[PR] Add service account impersonation with Cloud SQL Proxy and version co… [airflow]

Mon, 02 Dec 2024 02:15:50 -0800 


jasonmar310 opened a new pull request, #44564:
URL: https://github.com/apache/airflow/pull/44564

   closes: [39546](https://github.com/apache/airflow/issues/39546)
   
   Add service account impersonation with Cloud SQL Proxy and version 
compatibility
   
   ##Summary of Changes:
   * Added service account impersonation support for Cloud SQL Proxy operations
    - Single service account impersonation via `impersonation_chain` parameter
    - Service account chain impersonation for delegated access
    - Proper credential parameter handling and validation
   
   * Updated Cloud SQL Proxy version support
    - Added v2 parameter format support (--impersonate-service-account)
    - Maintained v1 backward compatibility (-impersonate-service-account)
    - Added version detection and parameter format handling
    
   * Testing and Validation:
    - Added unit tests for CloudSQLCreateInstanceOperator with impersonation
    - Added tests for CloudSqlProxyRunner parameter handling
    - Added version-specific command line parameter tests
    - Added impersonation chain validation tests
    - All tests passing under 
providers/tests/google/cloud/hooks/test_cloud_sql.py
   
   * Documentation Updates:
    - Updated class docstrings with impersonation details
    - Added version compatibility information
    - Added usage examples for both single SA and chain impersonation
   
   Example Usage:
   ```python
   # Using v2 with single service account
   runner = CloudSqlProxyRunner(
      path_prefix="test",
      instance_specification="proj:region:instance",
      impersonation_chain="[email protected]",
      sql_proxy_version="v2.0.0"
   )
   
   # Using v1 with impersonation chain
   runner = CloudSqlProxyRunner(
      path_prefix="test",
      instance_specification="proj:region:instance",
      impersonation_chain=["[email protected]", "[email protected]"],
      sql_proxy_version="v1.0.0"
   )
   
   Use Case:
   Enables teams in shared Google Cloud Composer environments to access Cloud 
SQL databases through project-specific service accounts via impersonation, 
similar to other Google Cloud operators.
   
   Issue Reference:
   Closes #39546


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to