From 17b160fa1356a876ea3d7a57aff31772e831e309 Mon Sep 17 00:00:00 2001 From: Emre Can Date: Wed, 17 May 2023 10:37:37 +0000 Subject: [PATCH 01/11] Fix the deprecated parameter in hvac client --- airflow/providers/hashicorp/_internal_client/vault_client.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/airflow/providers/hashicorp/_internal_client/vault_client.py b/airflow/providers/hashicorp/_internal_client/vault_client.py index ea8aaf0071230..0b9e278a8841e 100644 --- a/airflow/providers/hashicorp/_internal_client/vault_client.py +++ b/airflow/providers/hashicorp/_internal_client/vault_client.py @@ -355,7 +355,7 @@ def get_secret(self, secret_path: str, secret_version: int | None = None) -> dic response = self.client.secrets.kv.v1.read_secret(path=secret_path, mount_point=mount_point) else: response = self.client.secrets.kv.v2.read_secret_version( - path=secret_path, mount_point=mount_point, version=secret_version + path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True ) except InvalidPath: self.log.debug("Secret not found %s with mount point %s", secret_path, mount_point) @@ -404,7 +404,7 @@ def get_secret_including_metadata( try: mount_point, secret_path = self._parse_secret_path(secret_path) return self.client.secrets.kv.v2.read_secret_version( - path=secret_path, mount_point=mount_point, version=secret_version + path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True ) except InvalidPath: self.log.debug( From ef9893596597f9fb6be3db39e97fed77bd70389f Mon Sep 17 00:00:00 2001 From: Emre Can Date: Wed, 17 May 2023 12:54:52 +0000 Subject: [PATCH 02/11] Implement deprecation fix based on library version --- .../_internal_client/vault_client.py | 25 ++++++++++++++----- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/airflow/providers/hashicorp/_internal_client/vault_client.py b/airflow/providers/hashicorp/_internal_client/vault_client.py index 0b9e278a8841e..d4b056df506ea 100644 --- a/airflow/providers/hashicorp/_internal_client/vault_client.py +++ b/airflow/providers/hashicorp/_internal_client/vault_client.py @@ -15,6 +15,8 @@ # specific language governing permissions and limitations # under the License. from __future__ import annotations +import pkg_resources + import hvac from hvac.api.auth_methods import Kubernetes @@ -27,6 +29,7 @@ DEFAULT_KUBERNETES_JWT_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token" DEFAULT_KV_ENGINE_VERSION = 2 +HVAC_VERSION = pkg_resources.get_distribution(hvac.__name__).version VALID_KV_VERSIONS: list[int] = [1, 2] VALID_AUTH_TYPES: list[str] = [ @@ -354,9 +357,14 @@ def get_secret(self, secret_path: str, secret_version: int | None = None) -> dic raise VaultError("Secret version can only be used with version 2 of the KV engine") response = self.client.secrets.kv.v1.read_secret(path=secret_path, mount_point=mount_point) else: - response = self.client.secrets.kv.v2.read_secret_version( - path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True - ) + if HVAC_VERSION >= "1.1.0": + response = self.client.secrets.kv.v2.read_secret_version( + path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True + ) + else: + response = self.client.secrets.kv.v2.read_secret_version( + path=secret_path, mount_point=mount_point, version=secret_version + ) except InvalidPath: self.log.debug("Secret not found %s with mount point %s", secret_path, mount_point) return None @@ -403,9 +411,14 @@ def get_secret_including_metadata( mount_point = None try: mount_point, secret_path = self._parse_secret_path(secret_path) - return self.client.secrets.kv.v2.read_secret_version( - path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True - ) + if HVAC_VERSION >= "1.1.0": + return self.client.secrets.kv.v2.read_secret_version( + path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True + ) + else: + return self.client.secrets.kv.v2.read_secret_version( + path=secret_path, mount_point=mount_point, version=secret_version + ) except InvalidPath: self.log.debug( "Secret not found %s with mount point %s and version %s", From 4439f9c131d6ac4fb6c3756dbf73551ced165e9b Mon Sep 17 00:00:00 2001 From: Emre Can Date: Wed, 17 May 2023 13:09:42 +0000 Subject: [PATCH 03/11] Use importlib_metadata for Python 3.7 --- .../hashicorp/_internal_client/vault_client.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/airflow/providers/hashicorp/_internal_client/vault_client.py b/airflow/providers/hashicorp/_internal_client/vault_client.py index d4b056df506ea..bf416018217ed 100644 --- a/airflow/providers/hashicorp/_internal_client/vault_client.py +++ b/airflow/providers/hashicorp/_internal_client/vault_client.py @@ -15,7 +15,11 @@ # specific language governing permissions and limitations # under the License. from __future__ import annotations -import pkg_resources +import sys +if sys.version_info < (3, 8): + from importlib_metadata import version +else: + from importlib.metadata import version import hvac @@ -29,8 +33,6 @@ DEFAULT_KUBERNETES_JWT_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token" DEFAULT_KV_ENGINE_VERSION = 2 -HVAC_VERSION = pkg_resources.get_distribution(hvac.