pankajastro commented on code in PR #38536:
URL: https://github.com/apache/airflow/pull/38536#discussion_r1555273271
##########
airflow/providers/hashicorp/_internal_client/vault_client.py:
##########
@@ -318,15 +322,23 @@ def _auth_azure(self, _client: hvac.Client) -> None:
)
def _auth_aws_iam(self, _client: hvac.Client) -> None:
- if self.auth_mount_point:
+ if self.key_id or self.secret_id or self.role_id:
_client.auth.aws.iam_login(
access_key=self.key_id,
secret_key=self.secret_id,
role=self.role_id,
mount_point=self.auth_mount_point,
)
- else:
- _client.auth.aws.iam_login(access_key=self.key_id,
secret_key=self.secret_id, role=self.role_id)
+ elif self.aws_conn_id:
Review Comment:
I believe users could create an AWS connection and then pass the connection
ID in the backend kwargs. This approach would allow users to manage fewer
parameters in the configuration or environment variables. Additionally, if
users are directly using secret key/access key, they can utilize the
connection, ensuring their credentials are protected in the metadata database.
wdyt or I'm missing something?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
