teslur opened a new issue, #35171: URL: https://github.com/apache/airflow/issues/35171
### Apache Airflow version Other Airflow 2 version (please specify below) ### What happened When I run the workflow in [this code example](https://github.com/apache/airflow/blob/main/tests/system/providers/google/cloud/compute/example_compute_ssh.py), the metadata that was set when inserting the instance will be deleted when SSHOperator is executed. Since OS login is not used to connect to the instance and the project's authentication key is blocked, ComputeEngineSSHHook registers the SSH public key in the instance metadata before connecting, but at that time, the existing instance metadata has been deleted. ### What you think should happen instead Rather than registering only the SSH public key in metadata instead of existing metadata, it should register the SSH public key in addition to the existing metadata. ### How to reproduce Based on [this code example](https://github.com/apache/airflow/blob/main/tests/system/providers/google/cloud/compute/example_compute_ssh.py), make the following changes: 1. Add valid metadata to GCE_INSTANCE_BODY. Example: `"metadata": {"items": [{"key": "block-project-ssh-keys", "value": "TRUE"}]}` 2. Delete the `gce_instance_delete` task (to check the result) After making this change, when the `gce_instance_insert` task is completed, you can check the instance in the Google Cloud managed console and see that the metadata has been set. Next, when you run the `metadata_without_iap_tunnel1` task, the registered metadata will be deleted from the instance, and only the SSH public key will be registered instead. ### Operating System Ubuntu ### Versions of Apache Airflow Providers ```sh $ pip freeze | grep apache-airflow-providers apache-airflow-providers-amazon==8.6.0 apache-airflow-providers-celery==3.3.3 apache-airflow-providers-cncf-kubernetes==7.5.0 apache-airflow-providers-common-sql==1.7.1 apache-airflow-providers-daskexecutor==1.0.1 apache-airflow-providers-docker==3.7.4 apache-airflow-providers-elasticsearch==5.0.1 apache-airflow-providers-ftp==3.5.1 apache-airflow-providers-google==10.7.0 apache-airflow-providers-grpc==3.2.2 apache-airflow-providers-hashicorp==3.4.2 apache-airflow-providers-http==4.5.1 apache-airflow-providers-imap==3.3.1 apache-airflow-providers-microsoft-azure==6.3.0 apache-airflow-providers-mysql==5.3.0 apache-airflow-providers-odbc==4.0.0 apache-airflow-providers-openlineage==1.0.2 apache-airflow-providers-postgres==5.6.0 apache-airflow-providers-redis==3.3.1 apache-airflow-providers-sendgrid==3.2.2 apache-airflow-providers-sftp==4.6.0 apache-airflow-providers-slack==8.0.0 apache-airflow-providers-snowflake==5.0.0 apache-airflow-providers-sqlite==3.4.3 apache-airflow-providers-ssh==3.7.2 ``` ### Deployment Docker-Compose ### Deployment details The version of the airflow is: ```sh $ airflow version 2.7.1 ``` The Dockerfile of the image that used in compose is: ```Dockerfile FROM apache/airflow:2.7.1-python3.8 ENV CONSTRAINT_URL "https://raw.githubusercontent.com/apache/airflow/constraints-2.7.1/constraints-3.8.txt"; COPY --chown=50000:0 requirements.txt "${AIRFLOW_HOME}/requirements.txt" USER root RUN echo "deb https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \ curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - RUN apt-get update \ && apt-get install -y --no-install-recommends \ build-essential \ libpq-dev \ google-cloud-cli \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* USER airflow RUN pip install --upgrade pip \ && pip install \ --no-cache-dir \ --user \ --requirement requirements.txt \ --constraint "${CONSTRAINT_URL}" ``` ### Anything else I think this is caused by the code below. https://github.com/apache/airflow/blob/543db7004ee593605e250265b0722917cef296d3/airflow/providers/google/cloud/hooks/compute_ssh.py#L309-L318 If there is no item with the key `"ssh-keys"` in the instance's metadata (in the `else` block of the code), the contents of the metadata `"items"` will only be set to `new_dict`. This issue was resolved by the following changes (this is my forked repository): https://github.com/apache/airflow/compare/543db7004ee593605e250265b0722917cef296d3...f8cc858353fc88dcc1912633943925c7be70215a I opened an issue rather than a pull request because I am concerned that this behavior may be intentional. If it's not intentional, I'll open a PR. ### Are you willing to submit PR? - [X] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