__name__).version - VALID_KV_VERSIONS: list[int] = [1, 2] VALID_AUTH_TYPES: list[str] = [ "approle", @@ -350,6 +352,7 @@ def get_secret(self, secret_path: str, secret_version: int | None = None) -> dic :return: secret stored in the vault as a dictionary """ mount_point = None + hvac_version = version("hvac") try: mount_point, secret_path = self._parse_secret_path(secret_path) if self.kv_engine_version == 1: @@ -357,7 +360,7 @@ def get_secret(self, secret_path: str, secret_version: int | None = None) -> dic raise VaultError("Secret version can only be used with version 2 of the KV engine") response = self.client.secrets.kv.v1.read_secret(path=secret_path, mount_point=mount_point) else: - if HVAC_VERSION >= "1.1.0": + if hvac_version >= "1.1.0": response = self.client.secrets.kv.v2.read_secret_version( path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True ) @@ -409,9 +412,10 @@ def get_secret_including_metadata( if self.kv_engine_version == 1: raise VaultError("Metadata might only be used with version 2 of the KV engine.") mount_point = None + hvac_version = version("hvac") try: mount_point, secret_path = self._parse_secret_path(secret_path) - if HVAC_VERSION >= "1.1.0": + if hvac_version >= "1.1.0": return self.client.secrets.kv.v2.read_secret_version( path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True ) From e1545af29708e89a2eabc6256bd6030072ec5e2c Mon Sep 17 00:00:00 2001 From: Emre Can Date: Sat, 15 Jul 2023 12:14:35 +0000 Subject: [PATCH 04/11] Add new function call to tests --- .../_internal_client/test_vault_client.py | 86 +++++++++++++++---- tests/providers/hashicorp/hooks/test_vault.py | 44 ++++++++-- .../providers/hashicorp/secrets/test_vault.py | 30 +++++-- 3 files changed, 126 insertions(+), 34 deletions(-) diff --git a/tests/providers/hashicorp/_internal_client/test_vault_client.py b/tests/providers/hashicorp/_internal_client/test_vault_client.py index bb9a53ceb5327..c37421257dc54 100644 --- a/tests/providers/hashicorp/_internal_client/test_vault_client.py +++ b/tests/providers/hashicorp/_internal_client/test_vault_client.py @@ -16,6 +16,12 @@ # under the License. from __future__ import annotations +import sys +if sys.version_info < (3, 8): + from importlib_metadata import version +else: + from importlib.metadata import version + from unittest import mock from unittest.mock import mock_open, patch @@ -630,7 +636,7 @@ def test_userpass_different_auth_mount_point(self, mock_hvac): assert 2 == vault_client.kv_engine_version @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") - def test_get_non_existing_key_v2(self, mock_hvac): + def test_get_non_existing_key_v2(self, mock_hvac): mock_client = mock.MagicMock() mock_hvac.Client.return_value = mock_client # Response does not contain the requested key @@ -640,9 +646,16 @@ def test_get_non_existing_key_v2(self, mock_hvac): ) secret = vault_client.get_secret(secret_path="missing") assert secret is None - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None + ) + @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_non_existing_key_v2_different_auth(self, mock_hvac): @@ -660,9 +673,16 @@ def test_get_non_existing_key_v2_different_auth(self, mock_hvac): secret = vault_client.get_secret(secret_path="missing") assert secret is None assert "secret" == vault_client.mount_point - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None + ) + @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_non_existing_key_v1(self, mock_hvac): @@ -715,9 +735,16 @@ def test_get_existing_key_v2(self, mock_hvac): ) secret = vault_client.get_secret(secret_path="path/to/secret") assert {"secret_key": "secret_value"} == secret - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="path/to/secret", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="path/to/secret", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="path/to/secret", version=None + ) + @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v2_without_preconfigured_mount_point(self, mock_hvac): @@ -753,9 +780,16 @@ def test_get_existing_key_v2_without_preconfigured_mount_point(self, mock_hvac): ) secret = vault_client.get_secret(secret_path="mount_point/path/to/secret") assert {"secret_key": "secret_value"} == secret - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="mount_point", path="path/to/secret", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="mount_point", path="path/to/secret", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="mount_point", path="path/to/secret", version=None + ) + @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v2_version(self, mock_hvac): @@ -790,9 +824,16 @@ def test_get_existing_key_v2_version(self, mock_hvac): ) secret = vault_client.get_secret(secret_path="missing", secret_version=1) assert {"secret_key": "secret_value"} == secret - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=1 - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=1, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=1 + ) + @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v1(self, mock_hvac): @@ -1014,9 +1055,16 @@ def test_get_secret_including_metadata_v2(self, mock_hvac): "warnings": None, "auth": None, } == metadata - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None + ) + @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_secret_including_metadata_v1(self, mock_hvac): diff --git a/tests/providers/hashicorp/hooks/test_vault.py b/tests/providers/hashicorp/hooks/test_vault.py index 4bd3e90e56146..23e4b8a7016dd 100644 --- a/tests/providers/hashicorp/hooks/test_vault.py +++ b/tests/providers/hashicorp/hooks/test_vault.py @@ -16,6 +16,12 @@ # under the License. from __future__ import annotations +import sys +if sys.version_info < (3, 8): + from importlib_metadata import version +else: + from importlib.metadata import version + from unittest import mock from unittest.mock import PropertyMock, mock_open, patch @@ -1001,9 +1007,16 @@ def test_get_existing_key_v2(self, mock_hvac, mock_get_connection): test_hook = VaultHook(**kwargs) secret = test_hook.get_secret(secret_path="missing") assert {"secret_key": "secret_value"} == secret - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None + ) + @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -1040,9 +1053,15 @@ def test_get_existing_key_v2_version(self, mock_hvac, mock_get_connection): test_hook = VaultHook(**kwargs) secret = test_hook.get_secret(secret_path="missing", secret_version=1) assert {"secret_key": "secret_value"} == secret - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=1 - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=1, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=1 + ) @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -1185,9 +1204,16 @@ def test_get_secret_including_metadata_v2(self, mock_hvac, mock_get_connection): "warnings": None, "auth": None, } == metadata - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None + ) + @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") diff --git a/tests/providers/hashicorp/secrets/test_vault.py b/tests/providers/hashicorp/secrets/test_vault.py index 4897a73c22334..546ce00b8f9dd 100644 --- a/tests/providers/hashicorp/secrets/test_vault.py +++ b/tests/providers/hashicorp/secrets/test_vault.py @@ -16,6 +16,12 @@ # under the License. from __future__ import annotations +import sys +if sys.version_info < (3, 8): + from importlib_metadata import version +else: + from importlib.metadata import version + from unittest import mock import pytest @@ -301,9 +307,15 @@ def test_get_conn_uri_non_existent_key(self, mock_hvac): test_client = VaultBackend(**kwargs) assert test_client.get_conn_uri(conn_id="test_mysql") is None - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="airflow", path="connections/test_mysql", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="airflow", path="connections/test_mysql", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="airflow", path="connections/test_mysql", version=None + ) assert test_client.get_connection(conn_id="test_mysql") is None @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -453,9 +465,15 @@ def test_get_variable_value_non_existent_key(self, mock_hvac): test_client = VaultBackend(**kwargs) assert test_client.get_variable("hello") is None - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="airflow", path="variables/hello", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="airflow", path="variables/hello", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="airflow", path="variables/hello", version=None + ) assert test_client.get_variable("hello") is None @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") From e850d091a11e4ff70f736521c53514ec1371f927 Mon Sep 17 00:00:00 2001 From: Emre Can Date: Wed, 17 May 2023 10:37:37 +0000 Subject: [PATCH 05/11] Fix the deprecated parameter in hvac client --- airflow/providers/hashicorp/_internal_client/vault_client.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/airflow/providers/hashicorp/_internal_client/vault_client.py b/airflow/providers/hashicorp/_internal_client/vault_client.py index aea8bfb01d76e..24ff9e7f89b23 100644 --- a/airflow/providers/hashicorp/_internal_client/vault_client.py +++ b/airflow/providers/hashicorp/_internal_client/vault_client.py @@ -373,7 +373,7 @@ def get_secret(self, secret_path: str, secret_version: int | None = None) -> dic response = self.client.secrets.kv.v1.read_secret(path=secret_path, mount_point=mount_point) else: response = self.client.secrets.kv.v2.read_secret_version( - path=secret_path, mount_point=mount_point, version=secret_version + path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True ) except InvalidPath: self.log.debug("Secret not found %s with mount point %s", secret_path, mount_point) @@ -422,7 +422,7 @@ def get_secret_including_metadata( try: mount_point, secret_path = self._parse_secret_path(secret_path) return self.client.secrets.kv.v2.read_secret_version( - path=secret_path, mount_point=mount_point, version=secret_version + path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True ) except InvalidPath: self.log.debug( From 3b6c12ea67a77a917bddf75a17bfcb17ceb808b5 Mon Sep 17 00:00:00 2001 From: Emre Can Date: Wed, 17 May 2023 12:54:52 +0000 Subject: [PATCH 06/11] Implement deprecation fix based on library version --- .../_internal_client/vault_client.py | 25 ++++++++++++++----- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/airflow/providers/hashicorp/_internal_client/vault_client.py b/airflow/providers/hashicorp/_internal_client/vault_client.py index 24ff9e7f89b23..5142653007c71 100644 --- a/airflow/providers/hashicorp/_internal_client/vault_client.py +++ b/airflow/providers/hashicorp/_internal_client/vault_client.py @@ -15,6 +15,8 @@ # specific language governing permissions and limitations # under the License. from __future__ import annotations +import pkg_resources + from functools import cached_property @@ -30,6 +32,7 @@ DEFAULT_KUBERNETES_JWT_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token" DEFAULT_KV_ENGINE_VERSION = 2 +HVAC_VERSION = pkg_resources.get_distribution(hvac.