def client(self) -> hvac.Client: """ Return an authenticated Hashicorp Vault client """ _client = hvac.Client(url=self.url, **self.kwargs) if self.auth_type == "token": if not self.token: raise VaultError("token cannot be None for auth_type='token'") _client.token = self.token elif self.auth_type == "ldap": _client.auth.ldap.login( username=self.username, password=self.password) elif self.auth_type == "userpass": _client.auth_userpass(username=self.username, password=self.password) elif self.auth_type == "approle": _client.auth_approle(role_id=self.role_id, secret_id=self.secret_id) elif self.auth_type == "github": _client.auth.github.login(token=self.token) elif self.auth_type == "gcp": from airflow.providers.google.cloud.utils.credentials_provider import ( get_credentials_and_project_id, _get_scopes ) scopes = _get_scopes(self.gcp_scopes) credentials, _ = get_credentials_and_project_id(key_path=self.gcp_key_path, scopes=scopes) _client.auth.gcp.configure(credentials=credentials) else: raise AirflowException(f"Authentication type '{self.auth_type}' not supported") if _client.is_authenticated(): return _client else: raise VaultError("Vault Authentication Error!")
def _auth_gcp(self, _client: hvac.Client) -> None: # noinspection PyProtectedMember from airflow.providers.google.cloud.utils.credentials_provider import ( get_credentials_and_project_id, _get_scopes) scopes = _get_scopes(self.gcp_scopes) credentials, _ = get_credentials_and_project_id( key_path=self.gcp_key_path, scopes=scopes) _client.auth.gcp.configure(credentials=credentials)
def scopes(self) -> Sequence[str]: """ Return OAuth 2.0 scopes. :return: Returns the scope defined in the connection configuration, or the default scope :rtype: Sequence[str] """ scope_value = self._get_field('scope', None) # type: Optional[str] return _get_scopes(scope_value)
def client(self) -> SecretManagerServiceClient: """ Create an authenticated KMS client """ scopes = _get_scopes(self.gcp_scopes) self.credentials, self.project_id = get_credentials_and_project_id( key_path=self.gcp_key_path, scopes=scopes) _client = SecretManagerServiceClient( credentials=self.credentials, client_info=ClientInfo(client_library_version='airflow_v' + version.version)) return _client
def _auth_gcp(self, _client: hvac.Client) -> None: from airflow.providers.google.cloud.utils.credentials_provider import ( # noqa _get_scopes, get_credentials_and_project_id, ) scopes = _get_scopes(self.gcp_scopes) credentials, _ = get_credentials_and_project_id(key_path=self.gcp_key_path, keyfile_dict=self.gcp_keyfile_dict, scopes=scopes) if self.auth_mount_point: _client.auth.gcp.configure(credentials=credentials, mount_point=self.auth_mount_point) else: _client.auth.gcp.configure(credentials=credentials)
def test_get_scopes_with_input(self, _, scopes_str, scopes): self.assertEqual(_get_scopes(scopes_str), scopes)
def test_get_scopes_with_default(self): self.assertEqual(_get_scopes(), _DEFAULT_SCOPES)
def test_get_scopes_with_input(self, _, scopes_str, scopes): assert _get_scopes(scopes_str) == scopes
def test_get_scopes_with_default(self): assert _get_scopes() == _DEFAULT_SCOPES