Crowiant commented on code in PR #45931:
URL: https://github.com/apache/airflow/pull/45931#discussion_r3225195023
##########
airflow-core/src/airflow/configuration.py:
##########
@@ -741,35 +740,107 @@ def get_custom_secret_backend(worker_mode: bool = False)
-> BaseSecretsBackend |
return conf._get_custom_secret_backend(worker_mode=worker_mode)
+def get_importable_secret_backend(class_name: str | None) ->
BaseSecretsBackend | None:
+ """Get secret backend defined in the given class name."""
+ if class_name is not None:
+ secrets_backend_cls = import_string(class_name)
+ return secrets_backend_cls()
+ return None
+
+
+class Backends(Enum):
+ """Type of the secrets backend."""
+
+ ENVIRONMENT_VARIABLE = "environment_variable"
+ EXECUTION_API = "execution_api"
+ CUSTOM = "custom"
+ METASTORE = "metastore"
+
+
def initialize_secrets_backends(
- default_backends: list[str] = DEFAULT_SECRETS_SEARCH_PATH,
+ default_backends: list[str] | None = None,
) -> list[BaseSecretsBackend]:
"""
Initialize secrets backend.
* import secrets backend classes
* instantiate them and return them in a list
"""
- backend_list = []
worker_mode = False
- if default_backends != DEFAULT_SECRETS_SEARCH_PATH:
+ search_section = "secrets"
+ environment_variable_args: str | None = (
+ "airflow.secrets.environment_variables.EnvironmentVariablesBackend"
+ )
+ metastore_args: str | None = "airflow.secrets.metastore.MetastoreBackend"
+ execution_args: str | None = None
+
+ if default_backends is not None:
worker_mode = True
+ search_section = "workers"
+ environment_variable_args = (
+ environment_variable_args if environment_variable_args in
default_backends else None
+ )
+ metastore_args = metastore_args if metastore_args in default_backends
else None
+ execution_args = (
+
"airflow.sdk.execution_time.secrets.execution_api.ExecutionAPISecretsBackend"
+ if
"airflow.sdk.execution_time.secrets.execution_api.ExecutionAPISecretsBackend"
+ in default_backends
+ else None
+ )
+
+ backends_map: dict[str, dict[str, Any]] = {
+ "environment_variable": {
+ "callback": get_importable_secret_backend,
+ "args": (environment_variable_args,),
+ },
+ "metastore": {
+ "callback": get_importable_secret_backend,
+ "args": (metastore_args,),
+ },
+ "custom": {
+ "callback": get_custom_secret_backend,
+ "args": (worker_mode,),
+ },
+ "execution_api": {
+ "callback": get_importable_secret_backend,
+ "args": (execution_args,),
+ },
+ }
- custom_secret_backend = get_custom_secret_backend(worker_mode)
+ backends_order = conf.getlist(search_section, "backends_order",
delimiter=",")
- if custom_secret_backend is not None:
- from airflow.models import Connection
+ required_backends = (
+ [Backends.ENVIRONMENT_VARIABLE, Backends.EXECUTION_API]
+ if worker_mode
+ else [Backends.METASTORE, Backends.ENVIRONMENT_VARIABLE]
+ )
- custom_secret_backend._set_connection_class(Connection)
- backend_list.append(custom_secret_backend)
+ if missing_backends := [b.value for b in required_backends if b.value not
in backends_order]:
+ raise AirflowConfigException(
+ f"The configuration option [{search_section}]backends_order is
misconfigured. "
+ f"The following backend types are missing: {missing_backends}",
+ search_section,
Review Comment:
I don't think that it is needed as there were no such check previously
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
