This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new a6eae2a0cf7 Fix string handling for use_tls in VaultHook (#62641)
a6eae2a0cf7 is described below
commit a6eae2a0cf77875f12250e49766eb7dcc8066b32
Author: SameerMesiah97 <[email protected]>
AuthorDate: Tue Mar 10 19:24:01 2026 +0000
Fix string handling for use_tls in VaultHook (#62641)
Ensure use_tls extras provided as strings (e.g. "false") are correctly
interpreted instead of being treated as truthy, preventing incorrect HTTPS
selection and SSL errors. Existing tests were updated to cover string inputs in
addition to boolean values.
Co-authored-by: Sameer Mesiah <[email protected]>
---
.../hashicorp/src/airflow/providers/hashicorp/hooks/vault.py | 12 ++++++++----
providers/hashicorp/tests/unit/hashicorp/hooks/test_vault.py | 2 ++
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/providers/hashicorp/src/airflow/providers/hashicorp/hooks/vault.py
b/providers/hashicorp/src/airflow/providers/hashicorp/hooks/vault.py
index 05d14b9b4db..6de3138a0c8 100644
--- a/providers/hashicorp/src/airflow/providers/hashicorp/hooks/vault.py
+++ b/providers/hashicorp/src/airflow/providers/hashicorp/hooks/vault.py
@@ -30,6 +30,7 @@ from
airflow.providers.hashicorp._internal_client.vault_client import (
_VaultClient,
)
from airflow.utils.helpers import merge_dicts
+from airflow.utils.strings import to_boolean
if TYPE_CHECKING:
import hvac
@@ -187,11 +188,14 @@ class VaultHook(BaseHook):
else (None, None)
)
- if self.connection.extra_dejson.get("use_tls") is not None:
- if bool(self.connection.extra_dejson.get("use_tls")):
- conn_protocol = "https"
+ use_tls = self.connection.extra_dejson.get("use_tls")
+
+ if use_tls is not None:
+ if isinstance(use_tls, bool):
+ is_tls = use_tls
else:
- conn_protocol = "http"
+ is_tls = to_boolean(use_tls)
+ conn_protocol = "https" if is_tls else "http"
else:
if self.connection.conn_type == "vault":
conn_protocol = "http"
diff --git a/providers/hashicorp/tests/unit/hashicorp/hooks/test_vault.py
b/providers/hashicorp/tests/unit/hashicorp/hooks/test_vault.py
index 50b9f9e022c..141f6b83826 100644
--- a/providers/hashicorp/tests/unit/hashicorp/hooks/test_vault.py
+++ b/providers/hashicorp/tests/unit/hashicorp/hooks/test_vault.py
@@ -199,6 +199,8 @@ class TestVaultHook:
[
(True, "https://localhost:8180";),
(False, "http://localhost:8180";),
+ ("true", "https://localhost:8180";),
+ ("false", "http://localhost:8180";),
],
)
@mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection")
