Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

airbyte-ci: enable the use of local connector secrets #31766

Merged
merged 2 commits into from
Oct 24, 2023
Merged

airbyte-ci: enable the use of local connector secrets #31766

merged 2 commits into from
Oct 24, 2023

Conversation

alafanechere
Copy link
Contributor

@alafanechere alafanechere commented Oct 24, 2023
edited
Loading

Motivation

Closes #25621
As airbyte-ci is now the recommended way to build and test connectors we should enable community users to use it.
So far one blocker for community use was the fact that the connectors command group did not support the use of local connector secrets and relied on our GSM secrets store.

We want the airbyte-ci connectors command to be runnable without the GCP_GSM_CREDENTIALS env var and have a sensible default wether to use remote or local secrets if the --use-local-secret/--use-remote-secrets flags are not passed.

CLI behavior

  • If --use-local-secret/--use-remote-secrets flags are not passed:

    • Use remote secrets if the GCP_GSM_CREDENTIALS env var is set
    • Fall back to local secrets if GCP_GSM_CREDENTIALS is not set

  • If --use-local-secrets is passed:
    We'll mount secrets from the connector secrets directory.
    We log a warning if this directory is empty and does not exist.
    Unit/Integration/CAT tests will likely fail if these file are missing, we let them handle the error handling when the secret file is missing. (We have some connectors, like source-pokeapi, that do not require secret files).

  • If --use-remote-secrets:
    We check that GCP_GSM_CREDENTIALS is set or raise a click.UsageError exception otherwise.

🚨 User Impact 🚨

Community users should be able to run the test command without access to our secret store. test will use their local connector secrets.

@vercel
Copy link

vercel bot commented Oct 24, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment
Name Status Preview Comments Updated (UTC)
airbyte-docs ⬜️ Ignored (Inspect) Visit Preview Oct 24, 2023 5:08pm

@alafanechere Graphite App
Copy link
Contributor Author

Current dependencies on/for this PR:

This comment was auto-generated by Graphite.

@alafanechere alafanechere force-pushed the augustin/10-24-airbyte-ci_enable_the_use_of_local_connector_secrets branch from 3dd85a6 to 8f9131f Compare October 24, 2023 10:30
@alafanechere alafanechere marked this pull request as ready for review October 24, 2023 10:30
@alafanechere alafanechere requested review from a team, marcosmarxm and bazarnov October 24, 2023 10:30
@alafanechere alafanechere force-pushed the augustin/10-24-airbyte-ci_enable_the_use_of_local_connector_secrets branch from 8f9131f to b0698e4 Compare October 24, 2023 10:33
bazarnov
bazarnov approved these changes Oct 24, 2023
View reviewed changes
Copy link
Collaborator

@bazarnov bazarnov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome improvement! LGTM.

@marcosmarxm
Copy link
Member

We'll mount secrets from the connector secrets directory.
We log a warning if this directory is empty and does not exist.
Unit/Integration/CAT tests will likely fail if these file are missing, we let them handle the error handling when the secret file is missing. (We have some connectors, like source-pokeapi, that do not require secret files).

Usually community connectors have only one secret file and it's easy to share a single credential with the contributor. This feature will help a lot!

marcosmarxm
marcosmarxm approved these changes Oct 24, 2023
View reviewed changes
airbyte-ci/connectors/pipelines/pipelines/airbyte_ci/connectors/commands.py
Comment on lines +102 to +103
"DOCKER_HUB_USERNAME",
"DOCKER_HUB_PASSWORD",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the case if the community member or us want to publish the connector from local?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, it's a check to make sure that these env var are set in the CI

erohmensing
erohmensing approved these changes Oct 24, 2023
View reviewed changes
Copy link
Contributor

@erohmensing erohmensing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't test it myself, but code looks good! A few nits, but nothing blocking

airbyte-ci/connectors/pipelines/README.md Outdated Show resolved Hide resolved
airbyte-ci/connectors/pipelines/pipelines/airbyte_ci/connectors/commands.py Outdated Show resolved Hide resolved
airbyte-ci/connectors/pipelines/pipelines/airbyte_ci/connectors/commands.py Outdated Show resolved Hide resolved
airbyte-ci/connectors/pipelines/pipelines/airbyte_ci/connectors/commands.py Show resolved Hide resolved
airbyte-ci/connectors/pipelines/pipelines/dagger/actions/secrets.py
"""
if context.use_remote_secrets:
connector_secrets = await download(context)
else:
raise NotImplementedError("Local secrets are not implemented yet. See https://github.com/airbytehq/airbyte/issues/25621")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🥳

airbyte-ci/connectors/pipelines/tests/test_commands/test_groups/test_connectors.py Outdated Show resolved Hide resolved
@Nico0293 Nico0293 mentioned this pull request Oct 24, 2023
Closed
1 task
@alafanechere alafanechere force-pushed the augustin/10-24-airbyte-ci_enable_the_use_of_local_connector_secrets branch from a538baa to b1c0ac7 Compare October 24, 2023 17:08
@alafanechere alafanechere enabled auto-merge (squash) October 24, 2023 17:09
@erohmensing erohmensing mentioned this pull request Oct 24, 2023
Merged
@erohmensing erohmensing changed the base branch from master to ella/fixpytest October 24, 2023 18:26
@alafanechere alafanechere merged commit 8972fcf into ella/fixpytest Oct 24, 2023
19 of 22 checks passed
@alafanechere alafanechere deleted the augustin/10-24-airbyte-ci_enable_the_use_of_local_connector_secrets branch October 24, 2023 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erohmensing erohmensing erohmensing approved these changes

@marcosmarxm marcosmarxm marcosmarxm approved these changes

@bazarnov bazarnov bazarnov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

connectors-ci: make sure connector test can work with local secrets
4 participants
@alafanechere @marcosmarxm @erohmensing @bazarnov