airflow
airflow copied to clipboard
apache
Add impersonation_chain parameter for ComputeEngineSSHHook
The parameter delegate_to parameter in the ComputeEngineSSHHook seems not working at all. So we dug into the code and added impersonation_chain parameter which is fully supported by the other file compute.py. So we barely added a few lines in compute_ssh.py to make it work. This allows to properly impersonate service account using ComputeEngineSSHHook. An example with iap_tunnel :
task1 = SSHOperator(
task_id="task1_id",
ssh_hook=ComputeEngineSSHHook(
gcp_conn_id='test_connection_gcp',
instance_name="instance_target",
zone="instance_zone",
user="airflow",
project_id="instance_project",
use_oslogin=False,
use_iap_tunnel=True,
use_internal_ip=False,
impersonation_chain="service_account_to_impersonate",
expire_time="3m"
),
command="ls -la"
)
Only tested with IAP tunnel and only one service account email in impersonation_chain. Linted with flake8 and formatted with black.
Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst) Here are some useful points:
- Pay attention to the quality of your code (flake8, mypy and type annotations). Our pre-commits will help you with that.
- In case of a new feature add useful documentation (in docstrings or in
docs/directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it. - Consider using Breeze environment for testing locally, it’s a heavy docker but it ships with a working Airflow and a lot of integrations.
- Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
- Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
- Be sure to read the Airflow Coding style. Apache Airflow is a community-driven project and together we are making it better 🚀. In case of doubts contact the developers at: Mailing List: [email protected] Slack: https://s.apache.org/airflow-slack
![boring-cyborg[bot] avatar](https://avatars.githubusercontent.com/in/50386?v=4 "Published by a pub.dev verified publisher"){kind=small}
@mik-laj By adding tests, what do you mean ? Locally i tested with and without the new parameter and it works great. I don't know what your CI is doing in terms of tests but i'm willing to learn.
Unit tests. For example, see: https://github.com/apache/airflow/blob/f662b7de8c5e61f640f150d4e68bde21dcdd09b4/tests/providers/google/cloud/hooks/test_compute_ssh.py#L245
i had a lot of difficulties to install a proper testing environment for Airflow ( a lot of lib dependancies issues). Besides the former impersonating parameter (delegate_to) did not have dedicated tests. Unless you show me how to setup a proper testing environment, i'm afraid this is on your side.
Here is quick start guide for contributor: https://github.com/apache/airflow/blob/main/CONTRIBUTORS_QUICK_START.rst
Here is guide about testing Airflow: https://github.com/apache/airflow/blob/main/TESTING.rst
Hello @mik-laj @turbaszek, it's like ten times i'm trying to set up a new test environment. I keep on encountering different types of failures everytime i retry. I'm kinda stuck and lost a lot of time. My PR is quite simple, the code properly works, so i'd like you to take the next step, on the tests and implement this in Airflow, please. In Airflow documentation, service account impersonation is high recommanded so i think fixing this class would be quite relevant.
Hello @mik-laj @turbaszek, it's like ten times i'm trying to set up a new test environment. I keep on encountering different types of failures everytime i retry. I'm kinda stuck and lost a lot of time. My PR is quite simple, the code properly works, so i'd like you to take the next step, on the tests and implement this in Airflow, please. In Airflow documentation, service account impersonation is high recommanded so i think fixing this class would be quite relevant.
What are your problems? Did you try breeze ? It should be possible to be setup in 10-15 minutes if you follow the docs and you should be able to run any tests there. https://github.com/apache/airflow/blob/main/BREEZE.rst
Basically the problem is i cant use an Ubuntu configuration with enough performances to run the test environment. I'm stuck on a low hardware windows 10 laptop and i tried ubuntu in virtualbox which created memory failure due to lack of performances and i cant run it in my WSL1
Basically the problem is i cant use an Ubuntu configuration with enough performances to run the test environment. I'm stuck on a low hardware windows 10 laptop and i tried ubuntu in virtualbox which created memory failure due to lack of performances and i cant run it in my WSL1
Have you tried Codespaces or GitPod?
- https://github.com/apache/airflow/blob/main/CONTRIBUTORS_QUICK_START_CODESPACES.rst
- https://github.com/apache/airflow/blob/main/CONTRIBUTORS_QUICK_START_GITPOD.rst
They both provide decent development environment using remote containers - either run by GitPod or GitHub and we have full integration with them, including documentation and instructions.
You need either "beta" or paid account for both (or maybe your employer already has some offering there), but that might be an easy solution for your problems.
Alternatively, you can set your environment in a remote machine in the cloud - I sometimes do that and you can have machines for < 0.1 USD per hour and you can get them up-and-running in under 10 minutes following Breeze. Both VScode and IntelliJ have a way to connect to remote environments (requires a bit of configuration but it works nicely and is described in our VSCODE/IntelliJ docs as well).
So you have plenty of options.
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 5 days if no further activity occurs. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}