OpenMetadata/openmetadata-airflow-apis/openmetadata_managed_apis/workflows/ingestion/credentials_builder.py

from typing import Optional

from airflow.configuration import conf
from pydantic import SecretStr

from metadata.generated.schema.security.credentials.awsCredentials import AWSCredentials
from metadata.generated.schema.security.secrets.secretsManagerProvider import (
    SecretsManagerProvider,
)
from metadata.utils.secrets.secrets_manager import SECRET_MANAGER_AIRFLOW_CONF


def build_aws_credentials() -> Optional[AWSCredentials]:
    if conf.has_section(SECRET_MANAGER_AIRFLOW_CONF):
        credentials = AWSCredentials(
            awsRegion=conf.get(SECRET_MANAGER_AIRFLOW_CONF, "aws_region", fallback="")
        )
        credentials.awsAccessKeyId = SecretStr(
            conf.get(SECRET_MANAGER_AIRFLOW_CONF, "aws_access_key_id", fallback="")
        )
        credentials.awsSecretAccessKey = SecretStr(
            conf.get(SECRET_MANAGER_AIRFLOW_CONF, "aws_secret_access_key", fallback="")
        )
        return credentials
    return None


def build_secrets_manager_credentials(
    secrets_manager: SecretsManagerProvider,
) -> Optional[AWSCredentials]:
    if secrets_manager in [
        SecretsManagerProvider.aws,
        SecretsManagerProvider.managed_aws,
    ]:
        return build_aws_credentials()
    if secrets_manager in [
        SecretsManagerProvider.aws_ssm,
        SecretsManagerProvider.managed_aws_ssm,
    ]:
        return build_aws_credentials()
    else:
        return None
Fix#8577: Refactor part of the secrets manager implementation (#8617) * Removed part of the secrets manager implementation in the server side * Removed part of the secrets manager implementation in the openmetadata python library side * Remove deprecated test * Address pylint checks * Address new pylint checks * Address PR comments * Fix import on airflows apis * Clear singleton instances for running Ometa secrets manager test 2022-11-11 09:59:15 +01:00			`from typing import Optional`

Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) 2022-07-19 14:51:44 +02:00			`from airflow.configuration import conf`
			`from pydantic import SecretStr`

Review sensitive data not marked as password in the JSON schemas (#8818) 2022-11-18 11:35:08 +01:00			`from metadata.generated.schema.security.credentials.awsCredentials import AWSCredentials`
			`from metadata.generated.schema.security.secrets.secretsManagerProvider import (`
Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) 2022-07-19 14:51:44 +02:00			`SecretsManagerProvider,`
			`)`
AWS SSM secrets manager implementation on ingestion (#6805) * Implementation of AWS SSM as secrets manager * Remove dead code * Minor fixes * Allow using default credentials in AWS client * Fixed py style * Fixed tests imports * Minor changes * Add patch to failing test * Fix how we were storing dbtConfigSource * Address PR comments 2022-08-19 16:15:40 +02:00			`from metadata.utils.secrets.secrets_manager import SECRET_MANAGER_AIRFLOW_CONF`
Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) 2022-07-19 14:51:44 +02:00

Fix#8577: Refactor part of the secrets manager implementation (#8617) * Removed part of the secrets manager implementation in the server side * Removed part of the secrets manager implementation in the openmetadata python library side * Remove deprecated test * Address pylint checks * Address new pylint checks * Address PR comments * Fix import on airflows apis * Clear singleton instances for running Ometa secrets manager test 2022-11-11 09:59:15 +01:00			`def build_aws_credentials() -> Optional[AWSCredentials]:`
Fix#6517: Add clusterName property to the application config yaml (#6610) * Add cluster name in the app configuration and start using it to create secrets id * Update secret manager client in openmetadata for using default auth provider * Add missing property in test config file 2022-08-09 09:00:43 +02:00			`if conf.has_section(SECRET_MANAGER_AIRFLOW_CONF):`
			`credentials = AWSCredentials(`
			`awsRegion=conf.get(SECRET_MANAGER_AIRFLOW_CONF, "aws_region", fallback="")`
			`)`
Fix#8577: Refactor part of the secrets manager implementation (#8617) * Removed part of the secrets manager implementation in the server side * Removed part of the secrets manager implementation in the openmetadata python library side * Remove deprecated test * Address pylint checks * Address new pylint checks * Address PR comments * Fix import on airflows apis * Clear singleton instances for running Ometa secrets manager test 2022-11-11 09:59:15 +01:00			`credentials.awsAccessKeyId = SecretStr(`
			`conf.get(SECRET_MANAGER_AIRFLOW_CONF, "aws_access_key_id", fallback="")`
Fix#6517: Add clusterName property to the application config yaml (#6610) * Add cluster name in the app configuration and start using it to create secrets id * Update secret manager client in openmetadata for using default auth provider * Add missing property in test config file 2022-08-09 09:00:43 +02:00			`)`
			`credentials.awsSecretAccessKey = SecretStr(`
			`conf.get(SECRET_MANAGER_AIRFLOW_CONF, "aws_secret_access_key", fallback="")`
			`)`
			`return credentials`
			`return None`
Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) 2022-07-19 14:51:44 +02:00

Fix#8577: Refactor part of the secrets manager implementation (#8617) * Removed part of the secrets manager implementation in the server side * Removed part of the secrets manager implementation in the openmetadata python library side * Remove deprecated test * Address pylint checks * Address new pylint checks * Address PR comments * Fix import on airflows apis * Clear singleton instances for running Ometa secrets manager test 2022-11-11 09:59:15 +01:00			`def build_secrets_manager_credentials(`
			`secrets_manager: SecretsManagerProvider,`
			`) -> Optional[AWSCredentials]:`
			`if secrets_manager in [`
			`SecretsManagerProvider.aws,`
			`SecretsManagerProvider.managed_aws,`
			`]:`
Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) 2022-07-19 14:51:44 +02:00			`return build_aws_credentials()`
Fix#8577: Refactor part of the secrets manager implementation (#8617) * Removed part of the secrets manager implementation in the server side * Removed part of the secrets manager implementation in the openmetadata python library side * Remove deprecated test * Address pylint checks * Address new pylint checks * Address PR comments * Fix import on airflows apis * Clear singleton instances for running Ometa secrets manager test 2022-11-11 09:59:15 +01:00			`if secrets_manager in [`
			`SecretsManagerProvider.aws_ssm,`
			`SecretsManagerProvider.managed_aws_ssm,`
			`]:`
AWS SSM secrets manager implementation on ingestion (#6805) * Implementation of AWS SSM as secrets manager * Remove dead code * Minor fixes * Allow using default credentials in AWS client * Fixed py style * Fixed tests imports * Minor changes * Add patch to failing test * Fix how we were storing dbtConfigSource * Address PR comments 2022-08-19 16:15:40 +02:00			`return build_aws_credentials()`
Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) 2022-07-19 14:51:44 +02:00			`else:`
			`return None`