OpenMetadata/openmetadata-airflow-apis/openmetadata_managed_apis/workflows/ingestion/credentials_builder.py

from airflow.configuration import conf
from pydantic import SecretStr

from metadata.generated.schema.entity.services.connections.metadata.secretsManagerProvider import (
    SecretsManagerProvider,
)
from metadata.generated.schema.security.credentials.awsCredentials import AWSCredentials
from metadata.utils.secrets.secrets_manager import SECRET_MANAGER_AIRFLOW_CONF


def build_aws_credentials():
    if conf.has_section(SECRET_MANAGER_AIRFLOW_CONF):
        credentials = AWSCredentials(
            awsRegion=conf.get(SECRET_MANAGER_AIRFLOW_CONF, "aws_region", fallback="")
        )
        credentials.awsAccessKeyId = conf.get(
            SECRET_MANAGER_AIRFLOW_CONF, "aws_access_key_id", fallback=""
        )
        credentials.awsSecretAccessKey = SecretStr(
            conf.get(SECRET_MANAGER_AIRFLOW_CONF, "aws_secret_access_key", fallback="")
        )
        return credentials
    return None


def build_secrets_manager_credentials(secrets_manager: SecretsManagerProvider):
    if secrets_manager == SecretsManagerProvider.aws:
        return build_aws_credentials()
    if secrets_manager == SecretsManagerProvider.aws_ssm:
        return build_aws_credentials()
    else:
        return None
Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) 2022-07-19 14:51:44 +02:00			`from airflow.configuration import conf`
			`from pydantic import SecretStr`

Fix#5917: Implementation of temp secret for testing connection (#6832) * Implementation of temp secret for testing connection * Fix tests 2022-08-22 08:43:23 +02:00			`from metadata.generated.schema.entity.services.connections.metadata.secretsManagerProvider import (`
Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) 2022-07-19 14:51:44 +02:00			`SecretsManagerProvider,`
			`)`
			`from metadata.generated.schema.security.credentials.awsCredentials import AWSCredentials`
AWS SSM secrets manager implementation on ingestion (#6805) * Implementation of AWS SSM as secrets manager * Remove dead code * Minor fixes * Allow using default credentials in AWS client * Fixed py style * Fixed tests imports * Minor changes * Add patch to failing test * Fix how we were storing dbtConfigSource * Address PR comments 2022-08-19 16:15:40 +02:00			`from metadata.utils.secrets.secrets_manager import SECRET_MANAGER_AIRFLOW_CONF`
Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) 2022-07-19 14:51:44 +02:00

			`def build_aws_credentials():`
Fix#6517: Add clusterName property to the application config yaml (#6610) * Add cluster name in the app configuration and start using it to create secrets id * Update secret manager client in openmetadata for using default auth provider * Add missing property in test config file 2022-08-09 09:00:43 +02:00			`if conf.has_section(SECRET_MANAGER_AIRFLOW_CONF):`
			`credentials = AWSCredentials(`
			`awsRegion=conf.get(SECRET_MANAGER_AIRFLOW_CONF, "aws_region", fallback="")`
			`)`
			`credentials.awsAccessKeyId = conf.get(`
			`SECRET_MANAGER_AIRFLOW_CONF, "aws_access_key_id", fallback=""`
			`)`
			`credentials.awsSecretAccessKey = SecretStr(`
			`conf.get(SECRET_MANAGER_AIRFLOW_CONF, "aws_secret_access_key", fallback="")`
			`)`
			`return credentials`
			`return None`
Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) 2022-07-19 14:51:44 +02:00

			`def build_secrets_manager_credentials(secrets_manager: SecretsManagerProvider):`
			`if secrets_manager == SecretsManagerProvider.aws:`
			`return build_aws_credentials()`
AWS SSM secrets manager implementation on ingestion (#6805) * Implementation of AWS SSM as secrets manager * Remove dead code * Minor fixes * Allow using default credentials in AWS client * Fixed py style * Fixed tests imports * Minor changes * Add patch to failing test * Fix how we were storing dbtConfigSource * Address PR comments 2022-08-19 16:15:40 +02:00			`if secrets_manager == SecretsManagerProvider.aws_ssm:`
			`return build_aws_credentials()`
Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) Fix#5924: Implement secret manager for Airflow REST Plugin (#6128) 2022-07-19 14:51:44 +02:00			`else:`
			`return None`