Skip to content

feat(cli): accept dynamic GCP project ID from env var during secrets fetch #545

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Aaron ("AJ") Steers (aaronsteers) merged 6 commits into from
May 16, 2025
Merged

feat(cli): accept dynamic GCP project ID from env var during secrets fetch #545

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ac97f24
feat(cli): accept dynamic gcp project ID from env var during secrets …
aaronsteers May 15, 2025
deba805
improve interface with env var, improve docs, fix mix-matched input a…
aaronsteers May 15, 2025
a606911
coalesce late, treating empty str in env var as none
aaronsteers May 15, 2025
4394ea2
apply suggestion
aaronsteers May 16, 2025
e8687c4
Update airbyte_cdk/cli/airbyte_cdk/_secrets.py
aaronsteers May 16, 2025
39738d2
Merge branch 'main' into aj/feat/cli/accept-dynamic-gcp-project-id-fr…
aaronsteers May 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 29 additions & 21 deletions airbyte_cdk/cli/airbyte_cdk/_secrets.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,12 @@
resolve_connector_name_and_directory,
)

AIRBYTE_INTERNAL_GCP_PROJECT = "dataline-integration-testing"
GCP_PROJECT_ID: str = os.environ.get("GCP_PROJECT_ID", "") or "dataline-integration-testing"
Comment thread
aaronsteers marked this conversation as resolved.
# We put the `or` outside the `get()` because we want the `GCP_PROJECT_ID`
# env var to be ignored if it contains an empty string, such as in CI where the
# workflow might set it to a value that is itself actually missing or unset.
"""The GCP project ID to use for fetching integration test secrets."""

CONNECTOR_LABEL = "connector"
GLOBAL_MASK_KEYS_URL = "https://connectors.airbyte.com/files/registries/v0/specs_secrets_mask.yaml"

Expand Down Expand Up @@ -83,8 +88,11 @@ def secrets_cli_group() -> None:
@click.option(
"--gcp-project-id",
type=str,
default=AIRBYTE_INTERNAL_GCP_PROJECT,
help=f"GCP project ID. Defaults to '{AIRBYTE_INTERNAL_GCP_PROJECT}'.",
default=GCP_PROJECT_ID,
help=(
"GCP project ID for retrieving integration tests credentials. "
"Defaults to the value of the `GCP_PROJECT_ID` environment variable, if set."
),
)
@click.option(
"--print-ci-secrets-masks",
Expand All @@ -95,7 +103,7 @@ def secrets_cli_group() -> None:
)
def fetch(
connector: str | Path | None = None,
gcp_project_id: str = AIRBYTE_INTERNAL_GCP_PROJECT,
gcp_project_id: str = GCP_PROJECT_ID,
print_ci_secrets_masks: bool = False,
) -> None:
"""Fetch secrets for a connector from Google Secret Manager.
Expand Down Expand Up @@ -192,41 +200,41 @@ def fetch(


@secrets_cli_group.command("list")
@click.option(
"--connector-name",
@click.argument(
"connector",
required=False,
type=str,
help="Name of the connector to fetch secrets for. Ignored if --connector-directory is provided.",
)
@click.option(
"--connector-directory",
type=click.Path(exists=True, file_okay=False, path_type=Path),
help="Path to the connector directory.",
metavar="[CONNECTOR]",
)
@click.option(
"--gcp-project-id",
type=str,
default=AIRBYTE_INTERNAL_GCP_PROJECT,
help=f"GCP project ID. Defaults to '{AIRBYTE_INTERNAL_GCP_PROJECT}'.",
default=GCP_PROJECT_ID,
help=(
"GCP project ID for retrieving integration tests credentials. "
"Defaults to the value of the `GCP_PROJECT_ID` environment variable, if set."
),
)
def list_(
connector_name: str | None = None,
connector_directory: Path | None = None,
gcp_project_id: str = AIRBYTE_INTERNAL_GCP_PROJECT,
connector: str | Path | None = None,
*,
gcp_project_id: str = GCP_PROJECT_ID,
) -> None:
"""List secrets for a connector from Google Secret Manager.

This command fetches secrets for a connector from Google Secret Manager and prints
them as a table.

[CONNECTOR] can be a connector name (e.g. 'source-pokeapi'), a path to a connector directory, or omitted to use the current working directory.
If a string containing '/' is provided, it is treated as a path. Otherwise, it is treated as a connector name.

If no connector name or directory is provided, we will look within the current working
directory. If the current working directory is not a connector directory (e.g. starting
with 'source-') and no connector name or path is provided, the process will fail.
"""
click.echo("Scanning secrets...", err=True)

connector_name = connector_name or resolve_connector_name(
connector_directory=connector_directory or Path().resolve().absolute(),
)
connector_name, _ = resolve_connector_name_and_directory(connector)
secrets: list[Secret] = _fetch_secret_handles( # type: ignore
connector_name=connector_name,
gcp_project_id=gcp_project_id,
Expand Down Expand Up @@ -303,7 +311,7 @@ def _get_secret_url(secret_name: str, gcp_project_id: str) -> str:

def _fetch_secret_handles(
connector_name: str,
gcp_project_id: str = AIRBYTE_INTERNAL_GCP_PROJECT,
gcp_project_id: str = GCP_PROJECT_ID,
) -> list["Secret"]: # type: ignore
"""Fetch secrets from Google Secret Manager."""
if not secretmanager:
Expand Down
Loading