Depreciate private_key_pass extra param and rename to private_key_passphrase #14028
Conversation
|
Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst)
|
UPDATING.md
Outdated
| ### SFTP connection `private_key_pass` extra param is renamed to `private_key_passphrase` | ||
|
|
||
| Some operators perform SFTP operations by the means of `SFTPHook`. `SFTPHook` delegates the actual SFTP connection to | ||
| the `pysftp` module. | ||
|
|
||
| When connecting with a private key protected by a passphrase, the `private_key_pass` extra parameter had to be | ||
| specified in the connection, and this corresponds to the arguments' naming in `pysftp`. | ||
|
|
||
| However, `SFTPHook` inherits from `SSHHook` which already manages a `private_key_passphrase` extra param. But this | ||
| param was unused in favor of the `private_key_pass` param introduced in `SFTPHook`. | ||
|
|
||
| For consistency, `private_key_pass` has been dropped in `SFTPHook` and `private_key_passphrase` is well reused. | ||
| This way, a single connection can be used for both SSH and SFTP operations. | ||
|
|
There was a problem hiding this comment.
I don't think this is the place for this.
It's information about the backward incompatibility of a provider.
If I upgrade a provider I need to see this in the provider release notes not in Airflow release notes.
There was a problem hiding this comment.
Correct. Those should be moved to CHANGELOG.rst (and ADDITIONAL_INFO.md for backports till the end of March) in the provider's folders. Those are newly added (just merged some changes recently and once this PR is merged (#14013) the SFTP provider will have both files that should be modified instead. I am releasing new wave of providers today. so this change wil only male it to the next one (but I think it is not urgent and can be released easily in 2-3 weeks when we release the next wave).
There was a problem hiding this comment.
Hi,
I don't know if it's my job to resolve the conversation !?
ce08dcf to
1c7884a
Compare
|
The Workflow run is cancelling this PR. It has some failed jobs matching ^Pylint$,^Static checks,^Build docs$,^Spell check docs$,^Backport packages$,^Provider packages,^Checks: Helm tests$,^Test OpenAPI*. |
1c7884a to
1252bd2
Compare
1252bd2 to
67b8fad
Compare
67b8fad to
c842977
Compare
| if 'private_key_pass' in extra_options: | ||
| self.private_key_pass = extra_options.get('private_key_pass') |
There was a problem hiding this comment.
This makes this PR a breaking change -- could you please add a back-compatiblity path in (i.e. something that notices when this option is set but the new one is not, uses it and issues a deprecation warning)?
airflow/providers/ssh/hooks/ssh.py
Outdated
| @@ -131,9 +132,11 @@ def __init__( # pylint: disable=too-many-statements | |||
| self.key_file = extra_options.get("key_file") | |||
|
|
|||
| private_key = extra_options.get('private_key') | |||
| private_key_passphrase = extra_options.get('private_key_passphrase') | |||
| self.private_key_passphrase = extra_options.get('private_key_passphrase') | |||
There was a problem hiding this comment.
Making this an instance variable has no effect -- changing it won't do anything as the value has already been used by the time anything else could set this.
There was a problem hiding this comment.
The idea was to reuse it in SFTPHook subclass, not to change it. The private key passphrase is consumed by Paramiko in SSHhook, while it is consumed by Pysftp in SFTPHook. Anyway, I do not inherit this field anymore.
c842977 to
198cd1e
Compare
198cd1e to
849da71
Compare
849da71 to
70b9402
Compare
|
The PR is likely OK to be merged with just subset of tests for default Python and Database versions without running the full matrix of tests, because it does not modify the core of Airflow. If the committers decide that the full tests matrix is needed, they will add the label 'full tests needed'. Then you should rebase to the latest main or amend the last commit of the PR, and push it with --force-with-lease. |
|
Awesome work, congrats on your first merged pull request! |
Some operators perform SFTP operations by the means of
SFTPHook.SFTPHookdelegates the actual SFTP connection tothe
pysftpmodule.When connecting with a private key protected by a passphrase, the
private_key_passextra parameter must bespecified in the connection, and this corresponds to the arguments' naming in
pysftp.However,
SFTPHookinherits fromSSHHookwhich already manages aprivate_key_passphraseextra param. But thisparam is unused in favor of the
private_key_passparam introduced inSFTPHook.For consistency, I propose to drop
private_key_passinSFTPHookand to reuseprivate_key_passphrasefromSSHHook.This way, a single connection can be used for both SSH and SFTP operations.