init

2026-03-02 09:47:35 +01:00
commit 2c225d68ac
715 changed files with 130067 additions and 0 deletions
--- a/airflow/tmp/oci_principal_authentication_debug.py
+++ b/airflow/tmp/oci_principal_authentication_debug.py
@@ -0,0 +1,73 @@
+from airflow import DAG
+from airflow.operators.python import PythonOperator
+from datetime import datetime
+import os
+import oci
+import base64
+from oci.auth.signers import InstancePrincipalsSecurityTokenSigner, get_resource_principals_signer
+
+def debug_oci_authentication_method(**context):
+    resource_principal_version = os.environ.get('OCI_RESOURCE_PRINCIPAL_VERSION')
+    
+    if resource_principal_version:
+        print("RESOURCE PRINCIPAL - Container")
+        signer = get_resource_principals_signer()
+    else:
+        print("INSTANCE PRINCIPAL - VM/Compute")
+        signer = InstancePrincipalsSecurityTokenSigner()
+    
+    env = os.getenv("MRDS_ENV")
+    
+    if env == "dev":
+        secret_ocid = "ocid1.vaultsecret.oc1.eu-frankfurt-1.amaaaaaa2ky4jjya3tsglrzfgiyfisxchref774l5y4nrler2vn54lr3li7q"
+        secret_name = "ap-devo_lab-mrds"
+        region = "eu-frankfurt-1"
+        
+    elif env == "tst":
+        secret_ocid = "ocid1.vaultsecret.oc1.eu-frankfurt-1.amaaaaaa2ky4jjyayqqotyowhpoml3v5szkwhmtu4rq6bplpkvdruzupz3ma"
+        secret_name = "ap-devo_tst-mrds"
+        region = "eu-frankfurt-1"
+        
+    else:
+        raise ValueError(f"Unsupported environment: {env}. Expected 'dev' or 'tst'")
+
+    print(f"Environment: {env}")
+    print(f"Secret Name: {secret_name}")
+    print(f"Secret OCID: {secret_ocid}")
+    print(f"Region: {region}")
+
+    config = {"region": region}
+    secrets_client = oci.secrets.SecretsClient(config=config, signer=signer)
+    
+    try:
+        bundle = secrets_client.get_secret_bundle(secret_id=secret_ocid)
+        password = base64.b64decode(bundle.data.secret_bundle_content.content).decode('utf-8')
+        
+        print(f"Secret '{secret_name}' retrieved successfully: {len(password)} characters")
+        
+        return {
+            'password': password,
+            'secret_name': secret_name,
+            'secret_ocid': secret_ocid,
+            'environment': env,
+            'region': region
+        }
+        
+    except Exception as e:
+        print(f"Error retrieving secret '{secret_name}' with OCID '{secret_ocid}': {str(e)}")
+        raise
+
+dag = DAG(
+    'oci_principal_authentication_debug',
+    start_date=datetime(2024, 1, 1),
+    schedule_interval=None,
+    catchup=False,
+    description='Debug OCI authentication and retrieve secrets using Secret OCID'
+)
+
+debug_task = PythonOperator(
+    task_id='detect_principal_type_and_get_secret',
+    python_callable=debug_oci_authentication_method,
+    dag=dag
+)
+