__name__).version VALID_KV_VERSIONS: list[int] = [1, 2] VALID_AUTH_TYPES: list[str] = [ @@ -372,9 +375,14 @@ def get_secret(self, secret_path: str, secret_version: int | None = None) -> dic raise VaultError("Secret version can only be used with version 2 of the KV engine") response = self.client.secrets.kv.v1.read_secret(path=secret_path, mount_point=mount_point) else: - response = self.client.secrets.kv.v2.read_secret_version( - path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True - ) + if HVAC_VERSION >= "1.1.0": + response = self.client.secrets.kv.v2.read_secret_version( + path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True + ) + else: + response = self.client.secrets.kv.v2.read_secret_version( + path=secret_path, mount_point=mount_point, version=secret_version + ) except InvalidPath: self.log.debug("Secret not found %s with mount point %s", secret_path, mount_point) return None @@ -421,9 +429,14 @@ def get_secret_including_metadata( mount_point = None try: mount_point, secret_path = self._parse_secret_path(secret_path) - return self.client.secrets.kv.v2.read_secret_version( - path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True - ) + if HVAC_VERSION >= "1.1.0": + return self.client.secrets.kv.v2.read_secret_version( + path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True + ) + else: + return self.client.secrets.kv.v2.read_secret_version( + path=secret_path, mount_point=mount_point, version=secret_version + ) except InvalidPath: self.log.debug( "Secret not found %s with mount point %s and version %s", From 49e8b8ee6caabcda41c11fa0f0e74c5d59ae25c2 Mon Sep 17 00:00:00 2001 From: Emre Can Date: Wed, 17 May 2023 13:09:42 +0000 Subject: [PATCH 07/11] Use importlib_metadata for Python 3.7 --- .../hashicorp/_internal_client/vault_client.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/airflow/providers/hashicorp/_internal_client/vault_client.py b/airflow/providers/hashicorp/_internal_client/vault_client.py index 5142653007c71..7c75a38630e4e 100644 --- a/airflow/providers/hashicorp/_internal_client/vault_client.py +++ b/airflow/providers/hashicorp/_internal_client/vault_client.py @@ -15,7 +15,11 @@ # specific language governing permissions and limitations # under the License. from __future__ import annotations -import pkg_resources +import sys +if sys.version_info < (3, 8): + from importlib_metadata import version +else: + from importlib.metadata import version from functools import cached_property @@ -32,8 +36,6 @@ DEFAULT_KUBERNETES_JWT_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token" DEFAULT_KV_ENGINE_VERSION = 2 -HVAC_VERSION = pkg_resources.get_distribution(hvac.__name__).version - VALID_KV_VERSIONS: list[int] = [1, 2] VALID_AUTH_TYPES: list[str] = [ "approle", @@ -368,6 +370,7 @@ def get_secret(self, secret_path: str, secret_version: int | None = None) -> dic :return: secret stored in the vault as a dictionary """ mount_point = None + hvac_version = version("hvac") try: mount_point, secret_path = self._parse_secret_path(secret_path) if self.kv_engine_version == 1: @@ -375,7 +378,7 @@ def get_secret(self, secret_path: str, secret_version: int | None = None) -> dic raise VaultError("Secret version can only be used with version 2 of the KV engine") response = self.client.secrets.kv.v1.read_secret(path=secret_path, mount_point=mount_point) else: - if HVAC_VERSION >= "1.1.0": + if hvac_version >= "1.1.0": response = self.client.secrets.kv.v2.read_secret_version( path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True ) @@ -427,9 +430,10 @@ def get_secret_including_metadata( if self.kv_engine_version == 1: raise VaultError("Metadata might only be used with version 2 of the KV engine.") mount_point = None + hvac_version = version("hvac") try: mount_point, secret_path = self._parse_secret_path(secret_path) - if HVAC_VERSION >= "1.1.0": + if hvac_version >= "1.1.0": return self.client.secrets.kv.v2.read_secret_version( path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True ) From 2d2d19f46df5bf9b87ed78a0a82ecc8abae5dc97 Mon Sep 17 00:00:00 2001 From: Emre Can Date: Sat, 15 Jul 2023 12:14:35 +0000 Subject: [PATCH 08/11] Add new function call to tests --- .../_internal_client/test_vault_client.py | 86 +++++++++++++++---- tests/providers/hashicorp/hooks/test_vault.py | 44 ++++++++-- .../providers/hashicorp/secrets/test_vault.py | 30 +++++-- 3 files changed, 126 insertions(+), 34 deletions(-) diff --git a/tests/providers/hashicorp/_internal_client/test_vault_client.py b/tests/providers/hashicorp/_internal_client/test_vault_client.py index bb9a53ceb5327..c37421257dc54 100644 --- a/tests/providers/hashicorp/_internal_client/test_vault_client.py +++ b/tests/providers/hashicorp/_internal_client/test_vault_client.py @@ -16,6 +16,12 @@ # under the License. from __future__ import annotations +import sys +if sys.version_info < (3, 8): + from importlib_metadata import version +else: + from importlib.metadata import version + from unittest import mock from unittest.mock import mock_open, patch @@ -630,7 +636,7 @@ def test_userpass_different_auth_mount_point(self, mock_hvac): assert 2 == vault_client.kv_engine_version @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") - def test_get_non_existing_key_v2(self, mock_hvac): + def test_get_non_existing_key_v2(self, mock_hvac): mock_client = mock.MagicMock() mock_hvac.Client.return_value = mock_client # Response does not contain the requested key @@ -640,9 +646,16 @@ def test_get_non_existing_key_v2(self, mock_hvac): ) secret = vault_client.get_secret(secret_path="missing") assert secret is None - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None + ) + @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_non_existing_key_v2_different_auth(self, mock_hvac): @@ -660,9 +673,16 @@ def test_get_non_existing_key_v2_different_auth(self, mock_hvac): secret = vault_client.get_secret(secret_path="missing") assert secret is None assert "secret" == vault_client.mount_point - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None + ) + @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_non_existing_key_v1(self, mock_hvac): @@ -715,9 +735,16 @@ def test_get_existing_key_v2(self, mock_hvac): ) secret = vault_client.get_secret(secret_path="path/to/secret") assert {"secret_key": "secret_value"} == secret - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="path/to/secret", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="path/to/secret", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="path/to/secret", version=None + ) + @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v2_without_preconfigured_mount_point(self, mock_hvac): @@ -753,9 +780,16 @@ def test_get_existing_key_v2_without_preconfigured_mount_point(self, mock_hvac): ) secret = vault_client.get_secret(secret_path="mount_point/path/to/secret") assert {"secret_key": "secret_value"} == secret - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="mount_point", path="path/to/secret", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="mount_point", path="path/to/secret", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="mount_point", path="path/to/secret", version=None + ) + @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v2_version(self, mock_hvac): @@ -790,9 +824,16 @@ def test_get_existing_key_v2_version(self, mock_hvac): ) secret = vault_client.get_secret(secret_path="missing", secret_version=1) assert {"secret_key": "secret_value"} == secret - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=1 - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=1, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=1 + ) + @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v1(self, mock_hvac): @@ -1014,9 +1055,16 @@ def test_get_secret_including_metadata_v2(self, mock_hvac): "warnings": None, "auth": None, } == metadata - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None + ) + @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_secret_including_metadata_v1(self, mock_hvac): diff --git a/tests/providers/hashicorp/hooks/test_vault.py b/tests/providers/hashicorp/hooks/test_vault.py index 4bd3e90e56146..23e4b8a7016dd 100644 --- a/tests/providers/hashicorp/hooks/test_vault.py +++ b/tests/providers/hashicorp/hooks/test_vault.py @@ -16,6 +16,12 @@ # under the License. from __future__ import annotations +import sys +if sys.version_info < (3, 8): + from importlib_metadata import version +else: + from importlib.metadata import version + from unittest import mock from unittest.mock import PropertyMock, mock_open, patch @@ -1001,9 +1007,16 @@ def test_get_existing_key_v2(self, mock_hvac, mock_get_connection): test_hook = VaultHook(**kwargs) secret = test_hook.get_secret(secret_path="missing") assert {"secret_key": "secret_value"} == secret - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None + ) + @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -1040,9 +1053,15 @@ def test_get_existing_key_v2_version(self, mock_hvac, mock_get_connection): test_hook = VaultHook(**kwargs) secret = test_hook.get_secret(secret_path="missing", secret_version=1) assert {"secret_key": "secret_value"} == secret - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=1 - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=1, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=1 + ) @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -1185,9 +1204,16 @@ def test_get_secret_including_metadata_v2(self, mock_hvac, mock_get_connection): "warnings": None, "auth": None, } == metadata - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="secret", path="missing", version=None + ) + @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") diff --git a/tests/providers/hashicorp/secrets/test_vault.py b/tests/providers/hashicorp/secrets/test_vault.py index 4897a73c22334..546ce00b8f9dd 100644 --- a/tests/providers/hashicorp/secrets/test_vault.py +++ b/tests/providers/hashicorp/secrets/test_vault.py @@ -16,6 +16,12 @@ # under the License. from __future__ import annotations +import sys +if sys.version_info < (3, 8): + from importlib_metadata import version +else: + from importlib.metadata import version + from unittest import mock import pytest @@ -301,9 +307,15 @@ def test_get_conn_uri_non_existent_key(self, mock_hvac): test_client = VaultBackend(**kwargs) assert test_client.get_conn_uri(conn_id="test_mysql") is None - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="airflow", path="connections/test_mysql", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="airflow", path="connections/test_mysql", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="airflow", path="connections/test_mysql", version=None + ) assert test_client.get_connection(conn_id="test_mysql") is None @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -453,9 +465,15 @@ def test_get_variable_value_non_existent_key(self, mock_hvac): test_client = VaultBackend(**kwargs) assert test_client.get_variable("hello") is None - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="airflow", path="variables/hello", version=None - ) + hvac_version = version("hvac") + if hvac_version >= "1.1.0": + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="airflow", path="variables/hello", version=None, raise_on_deleted_version=True + ) + else: + mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( + mount_point="airflow", path="variables/hello", version=None + ) assert test_client.get_variable("hello") is None @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") From d460026a96dd401f765bafee76aac59e73ed9121 Mon Sep 17 00:00:00 2001 From: Emre Can Date: Sat, 15 Jul 2023 14:21:44 +0000 Subject: [PATCH 09/11] Format with black --- .../hashicorp/_internal_client/vault_client.py | 14 +++++++++++--- .../_internal_client/test_vault_client.py | 9 ++------- tests/providers/hashicorp/hooks/test_vault.py | 3 +-- tests/providers/hashicorp/secrets/test_vault.py | 6 +++++- 4 files changed, 19 insertions(+), 13 deletions(-) diff --git a/airflow/providers/hashicorp/_internal_client/vault_client.py b/airflow/providers/hashicorp/_internal_client/vault_client.py index 7c75a38630e4e..1dbdd319f7952 100644 --- a/airflow/providers/hashicorp/_internal_client/vault_client.py +++ b/airflow/providers/hashicorp/_internal_client/vault_client.py @@ -15,7 +15,9 @@ # specific language governing permissions and limitations # under the License. from __future__ import annotations + import sys + if sys.version_info < (3, 8): from importlib_metadata import version else: @@ -380,12 +382,15 @@ def get_secret(self, secret_path: str, secret_version: int | None = None) -> dic else: if hvac_version >= "1.1.0": response = self.client.secrets.kv.v2.read_secret_version( - path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True + path=secret_path, + mount_point=mount_point, + version=secret_version, + raise_on_deleted_version=True, ) else: response = self.client.secrets.kv.v2.read_secret_version( path=secret_path, mount_point=mount_point, version=secret_version - ) + ) except InvalidPath: self.log.debug("Secret not found %s with mount point %s", secret_path, mount_point) return None @@ -435,7 +440,10 @@ def get_secret_including_metadata( mount_point, secret_path = self._parse_secret_path(secret_path) if hvac_version >= "1.1.0": return self.client.secrets.kv.v2.read_secret_version( - path=secret_path, mount_point=mount_point, version=secret_version, raise_on_deleted_version=True + path=secret_path, + mount_point=mount_point, + version=secret_version, + raise_on_deleted_version=True, ) else: return self.client.secrets.kv.v2.read_secret_version( diff --git a/tests/providers/hashicorp/_internal_client/test_vault_client.py b/tests/providers/hashicorp/_internal_client/test_vault_client.py index c37421257dc54..cd6e1bdb695e2 100644 --- a/tests/providers/hashicorp/_internal_client/test_vault_client.py +++ b/tests/providers/hashicorp/_internal_client/test_vault_client.py @@ -17,6 +17,7 @@ from __future__ import annotations import sys + if sys.version_info < (3, 8): from importlib_metadata import version else: @@ -636,7 +637,7 @@ def test_userpass_different_auth_mount_point(self, mock_hvac): assert 2 == vault_client.kv_engine_version @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") - def test_get_non_existing_key_v2(self, mock_hvac): + def test_get_non_existing_key_v2(self, mock_hvac): mock_client = mock.MagicMock() mock_hvac.Client.return_value = mock_client # Response does not contain the requested key @@ -656,7 +657,6 @@ def test_get_non_existing_key_v2(self, mock_hvac): mount_point="secret", path="missing", version=None ) - @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_non_existing_key_v2_different_auth(self, mock_hvac): mock_client = mock.MagicMock() @@ -683,7 +683,6 @@ def test_get_non_existing_key_v2_different_auth(self, mock_hvac): mount_point="secret", path="missing", version=None ) - @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_non_existing_key_v1(self, mock_hvac): mock_client = mock.MagicMock() @@ -745,7 +744,6 @@ def test_get_existing_key_v2(self, mock_hvac): mount_point="secret", path="path/to/secret", version=None ) - @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v2_without_preconfigured_mount_point(self, mock_hvac): mock_client = mock.MagicMock() @@ -790,7 +788,6 @@ def test_get_existing_key_v2_without_preconfigured_mount_point(self, mock_hvac): mount_point="mount_point", path="path/to/secret", version=None ) - @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v2_version(self, mock_hvac): mock_client = mock.MagicMock() @@ -834,7 +831,6 @@ def test_get_existing_key_v2_version(self, mock_hvac): mount_point="secret", path="missing", version=1 ) - @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v1(self, mock_hvac): mock_client = mock.MagicMock() @@ -1065,7 +1061,6 @@ def test_get_secret_including_metadata_v2(self, mock_hvac): mount_point="secret", path="missing", version=None ) - @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_secret_including_metadata_v1(self, mock_hvac): mock_client = mock.MagicMock() diff --git a/tests/providers/hashicorp/hooks/test_vault.py b/tests/providers/hashicorp/hooks/test_vault.py index 23e4b8a7016dd..3afa477670877 100644 --- a/tests/providers/hashicorp/hooks/test_vault.py +++ b/tests/providers/hashicorp/hooks/test_vault.py @@ -17,6 +17,7 @@ from __future__ import annotations import sys + if sys.version_info < (3, 8): from importlib_metadata import version else: @@ -1017,7 +1018,6 @@ def test_get_existing_key_v2(self, mock_hvac, mock_get_connection): mount_point="secret", path="missing", version=None ) - @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v2_version(self, mock_hvac, mock_get_connection): @@ -1214,7 +1214,6 @@ def test_get_secret_including_metadata_v2(self, mock_hvac, mock_get_connection): mount_point="secret", path="missing", version=None ) - @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_create_or_update_secret_v2(self, mock_hvac, mock_get_connection): diff --git a/tests/providers/hashicorp/secrets/test_vault.py b/tests/providers/hashicorp/secrets/test_vault.py index 546ce00b8f9dd..58f04a2aa04d6 100644 --- a/tests/providers/hashicorp/secrets/test_vault.py +++ b/tests/providers/hashicorp/secrets/test_vault.py @@ -17,6 +17,7 @@ from __future__ import annotations import sys + if sys.version_info < (3, 8): from importlib_metadata import version else: @@ -310,7 +311,10 @@ def test_get_conn_uri_non_existent_key(self, mock_hvac): hvac_version = version("hvac") if hvac_version >= "1.1.0": mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="airflow", path="connections/test_mysql", version=None, raise_on_deleted_version=True + mount_point="airflow", + path="connections/test_mysql", + version=None, + raise_on_deleted_version=True, ) else: mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( From f1581e4ab1858a5226b5ac553ed953751bc70b1f Mon Sep 17 00:00:00 2001 From: Emre Can Date: Sat, 15 Jul 2023 14:56:13 +0000 Subject: [PATCH 10/11] Fix mistakes during merge --- .../_internal_client/vault_client.py | 3 -- .../_internal_client/test_vault_client.py | 54 ------------------- tests/providers/hashicorp/hooks/test_vault.py | 29 ---------- .../providers/hashicorp/secrets/test_vault.py | 9 ---- 4 files changed, 95 deletions(-) diff --git a/airflow/providers/hashicorp/_internal_client/vault_client.py b/airflow/providers/hashicorp/_internal_client/vault_client.py index 09c2e0230bf99..357c80d70e5db 100644 --- a/airflow/providers/hashicorp/_internal_client/vault_client.py +++ b/airflow/providers/hashicorp/_internal_client/vault_client.py @@ -23,7 +23,6 @@ else: from importlib.metadata import version - from functools import cached_property import hvac @@ -373,7 +372,6 @@ def get_secret(self, secret_path: str, secret_version: int | None = None) -> dic """ mount_point = None hvac_version = version("hvac") - hvac_version = version("hvac") try: mount_point, secret_path = self._parse_secret_path(secret_path) if self.kv_engine_version == 1: @@ -437,7 +435,6 @@ def get_secret_including_metadata( raise VaultError("Metadata might only be used with version 2 of the KV engine.") mount_point = None hvac_version = version("hvac") - hvac_version = version("hvac") try: mount_point, secret_path = self._parse_secret_path(secret_path) if hvac_version >= "1.1.0": diff --git a/tests/providers/hashicorp/_internal_client/test_vault_client.py b/tests/providers/hashicorp/_internal_client/test_vault_client.py index 7bfdc2938e543..4fd7c03662ffd 100644 --- a/tests/providers/hashicorp/_internal_client/test_vault_client.py +++ b/tests/providers/hashicorp/_internal_client/test_vault_client.py @@ -656,15 +656,6 @@ def test_get_non_existing_key_v2(self, mock_hvac): mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( mount_point="secret", path="missing", version=None ) - hvac_version = version("hvac") - if hvac_version >= "1.1.0": - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None, raise_on_deleted_version=True - ) - else: - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -692,15 +683,6 @@ def test_get_non_existing_key_v2_different_auth(self, mock_hvac): mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( mount_point="secret", path="missing", version=None ) - hvac_version = version("hvac") - if hvac_version >= "1.1.0": - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None, raise_on_deleted_version=True - ) - else: - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -763,15 +745,6 @@ def test_get_existing_key_v2(self, mock_hvac): mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( mount_point="secret", path="path/to/secret", version=None ) - hvac_version = version("hvac") - if hvac_version >= "1.1.0": - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="path/to/secret", version=None, raise_on_deleted_version=True - ) - else: - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="path/to/secret", version=None - ) @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -817,15 +790,6 @@ def test_get_existing_key_v2_without_preconfigured_mount_point(self, mock_hvac): mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( mount_point="mount_point", path="path/to/secret", version=None ) - hvac_version = version("hvac") - if hvac_version >= "1.1.0": - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="mount_point", path="path/to/secret", version=None, raise_on_deleted_version=True - ) - else: - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="mount_point", path="path/to/secret", version=None - ) @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -870,15 +834,6 @@ def test_get_existing_key_v2_version(self, mock_hvac): mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( mount_point="secret", path="missing", version=1 ) - hvac_version = version("hvac") - if hvac_version >= "1.1.0": - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=1, raise_on_deleted_version=True - ) - else: - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=1 - ) @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -1110,15 +1065,6 @@ def test_get_secret_including_metadata_v2(self, mock_hvac): mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( mount_point="secret", path="missing", version=None ) - hvac_version = version("hvac") - if hvac_version >= "1.1.0": - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None, raise_on_deleted_version=True - ) - else: - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") diff --git a/tests/providers/hashicorp/hooks/test_vault.py b/tests/providers/hashicorp/hooks/test_vault.py index eea5adefa60f8..3afa477670877 100644 --- a/tests/providers/hashicorp/hooks/test_vault.py +++ b/tests/providers/hashicorp/hooks/test_vault.py @@ -1017,16 +1017,6 @@ def test_get_existing_key_v2(self, mock_hvac, mock_get_connection): mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( mount_point="secret", path="missing", version=None ) - hvac_version = version("hvac") - if hvac_version >= "1.1.0": - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None, raise_on_deleted_version=True - ) - else: - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) - @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -1072,15 +1062,6 @@ def test_get_existing_key_v2_version(self, mock_hvac, mock_get_connection): mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( mount_point="secret", path="missing", version=1 ) - hvac_version = version("hvac") - if hvac_version >= "1.1.0": - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=1, raise_on_deleted_version=True - ) - else: - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=1 - ) @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") @@ -1232,16 +1213,6 @@ def test_get_secret_including_metadata_v2(self, mock_hvac, mock_get_connection): mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( mount_point="secret", path="missing", version=None ) - hvac_version = version("hvac") - if hvac_version >= "1.1.0": - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None, raise_on_deleted_version=True - ) - else: - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="secret", path="missing", version=None - ) - @mock.patch("airflow.providers.hashicorp.hooks.vault.VaultHook.get_connection") @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") diff --git a/tests/providers/hashicorp/secrets/test_vault.py b/tests/providers/hashicorp/secrets/test_vault.py index 988910fb0df5e..58f04a2aa04d6 100644 --- a/tests/providers/hashicorp/secrets/test_vault.py +++ b/tests/providers/hashicorp/secrets/test_vault.py @@ -470,15 +470,6 @@ def test_get_variable_value_non_existent_key(self, mock_hvac): test_client = VaultBackend(**kwargs) assert test_client.get_variable("hello") is None hvac_version = version("hvac") - if hvac_version >= "1.1.0": - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="airflow", path="variables/hello", version=None, raise_on_deleted_version=True - ) - else: - mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( - mount_point="airflow", path="variables/hello", version=None - ) - hvac_version = version("hvac") if hvac_version >= "1.1.0": mock_client.secrets.kv.v2.read_secret_version.assert_called_once_with( mount_point="airflow", path="variables/hello", version=None, raise_on_deleted_version=True From c96b0ccdf001b73006ea94e9d6f7fbcb13e57584 Mon Sep 17 00:00:00 2001 From: Emre Can Date: Sat, 15 Jul 2023 15:41:07 +0000 Subject: [PATCH 11/11] Formatting --- .../hashicorp/_internal_client/test_vault_client.py | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/tests/providers/hashicorp/_internal_client/test_vault_client.py b/tests/providers/hashicorp/_internal_client/test_vault_client.py index 4fd7c03662ffd..cd6e1bdb695e2 100644 --- a/tests/providers/hashicorp/_internal_client/test_vault_client.py +++ b/tests/providers/hashicorp/_internal_client/test_vault_client.py @@ -637,7 +637,7 @@ def test_userpass_different_auth_mount_point(self, mock_hvac): assert 2 == vault_client.kv_engine_version @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") - def test_get_non_existing_key_v2(self, mock_hvac): + def test_get_non_existing_key_v2(self, mock_hvac): mock_client = mock.MagicMock() mock_hvac.Client.return_value = mock_client # Response does not contain the requested key @@ -657,7 +657,6 @@ def test_get_non_existing_key_v2(self, mock_hvac): mount_point="secret", path="missing", version=None ) - @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_non_existing_key_v2_different_auth(self, mock_hvac): mock_client = mock.MagicMock() @@ -684,7 +683,6 @@ def test_get_non_existing_key_v2_different_auth(self, mock_hvac): mount_point="secret", path="missing", version=None ) - @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_non_existing_key_v1(self, mock_hvac): mock_client = mock.MagicMock() @@ -746,7 +744,6 @@ def test_get_existing_key_v2(self, mock_hvac): mount_point="secret", path="path/to/secret", version=None ) - @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v2_without_preconfigured_mount_point(self, mock_hvac): mock_client = mock.MagicMock() @@ -791,7 +788,6 @@ def test_get_existing_key_v2_without_preconfigured_mount_point(self, mock_hvac): mount_point="mount_point", path="path/to/secret", version=None ) - @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v2_version(self, mock_hvac): mock_client = mock.MagicMock() @@ -835,7 +831,6 @@ def test_get_existing_key_v2_version(self, mock_hvac): mount_point="secret", path="missing", version=1 ) - @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_existing_key_v1(self, mock_hvac): mock_client = mock.MagicMock() @@ -1066,7 +1061,6 @@ def test_get_secret_including_metadata_v2(self, mock_hvac): mount_point="secret", path="missing", version=None ) - @mock.patch("airflow.providers.hashicorp._internal_client.vault_client.hvac") def test_get_secret_including_metadata_v1(self, mock_hvac): mock_client = mock.MagicMock()