version=None, raise_on_deleted_version=True
         )
         assert test_client.get_connection(conn_id="test_mysql") is None
 
@@ -454,7 +454,7 @@ class TestVaultSecrets:
         test_client = VaultBackend(**kwargs)
         assert test_client.get_variable("hello") is None
         mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with(
-            mount_point="airflow", path="variables/hello", version=None
+            mount_point="airflow", path="variables/hello", version=None, 
raise_on_deleted_version=True
         )
         assert test_client.get_variable("hello") is None

Reply via email to