jedcunningham commented on code in PR #46181:
URL: https://github.com/apache/airflow/pull/46181#discussion_r1942036081
##########
airflow/dag_processing/bundles/git.py:
##########
@@ -70,15 +73,24 @@ def __init__(self, git_conn_id="git_default", *args,
**kwargs):
connection = self.get_connection(git_conn_id)
self.repo_url = connection.host
self.auth_token = connection.password
+ self.private_key = connection.extra_dejson.get("private_key")
self.key_file = connection.extra_dejson.get("key_file")
- strict_host_key_checking =
connection.extra_dejson.get("strict_host_key_checking", "no")
+ self.strict_host_key_checking =
connection.extra_dejson.get("strict_host_key_checking", "no")
self.env: dict[str, str] = {}
+
+ if self.key_file and self.private_key:
+ raise AirflowException("Both 'key_file' and 'private_key' cannot
be provided at the same time")
if self.key_file:
Review Comment:
```suggestion
```
##########
airflow/dag_processing/bundles/git.py:
##########
@@ -70,15 +73,24 @@ def __init__(self, git_conn_id="git_default", *args,
**kwargs):
connection = self.get_connection(git_conn_id)
self.repo_url = connection.host
self.auth_token = connection.password
+ self.private_key = connection.extra_dejson.get("private_key")
self.key_file = connection.extra_dejson.get("key_file")
- strict_host_key_checking =
connection.extra_dejson.get("strict_host_key_checking", "no")
+ self.strict_host_key_checking =
connection.extra_dejson.get("strict_host_key_checking", "no")
self.env: dict[str, str] = {}
+
+ if self.key_file and self.private_key:
+ raise AirflowException("Both 'key_file' and 'private_key' cannot
be provided at the same time")
if self.key_file:
- self.env["GIT_SSH_COMMAND"] = (
- f"ssh -i {self.key_file} -o IdentitiesOnly=yes -o
StrictHostKeyChecking={strict_host_key_checking}"
- )
+ self.env["GIT_SSH_COMMAND"] =
self._build_ssh_command(self.key_file)
Review Comment:
```suggestion
```
##########
airflow/dag_processing/bundles/git.py:
##########
@@ -87,6 +99,25 @@ def _process_git_auth_url(self):
elif not self.repo_url.startswith("git@") or not
self.repo_url.startswith("https://";):
self.repo_url = os.path.expanduser(self.repo_url)
+ def set_git_env(self, key: str) -> dict[str, str]:
+ if self.key_file:
+ return self.env
+ self.env["GIT_SSH_COMMAND"] = self._build_ssh_command(key)
+ return self.env
+
+ @contextlib.contextmanager
+ def configure_hook_env(self):
+ if self.private_key:
+ with tempfile.NamedTemporaryFile(mode="w", delete=True) as
tmp_keyfile:
+ tmp_keyfile.write(self.private_key)
+ tmp_keyfile.flush()
+ os.chmod(tmp_keyfile.name, 0o600)
+ self.set_git_env(tmp_keyfile.name)
+ yield
+ else:
+ self.set_git_env(self.private_key)
Review Comment:
```suggestion
self.set_git_env(self.key_file)
```
##########
airflow/dag_processing/bundles/git.py:
##########
@@ -128,8 +159,11 @@ def __init__(
self.log.warning("Could not create GitHook for connection %s :
%s", self.git_conn_id, e)
def _initialize(self):
- self._clone_bare_repo_if_required()
- self._ensure_version_in_bare_repo()
+ with self.hook.configure_hook_env() as tmp_keyfile:
+ self.hook.env = self.hook.set_git_env(tmp_keyfile)
Review Comment:
```suggestion
with self.hook.configure_hook_env():
```
##########
airflow/dag_processing/bundles/git.py:
##########
@@ -87,6 +99,25 @@ def _process_git_auth_url(self):
elif not self.repo_url.startswith("git@") or not
self.repo_url.startswith("https://";):
self.repo_url = os.path.expanduser(self.repo_url)
+ def set_git_env(self, key: str) -> dict[str, str]:
+ if self.key_file:
+ return self.env
+ self.env["GIT_SSH_COMMAND"] = self._build_ssh_command(key)
+ return self.env
Review Comment:
```suggestion
def set_git_env(self, key: str) -> None:
self.env["GIT_SSH_COMMAND"] = self._build_ssh_command(key)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
