(airflow) branch main updated: Fix Akeyless JWT connection credential is not redacted (#67443)

Mon, 25 May 2026 01:20:21 -0700 

This is an automated email from the ASF dual-hosted git repository.

gopidesupavan pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 41ec00966de Fix Akeyless JWT connection credential is not redacted 
(#67443)
41ec00966de is described below

commit 41ec00966de769cec98cd8746def0067f294a6bd
Author: GPK <[email protected]>
AuthorDate: Mon May 25 09:18:48 2026 +0100

    Fix Akeyless JWT connection credential is not redacted (#67443)
---
 providers/akeyless/provider.yaml                          |  2 +-
 .../src/airflow/providers/akeyless/get_provider_info.py   |  2 +-
 .../src/airflow/providers/akeyless/hooks/akeyless.py      |  4 ++--
 .../akeyless/tests/unit/akeyless/hooks/test_akeyless.py   | 15 +++++++++++++++
 4 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/providers/akeyless/provider.yaml b/providers/akeyless/provider.yaml
index aabaf1e4120..1b982ea3eb3 100644
--- a/providers/akeyless/provider.yaml
+++ b/providers/akeyless/provider.yaml
@@ -75,7 +75,7 @@ connection-types:
           type:
             - string
             - 'null'
-      jwt:
+      jwt_token:
         label: JWT
         schema:
           type:
diff --git 
a/providers/akeyless/src/airflow/providers/akeyless/get_provider_info.py 
b/providers/akeyless/src/airflow/providers/akeyless/get_provider_info.py
index 35db60748b6..3e1af82f3e2 100644
--- a/providers/akeyless/src/airflow/providers/akeyless/get_provider_info.py
+++ b/providers/akeyless/src/airflow/providers/akeyless/get_provider_info.py
@@ -54,7 +54,7 @@ def get_provider_info():
                     "uid_token": {"label": "UID Token", "schema": {"type": 
["string", "null"]}},
                     "gcp_audience": {"label": "GCP Audience", "schema": 
{"type": ["string", "null"]}},
                     "azure_object_id": {"label": "Azure Object ID", "schema": 
{"type": ["string", "null"]}},
-                    "jwt": {"label": "JWT", "schema": {"type": ["string", 
"null"]}},
+                    "jwt_token": {"label": "JWT", "schema": {"type": 
["string", "null"]}},
                     "k8s_auth_config_name": {
                         "label": "K8s Auth Config Name",
                         "schema": {"type": ["string", "null"]},
diff --git 
a/providers/akeyless/src/airflow/providers/akeyless/hooks/akeyless.py 
b/providers/akeyless/src/airflow/providers/akeyless/hooks/akeyless.py
index 40193296616..c115afd1ac5 100644
--- a/providers/akeyless/src/airflow/providers/akeyless/hooks/akeyless.py
+++ b/providers/akeyless/src/airflow/providers/akeyless/hooks/akeyless.py
@@ -97,7 +97,7 @@ class AkeylessHook(BaseHook):
             body.cloud_id = self._get_cloud_id(access_type)
         elif access_type == "jwt":
             body.access_type = "jwt"
-            body.jwt = self._extra.get("jwt")
+            body.jwt = self._extra.get("jwt_token")
         elif access_type == "k8s":
             body.access_type = "k8s"
             body.k8s_auth_config_name = self._extra.get("k8s_auth_config_name")
@@ -211,7 +211,7 @@ class AkeylessHook(BaseHook):
             "uid_token": StringField(lazy_gettext("UID Token"), 
widget=BS3TextFieldWidget()),
             "gcp_audience": StringField(lazy_gettext("GCP Audience"), 
widget=BS3TextFieldWidget()),
             "azure_object_id": StringField(lazy_gettext("Azure Object ID"), 
widget=BS3TextFieldWidget()),
-            "jwt": StringField(lazy_gettext("JWT"), 
widget=BS3TextFieldWidget()),
+            "jwt_token": StringField(lazy_gettext("JWT"), 
widget=BS3TextFieldWidget()),
             "k8s_auth_config_name": StringField(
                 lazy_gettext("K8s Auth Config Name"), 
widget=BS3TextFieldWidget()
             ),
diff --git a/providers/akeyless/tests/unit/akeyless/hooks/test_akeyless.py 
b/providers/akeyless/tests/unit/akeyless/hooks/test_akeyless.py
index 215fcb8e436..6993da657c5 100644
--- a/providers/akeyless/tests/unit/akeyless/hooks/test_akeyless.py
+++ b/providers/akeyless/tests/unit/akeyless/hooks/test_akeyless.py
@@ -191,6 +191,21 @@ class TestAkeylessHook:
         with pytest.raises(ValueError, match="Unsupported access_type"):
             hook.authenticate()
 
+    @patch(
+        f"{HOOK_MODULE}.AkeylessHook.get_connection",
+        return_value=_make_connection(extra='{"access_type": "jwt", 
"jwt_token": "jwt-token-value"}'),
+    )
+    @patch(f"{HOOK_MODULE}.akeyless")
+    def test_jwt_auth_uses_jwt_token_extra(self, mock_sdk, mock_conn):
+        api = mock_sdk.V2Api.return_value
+        api.auth.return_value = MagicMock(token="t")
+        from airflow.providers.akeyless.hooks.akeyless import AkeylessHook
+
+        hook = AkeylessHook()
+        hook.authenticate()
+        auth_body = api.auth.call_args.args[0]
+        assert auth_body.jwt == "jwt-token-value"
+
     @patch(f"{HOOK_MODULE}.AkeylessHook.get_connection", 
return_value=_make_connection())
     @patch(f"{HOOK_MODULE}.akeyless")
     def test_get_rotated_secret_passes_list(self, mock_sdk, mock_conn):

Reply via email to