74 lines
2.4 KiB
Python
74 lines
2.4 KiB
Python
from airflow import DAG
|
|
from airflow.operators.python import PythonOperator
|
|
from datetime import datetime
|
|
import os
|
|
import oci
|
|
import base64
|
|
from oci.auth.signers import InstancePrincipalsSecurityTokenSigner, get_resource_principals_signer
|
|
|
|
def debug_oci_authentication_method(**context):
|
|
resource_principal_version = os.environ.get('OCI_RESOURCE_PRINCIPAL_VERSION')
|
|
|
|
if resource_principal_version:
|
|
print("RESOURCE PRINCIPAL - Container")
|
|
signer = get_resource_principals_signer()
|
|
else:
|
|
print("INSTANCE PRINCIPAL - VM/Compute")
|
|
signer = InstancePrincipalsSecurityTokenSigner()
|
|
|
|
env = os.getenv("MRDS_ENV")
|
|
|
|
if env == "dev":
|
|
secret_ocid = "ocid1.vaultsecret.oc1.eu-frankfurt-1.amaaaaaa2ky4jjya3tsglrzfgiyfisxchref774l5y4nrler2vn54lr3li7q"
|
|
secret_name = "ap-devo_lab-mrds"
|
|
region = "eu-frankfurt-1"
|
|
|
|
elif env == "tst":
|
|
secret_ocid = "ocid1.vaultsecret.oc1.eu-frankfurt-1.amaaaaaa2ky4jjyayqqotyowhpoml3v5szkwhmtu4rq6bplpkvdruzupz3ma"
|
|
secret_name = "ap-devo_tst-mrds"
|
|
region = "eu-frankfurt-1"
|
|
|
|
else:
|
|
raise ValueError(f"Unsupported environment: {env}. Expected 'dev' or 'tst'")
|
|
|
|
print(f"Environment: {env}")
|
|
print(f"Secret Name: {secret_name}")
|
|
print(f"Secret OCID: {secret_ocid}")
|
|
print(f"Region: {region}")
|
|
|
|
config = {"region": region}
|
|
secrets_client = oci.secrets.SecretsClient(config=config, signer=signer)
|
|
|
|
try:
|
|
bundle = secrets_client.get_secret_bundle(secret_id=secret_ocid)
|
|
password = base64.b64decode(bundle.data.secret_bundle_content.content).decode('utf-8')
|
|
|
|
print(f"Secret '{secret_name}' retrieved successfully: {len(password)} characters")
|
|
|
|
return {
|
|
'password': password,
|
|
'secret_name': secret_name,
|
|
'secret_ocid': secret_ocid,
|
|
'environment': env,
|
|
'region': region
|
|
}
|
|
|
|
except Exception as e:
|
|
print(f"Error retrieving secret '{secret_name}' with OCID '{secret_ocid}': {str(e)}")
|
|
raise
|
|
|
|
dag = DAG(
|
|
'oci_principal_authentication_debug',
|
|
start_date=datetime(2024, 1, 1),
|
|
schedule_interval=None,
|
|
catchup=False,
|
|
description='Debug OCI authentication and retrieve secrets using Secret OCID'
|
|
)
|
|
|
|
debug_task = PythonOperator(
|
|
task_id='detect_principal_type_and_get_secret',
|
|
python_callable=debug_oci_authentication_method,
|
|
dag=dag
|
|
)
|
|
|