예제 #1
0
파일: vault.py 프로젝트: whendry/airflow 
    def client(self) -> hvac.Client:
        """
        Return an authenticated Hashicorp Vault client
        """

        _client = hvac.Client(url=self.url, **self.kwargs)
        if self.auth_type == "token":
            if not self.token:
                raise VaultError("token cannot be None for auth_type='token'")
            _client.token = self.token
        elif self.auth_type == "ldap":
            _client.auth.ldap.login(
                username=self.username, password=self.password)
        elif self.auth_type == "userpass":
            _client.auth_userpass(username=self.username, password=self.password)
        elif self.auth_type == "approle":
            _client.auth_approle(role_id=self.role_id, secret_id=self.secret_id)
        elif self.auth_type == "github":
            _client.auth.github.login(token=self.token)
        elif self.auth_type == "gcp":
            from airflow.providers.google.cloud.utils.credentials_provider import (
                get_credentials_and_project_id,
                _get_scopes
            )
            scopes = _get_scopes(self.gcp_scopes)
            credentials, _ = get_credentials_and_project_id(key_path=self.gcp_key_path, scopes=scopes)
            _client.auth.gcp.configure(credentials=credentials)
        else:
            raise AirflowException(f"Authentication type '{self.auth_type}' not supported")

        if _client.is_authenticated():
            return _client
        else:
            raise VaultError("Vault Authentication Error!")
예제 #2
0
 def _auth_gcp(self, _client: hvac.Client) -> None:
     # noinspection PyProtectedMember
     from airflow.providers.google.cloud.utils.credentials_provider import (
         get_credentials_and_project_id, _get_scopes)
     scopes = _get_scopes(self.gcp_scopes)
     credentials, _ = get_credentials_and_project_id(
         key_path=self.gcp_key_path, scopes=scopes)
     _client.auth.gcp.configure(credentials=credentials)
예제 #3
0
    def scopes(self) -> Sequence[str]:
        """
        Return OAuth 2.0 scopes.

        :return: Returns the scope defined in the connection configuration, or the default scope
        :rtype: Sequence[str]
        """
        scope_value = self._get_field('scope', None)  # type: Optional[str]

        return _get_scopes(scope_value)
예제 #4
0
 def client(self) -> SecretManagerServiceClient:
     """
     Create an authenticated KMS client
     """
     scopes = _get_scopes(self.gcp_scopes)
     self.credentials, self.project_id = get_credentials_and_project_id(
         key_path=self.gcp_key_path, scopes=scopes)
     _client = SecretManagerServiceClient(
         credentials=self.credentials,
         client_info=ClientInfo(client_library_version='airflow_v' +
                                version.version))
     return _client
예제 #5
0
 def _auth_gcp(self, _client: hvac.Client) -> None:
     from airflow.providers.google.cloud.utils.credentials_provider import (  # noqa
         _get_scopes, get_credentials_and_project_id,
     )
     scopes = _get_scopes(self.gcp_scopes)
     credentials, _ = get_credentials_and_project_id(key_path=self.gcp_key_path,
                                                     keyfile_dict=self.gcp_keyfile_dict,
                                                     scopes=scopes)
     if self.auth_mount_point:
         _client.auth.gcp.configure(credentials=credentials, mount_point=self.auth_mount_point)
     else:
         _client.auth.gcp.configure(credentials=credentials)
예제 #6
0
 def test_get_scopes_with_input(self, _, scopes_str, scopes):
     self.assertEqual(_get_scopes(scopes_str), scopes)
예제 #7
0
 def test_get_scopes_with_default(self):
     self.assertEqual(_get_scopes(), _DEFAULT_SCOPES)
예제 #8
0
 def test_get_scopes_with_input(self, _, scopes_str, scopes):
     assert _get_scopes(scopes_str) == scopes
예제 #9
0
 def test_get_scopes_with_default(self):
     assert _get_scopes() == _DEFAULT_SCOPES