-
Notifications
You must be signed in to change notification settings - Fork 14.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
inherit key "verify" from env into session so that kv_client can read it properly #38614
Conversation
Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide (https://github.com/apache/airflow/blob/main/contributing-docs/README.rst)
|
Co-authored-by: Gopal Dirisala <39794726+dirrao@users.noreply.github.com>
Co-authored-by: Gopal Dirisala <39794726+dirrao@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The verify argument is present in Airflow documentation , but looks like it was accidentally removed by a change, so we need to add a test to avoid removing your fix in the future; could you add the test?
https://github.com/apache/airflow/blob/3568b09e8c7501bd84d08d594038dea9b8e20a23/tests/providers/hashicorp/_internal_client/test_vault_client.py
I'd like to help but don't understand how to run this test, seems it needs to be used against local vault server localhost:8081? but I don't know how it can be used on git-ci... In addition, I traced back up to 2.1.0 but couldn't find any code related to verify , I'd assume this session change was new in recent kv_client update and verify logic in provider was never in place, someone coded it and expected **kwargs could automatically cover verify key value, which it's not happening.
see kv client doc and code: |
They are unit tests and not integration tests, so we use Python mock package to patch the methods/classes.
This is possible, but we need to add tests to avoid breaking the fix in the future. |
@hussein-awala not sure if I'm doing it correctly, just added ssl case for v1 test. Also noticed a corner case problem with condition check, so I also change code to be:
|
@hussein-awala can someone review and suggest if tests good? |
Static tests are failing. Can you look into it? |
fixed |
@hussein-awala @eladkal can someone help merge it? I'd like to see it works in the new release |
Awesome work, congrats on your first merged pull request! You are invited to check our Issue Tracker for additional contributions. |
Congrats on your first commit 🎉 |
@hussein-awala Hello, any updates on when this will get released? Since it was merged on 15th may but was not included in the |
It's provider change - look at provider's changelogs and releases. What do you make of it @melicheradam ? |
@potiuk thanks, I was not aware that providers have their separate changelogs and releases :) |
Currently Hashicorp Vault as secret backend against private vault doesn't work and facing ssl CA trust issue.
Example config:
current code ignores
verify
value and causing CA trust failure.I did some debug and found that the dep kv client tends to inherit session keys, so I just added
verify
value into session.