This is an automated email from the ASF dual-hosted git repository. potiuk pushed a commit to branch v2-8-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 64834807dcedda3a8ce1c486190df4753af95c97 Author: rom sharon <[email protected]> AuthorDate: Wed Jan 10 21:04:50 2024 +0200 Explicitly passing `raise_on_deleted_version=True` to `read_secret_version` in Hashicorp operator (#36532) * explicitly passing raise_on_deleted_version=True to read_secret_version * fix tests * update hvac version (cherry picked from commit cd5ab08d95aaf4c65e56a91f1843d04c09f27cb1) --- airflow/providers/hashicorp/_internal_client/vault_client.py | 10 ++++++++-- airflow/providers/hashicorp/provider.yaml | 2 +- generated/provider_dependencies.json | 2 +- .../hashicorp/_internal_client/test_vault_client.py | 12 ++++++------ tests/providers/hashicorp/hooks/test_vault.py | 6 +++--- tests/providers/hashicorp/secrets/test_vault.py | 4 ++-- 6 files changed, 21 insertions(+), 15 deletions(-) diff --git a/airflow/providers/hashicorp/_internal_client/vault_client.py b/airflow/providers/hashicorp/_internal_client/vault_client.py index f8e5c254d4..0012d95802 100644 --- a/airflow/providers/hashicorp/_internal_client/vault_client.py +++ b/airflow/providers/hashicorp/_internal_client/vault_client.py @@ -373,7 +373,10 @@ class _VaultClient(LoggingMixin): response = self.client.secrets.kv.v1.read_secret(path=secret_path, mount_point=mount_point) else: response = self.client.secrets.kv.v2.read_secret_version( - path=secret_path, mount_point=mount_point, version=secret_version + path=secret_path, + mount_point=mount_point, + version=secret_version, + raise_on_deleted_version=True, ) except InvalidPath: self.log.debug("Secret not found %s with mount point %s", secret_path, mount_point) @@ -422,7 +425,10 @@ class _VaultClient(LoggingMixin): try: mount_point, secret_path = self._parse_secret_path(secret_path) return self.client.secrets.kv.v2.read_secret_version( - path=secret_path, mount_point=mount_point, version=secret_version + path=secret_path, + mount_point=mount_point, + version=secret_version, + raise_on_deleted_version=True, ) except InvalidPath: self.log.debug( diff --git a/airflow/providers/hashicorp/provider.yaml b/airflow/providers/hashicorp/provider.yaml index ce2b3846b4..e42cad0ff9 100644 --- a/airflow/providers/hashicorp/provider.yaml +++ b/airflow/providers/hashicorp/provider.yaml @@ -50,7 +50,7 @@ versions: dependencies: - apache-airflow>=2.6.0 - - hvac>=0.10 + - hvac>=1.1.0 integrations: - integration-name: Hashicorp Vault diff --git a/generated/provider_dependencies.json b/generated/provider_dependencies.json index ef83fa23d9..0a4b6cfe18 100644 --- a/generated/provider_dependencies.json +++ b/generated/provider_dependencies.json @@ -557,7 +557,7 @@ "hashicorp": { "deps": [ "apache-airflow>=2.6.0", - "hvac>=0.10" + "hvac>=1.1.0" ], "cross-providers-deps": [ "google" diff --git a/tests/providers/hashicorp/_internal_client/test_vault_client.py b/tests/providers/hashicorp/_internal_client/test_vault_client.py index bb9a53ceb5..28c6944fa6 100644 --- a/tests/providers/hashicorp/_internal_client/test_vault_client.py +++ b/tests/providers/hashicorp/_internal_client/test_vault_client.py @@ -641,7 +641,7 @@ class TestVaultClient: secret = vault_client.get_secret(secret_path="missing") assert secret is None mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True ) @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -661,7 +661,7 @@ class TestVaultClient: assert secret is None assert "secret" == vault_client.mount_point mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True ) @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -716,7 +716,7 @@ class TestVaultClient: secret = vault_client.get_secret(secret_path="path/to/secret") assert {"secret_key": "secret_value"} == secret mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="path/to/secret", version=None + mount_point="secret", path="path/to/secret", version=None, raise_on_deleted_version=True ) @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -754,7 +754,7 @@ class TestVaultClient: secret = vault_client.get_secret(secret_path="mount_point/path/to/secret") assert {"secret_key": "secret_value"} == secret mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="mount_point", path="path/to/secret", version=None + mount_point="mount_point", path="path/to/secret", version=None, raise_on_deleted_version=True ) @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -791,7 +791,7 @@ class TestVaultClient: secret = vault_client.get_secret(secret_path="missing", secret_version=1) assert {"secret_key": "secret_value"} == secret mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=1 + mount_point="secret", path="missing", version=1, raise_on_deleted_version=True ) @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -1015,7 +1015,7 @@ class TestVaultClient: "auth": None, } == metadata mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True ) @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") diff --git a/tests/providers/hashicorp/hooks/test_vault.py b/tests/providers/hashicorp/hooks/test_vault.py index 29bace0642..b9db1e7c1f 100644 --- a/tests/providers/hashicorp/hooks/test_vault.py +++ b/tests/providers/hashicorp/hooks/test_vault.py @@ -1005,7 +1005,7 @@ class TestVaultHook: secret = test_hook.get_secret(secret_path="missing") assert {"secret_key": "secret_value"} == secret mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True ) @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @@ -1044,7 +1044,7 @@ class TestVaultHook: secret = test_hook.get_secret(secret_path="missing", secret_version=1) assert {"secret_key": "secret_value"} == secret mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=1 + mount_point="secret", path="missing", version=1, raise_on_deleted_version=True ) @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @@ -1189,7 +1189,7 @@ class TestVaultHook: "auth": None, } == metadata mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True ) @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") diff --git a/tests/providers/hashicorp/secrets/test_vault.py b/tests/providers/hashicorp/secrets/test_vault.py index 4897a73c22..fc30da9add 100644 --- a/tests/providers/hashicorp/secrets/test_vault.py +++ b/tests/providers/hashicorp/secrets/test_vault.py @@ -302,7 +302,7 @@ class TestVaultSecrets: test_client = VaultBackend(**kwargs) assert test_client.get_conn_uri(conn_id="test_mysql") is None mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="airflow", path="connections/test_mysql", version=None + mount_point="airflow", path="connections/test_mysql", version=None, raise_on_deleted_version=True ) assert test_client.get_connection(conn_id="test_mysql") is None @@ -454,7 +454,7 @@ class TestVaultSecrets: test_client = VaultBackend(**kwargs) assert test_client.get_variable("hello") is None mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="airflow", path="variables/hello", version=None + mount_point="airflow", path="variables/hello", version=None, raise_on_deleted_version=True ) assert test_client.get_variable("hello") is None
