moiseenkov opened a new pull request, #38894: URL: https://github.com/apache/airflow/pull/38894
The PR provides enhancement for SSL support in `CloudSQLExecuteQueryOperator`. 1. The previous implementation used to work with SSL certificates provided by users. If those files have excessive permissions, then `psql` raises an exception: ```python psql: error: connection to server at "10.40.112.2", port 5432 failed: private key file "client-key.pem" has group or world access; file must have permissions u=rw (0600) or less if owned by the current user, or permissions u=rw,g=r (0640) or less if owned by root ``` In order to fix this problem, the `CloudSQLDatabaseHook` copies those files into a `/tmp/certs/` with minimal required permissions, and uses those copies instead. 2. Added integration with Google Cloud Secret Manager, so users now can store their certificates as secrets and specify a secret id in the operator. 3. Refactored system tests and removed the deprecated example DAG. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
