This is an automated email from the ASF dual-hosted git repository. potiuk pushed a commit to branch v1-10-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 68818687efd640eda82ca66a30fc1c62b0a0816d Author: Nathan Toups <[email protected]> AuthorDate: Sun Jun 14 10:35:59 2020 -0600 Decrypt secrets from SystemsManagerParameterStoreBackend (#9214) (cherry picked from commit ffb85740373f7adb70d28ec7d5a8886380170e5e) --- airflow/contrib/secrets/aws_systems_manager.py | 2 +- tests/contrib/secrets/test_aws_systems_manager.py | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/airflow/contrib/secrets/aws_systems_manager.py b/airflow/contrib/secrets/aws_systems_manager.py index 971ad18..862fa96 100644 --- a/airflow/contrib/secrets/aws_systems_manager.py +++ b/airflow/contrib/secrets/aws_systems_manager.py @@ -100,7 +100,7 @@ class SystemsManagerParameterStoreBackend(BaseSecretsBackend, LoggingMixin): ssm_path = self.build_path(path_prefix, secret_id) try: response = self.client.get_parameter( - Name=ssm_path, WithDecryption=False + Name=ssm_path, WithDecryption=True ) value = response["Parameter"]["Value"] return value diff --git a/tests/contrib/secrets/test_aws_systems_manager.py b/tests/contrib/secrets/test_aws_systems_manager.py index 975e298..9801f19 100644 --- a/tests/contrib/secrets/test_aws_systems_manager.py +++ b/tests/contrib/secrets/test_aws_systems_manager.py @@ -81,6 +81,18 @@ class TestSystemsManagerParameterStoreBackend(unittest.TestCase): self.assertEqual('world', returned_uri) @mock_ssm + def test_get_variable_secret_string(self): + param = { + 'Name': '/airflow/variables/hello', + 'Type': 'SecureString', + 'Value': 'world' + } + ssm_backend = SystemsManagerParameterStoreBackend() + ssm_backend.client.put_parameter(**param) + returned_uri = ssm_backend.get_variable('hello') + self.assertEqual('world', returned_uri) + + @mock_ssm def test_get_variable_non_existent_key(self): """ Test that if Variable key is not present in SSM,
