Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PROD-2839 Better handling of empty storage secrets in aws_util #5347

Merged
merged 4 commits into from
Oct 8, 2024
Merged

PROD-2839 Better handling of empty storage secrets in aws_util #5347

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9367e04
better handling of empty storage secrets in aws_util
adamsachs Oct 3, 2024
28c2700
Merge branch 'main' into asachs/PROD-2839
erosselli Oct 8, 2024
acce076
Add changelog entry
erosselli Oct 8, 2024
977bba6
Merge branch 'main' into asachs/PROD-2839
erosselli Oct 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ The types of changes are:
### Fixed
- Updating the hash migration status check query to use the available indexes [#5336](https://github.com/ethyca/fides/pull/5336)
- Fixed column resize jank on all tables in Admin UI [#5340](https://github.com/ethyca/fides/pull/5340)
- Better handling of empty storage secrets in aws_util [#5347](https://github.com/ethyca/fides/pull/5347)

## [2.46.2](https://github.com/ethyca/fides/compare/2.46.1...2.46.2)

Expand Down
7 changes: 5 additions & 2 deletions src/fides/api/util/aws_util.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

def get_aws_session(
auth_method: str,
storage_secrets: Dict[StorageSecrets, Any],
storage_secrets: Optional[Dict[StorageSecrets, Any]],
assume_role_arn: Optional[str] = None,
) -> Session:
"""
Expand All @@ -19,8 +19,11 @@ def get_aws_session(
If an `assume_role_arn` is provided, the secrets will be used to
assume that role and return a Session instantiated with that role.
"""
if storage_secrets is None:
# set to an empty dict to allow for more dynamic code downstream
storage_secrets = {}
if auth_method == AWSAuthMethod.SECRET_KEYS.value:
if storage_secrets is None:
if not storage_secrets:
err_msg = "Storage secrets not found for S3 storage."
logger.warning(err_msg)
raise StorageUploadError(err_msg)
Expand Down
4 changes: 3 additions & 1 deletion tests/ops/util/test_storage_authenticator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,12 @@ def tests_unsupported_storage_secret_type_error(self):
)

def tests_automatic_auth_method(self, loguru_caplog):
# credentials error raised by AWS since runtime doesn't have env credentials set up -
# but ensure we don't raise an exception from our own code in parsing.
with pytest.raises(NoCredentialsError):
get_aws_session(
AWSAuthMethod.AUTOMATIC.value, # type: ignore
{StorageSecrets.AWS_ACCESS_KEY_ID: "aws_access_key_id"},
None,
)

def test_secrets_are_valid_bad_storage_type(self):
Expand Down