Lee-W commented on code in PR #54812:
URL: https://github.com/apache/airflow/pull/54812#discussion_r2488405349
##########
providers/github/docs/connections/github.rst:
##########
@@ -40,3 +40,26 @@ Host (optional)
.. code-block::
https://{hostname}/api/v3
+
+Extra Parameters
+----------------
+
+You can authenticate using a GitHub App installation by setting the extra
field of your connection, instead of using a token.
+
+- ``key_path``: Path to the private key file used for GitHub App
authentication.
+- ``app_id``: The application ID.
+- ``installation_id``: The ID of the app installation.
+- ``token_permissions``: A dictionary of permissions. - Properties of
permissions -
https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app
+
+
+Example::
+
+ {
+ "key_path": "FAKE_KEY.pem",
+ "app_id": "123456s",
+ "installation_id": 123456789,
+ "token_permissions": {
+ "issues":"write",
+ "contents":"read"
+ }
+ }
Review Comment:
```suggestion
.. code-block:: json
{
"key_path": "FAKE_KEY.pem",
"app_id": "123456s",
"installation_id": 123456789,
"token_permissions": {
"issues":"write",
"contents":"read"
}
}
```
##########
providers/github/src/airflow/providers/github/hooks/github.py:
##########
@@ -55,17 +54,34 @@ def get_conn(self) -> GithubClient:
conn = self.get_connection(self.github_conn_id)
access_token = conn.password
host = conn.host
-
- # Currently the only method of authenticating to GitHub in Airflow is
via a token. This is not the
- # only means available, but raising an exception to enforce this
method for now.
- # TODO: When/If other auth methods are implemented this exception
should be removed/modified.
- if not access_token:
- raise AirflowException("An access token is required to
authenticate to GitHub.")
+ extras = conn.extra_dejson or {}
+
+ if access_token:
+ auth: Auth.Auth = Auth.Token(access_token)
+ elif extras:
+ key_path = extras.get("key_path")
+ if key_path:
+ if not key_path.endswith(".pem"):
+ raise RuntimeError("Unrecognised key file")
+ with open(key_path) as key_file:
+ private_key = key_file.read()
+
+ app_id = extras.get("app_id")
+ installation_id = extras.get("installation_id")
+ if not isinstance(installation_id, int):
+ raise RuntimeError("The provided installation_id should be
integer.")
+ if not isinstance(app_id, str) and not isinstance(app_id, int):
Review Comment:
```suggestion
if not isinstance(app_id, (str, int)):
```
##########
providers/github/src/airflow/providers/github/hooks/github.py:
##########
@@ -55,17 +54,34 @@ def get_conn(self) -> GithubClient:
conn = self.get_connection(self.github_conn_id)
access_token = conn.password
host = conn.host
-
- # Currently the only method of authenticating to GitHub in Airflow is
via a token. This is not the
- # only means available, but raising an exception to enforce this
method for now.
- # TODO: When/If other auth methods are implemented this exception
should be removed/modified.
- if not access_token:
- raise AirflowException("An access token is required to
authenticate to GitHub.")
+ extras = conn.extra_dejson or {}
+
+ if access_token:
+ auth: Auth.Auth = Auth.Token(access_token)
+ elif extras:
+ key_path = extras.get("key_path")
+ if key_path:
+ if not key_path.endswith(".pem"):
+ raise RuntimeError("Unrecognised key file")
+ with open(key_path) as key_file:
+ private_key = key_file.read()
Review Comment:
```suggestion
if (key_path := extras.get("key_path")):
if not key_path.endswith(".pem"):
raise RuntimeError("Unrecognised key file")
with open(key_path) as key_file:
private_key = key_file.read()
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
