kaxil

import json
import sys
from datetime import datetime
from functools import lru_cache

import humanize
import requests
from typing import NamedTuple, Dict

import semver

kaxil

vault kv put \
	secret/connections/smtp_default \
	conn_uri=smtps://user:host@relay.example.com:465

kaxil

# Install AC Airflow and Hashicorp dependency
pip install --extra-index-url https://pip.astronomer.io/simple/ \
	'astronomer-certified>=1.10.10-1.dev140[hvac]'

kaxil

# Option 1. Official (run with no UI)
brew install vault

## Option 2. Vault CLI and GUI (reccomended becuase the Vault UI is a nice feature)
brew tap petems/vault
brew install petems/vault-prebuilt/vault

kaxil

from airflow import DAG
from airflow.operators.python_operator import PythonOperator
from datetime import datetime
from airflow.hooks.base_hook import BaseHook


def get_secrets(**kwargs):
    conn = BaseHook.get_connection(kwargs['my_conn_id'])
    print(f"Password: {conn.password}, Login: {conn.login}, URI: {conn.get_uri()}, Host: {conn.host}")

kaxil

export AIRFLOW__SECRETS__BACKEND="airflow.contrib.secrets.hashicorp_vault.VaultSecrets"
export AIRFLOW__SECRETS__BACKEND_KWARGS='{"url":"http://127.0.0.1:8200","token":"<YOUR-ROOT-TOKEN>","connections_path": "connections"}'

# Start Scheduler
airflow scheduler

kaxil

In [1]: import hvac                                                                                                  

In [2]: client=hvac.Client(url="http://127.0.0.1:8200")                                                      

In [3]: client.token = "<YOUR-ROOT-TOKEN>"                                                                  

In [4]: client.is_authenticated()                                                                                    
Out[4]: True

In [5]: client.secrets.kv.v2.read_secret_version(path="connections/smtp_default")                                    

kaxil

# Author: Bas Harenslak

import datetime as dt

import airflow.utils.dates
from airflow.models import DAG
from airflow.operators.dummy_operator import DummyOperator
from airflow.utils.helpers import cross_downstream

dag = DAG(dag_id="megadag", schedule_interval=dt.timedelta(hours=4), start_date=airflow.utils.dates.days_ago(1))

kaxil

Opening and closing an SSH tunnel in a shell script the smart way

I recently had the following problem:

• From an unattended shell script (called by Jenkins), run a command-line tool that accesses the MySQL database on another host.
• That tool doesn't know that the database is on another host, plus the MySQL port on that host is firewalled and not accessible from other machines.

We didn't want to open the MySQL port to the network, but it's possible to SSH from the Jenkins machine to the MySQL machine. So, basically you would do something like

ssh -L 3306:localhost:3306 remotehost

kaxil

# ssh key generator data source expects the below 3 inputs, and produces 3 outputs for use:
#  "${data.external.ssh_key_generator.result.public_key}" (contents)
#  "${data.external.ssh_key_generator.result.private_key}" (contents)
#  "${data.external.ssh_key_generator.result.private_key_file}" (path)
data "external" "ssh_key_generator" {
  program = ["bash", "${path.root}/../ssh_key_generator.sh"]

  query = {
    customer_name = "${var.customer_name}"
    customer_group = "${var.customer_group}"