Merge pull request #1762 from edx/katebygrace/snowflake-jobs-secretsm…

…anager Katebygrace/snowflake expire jobs secretsmanager
edx · May 17, 2024 · bccebdb · bccebdb
2 parents e946c5e + 3a01db1
commit bccebdb
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 11 deletions.
diff --git a/dataeng/jobs/analytics/SnowflakeExpirePasswords.groovy b/dataeng/jobs/analytics/SnowflakeExpirePasswords.groovy
@@ -41,8 +41,6 @@ class SnowflakeExpirePasswords {
                     }
                 }
                 environmentVariables {
-                    env('KEY_PATH', allVars.get('KEY_PATH'))
-                    env('PASSPHRASE_PATH', allVars.get('PASSPHRASE_PATH'))
                     env('USER', allVars.get('USER'))
                     env('ACCOUNT', allVars.get('ACCOUNT'))
                 }

diff --git a/dataeng/resources/snowflake-expire-individual-password.sh b/dataeng/resources/snowflake-expire-individual-password.sh
@@ -10,9 +10,17 @@ source "${PYTHON_VENV}/bin/activate"
 cd $WORKSPACE/analytics-tools/snowflake
 make requirements
 
+
+python3 secrets-manager.py -w -n analytics-secure/snowflake/rsa_key_snowflake_task_automation_user.p8 -v rsa_key_snowflake_task_automation_user
+python3 secrets-manager.py -w -n analytics-secure/snowflake/rsa_key_passphrase_snowflake_task_automation_user -v rsa_key_passphrase_snowflake_task_automation_user
+
 python expire_user_passwords.py \
-    --key_path $KEY_PATH \
-    --passphrase_path $PASSPHRASE_PATH \
-    --automation_user $USER \
-    --account $ACCOUNT \
-    --user_to_expire $USER_TO_EXPIRE
+    --automation_user 'SNOWFLAKE_TASK_AUTOMATION_USER' \
+    --account 'edx.us-east-1' \
+    --user_to_expire $USER_TO_EXPIRE \
+    --key_file "$(cat "rsa_key_snowflake_task_automation_user")" \
+    --pass_file  "$(cat "rsa_key_passphrase_snowflake_task_automation_user")"
+
+
+rm rsa_key_snowflake_task_automation_user
+rm rsa_key_passphrase_snowflake_task_automation_user
diff --git a/dataeng/resources/snowflake-expire-passwords.sh b/dataeng/resources/snowflake-expire-passwords.sh
@@ -10,8 +10,15 @@ source "${PYTHON_VENV}/bin/activate"
 cd $WORKSPACE/analytics-tools/snowflake
 make requirements
 
+
+python3 secrets-manager.py -w -n analytics-secure/snowflake/rsa_key_snowflake_task_automation_user.p8 -v rsa_key_snowflake_task_automation_user
+python3 secrets-manager.py -w -n analytics-secure/snowflake/rsa_key_passphrase_snowflake_task_automation_user -v rsa_key_passphrase_snowflake_task_automation_user
+
 python expire_user_passwords.py \
-    --key_path $KEY_PATH \
-    --passphrase_path $PASSPHRASE_PATH \
-    --automation_user $USER \
-    --account $ACCOUNT
+    --automation_user 'SNOWFLAKE_TASK_AUTOMATION_USER' \
+    --account 'edx.us-east-1' \
+    --key_file "$(cat "rsa_key_snowflake_task_automation_user")" \
+    --pass_file  "$(cat "rsa_key_passphrase_snowflake_task_automation_user")"
+
+rm rsa_key_snowflake_task_automation_user
+rm rsa_key_passphrase_snowflake_task_automation_user