Skip to content

Commit

Permalink
Google provider catch invalid secret name (#18790)
Browse files Browse the repository at this point in the history
  • Loading branch information
@raphaelauv
raphaelauv committed Oct 19, 2021
1 parent 8858309 commit 0e95b57
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 1 deletion.
11 changes: 10 additions & 1 deletion airflow/providers/google/cloud/_internal_client/secret_manager_client.py
View file
Expand Up @@ -24,7 +24,7 @@
from functools import cached_property
except ImportError:
from cached_property import cached_property
from google.api_core.exceptions import NotFound, PermissionDenied
from google.api_core.exceptions import InvalidArgument, NotFound, PermissionDenied
from google.api_core.gapic_v1.client_info import ClientInfo
from google.cloud.secretmanager_v1 import SecretManagerServiceClient

Expand Down Expand Up @@ -96,3 +96,12 @@ def get_secret(self, secret_id: str, project_id: str, secret_version: str = 'lat
secret_id,
)
return None
except InvalidArgument:
self.log.error(
"""Google Cloud API Call Error (InvalidArgument): Invalid secret ID %s.
Only ASCII alphabets (a-Z), numbers (0-9), dashes (-), and underscores (_)
are allowed in the secret ID.
""",
secret_id,
)
return None
15 changes: 15 additions & 0 deletions tests/providers/google/cloud/_internal_client/test_secret_manager_client.py
View file
Expand Up @@ -68,6 +68,21 @@ def test_get_no_permissions(self, mock_client_info, mock_secrets_client):
assert secret is None
mock_client.access_secret_version.assert_called_once_with('full-path')

@mock.patch(INTERNAL_CLIENT_MODULE + ".SecretManagerServiceClient")
@mock.patch(INTERNAL_CLIENT_MODULE + ".ClientInfo")
def test_get_invalid_id(self, mock_client_info, mock_secrets_client):
mock_client = mock.MagicMock()
mock_client_info.return_value = mock.MagicMock()
mock_secrets_client.return_value = mock_client
mock_client.secret_version_path.return_value = "full-path"
# The requested secret id is using invalid character
mock_client.access_secret_version.side_effect = PermissionDenied('test-msg')
secrets_client = _SecretManagerClient(credentials="credentials")
secret = secrets_client.get_secret(secret_id="not.allow", project_id="project_id")
mock_client.secret_version_path.assert_called_once_with("project_id", 'not.allow', 'latest')
assert secret is None
mock_client.access_secret_version.assert_called_once_with('full-path')

@mock.patch(INTERNAL_CLIENT_MODULE + ".SecretManagerServiceClient")
@mock.patch(INTERNAL_CLIENT_MODULE + ".ClientInfo")
def test_get_existing_key(self, mock_client_info, mock_secrets_client):
Expand Down

0 comments on commit 0e95b57

Please sign in to comment.