The GitHub Actions job "Tests" on airflow.git/main has failed. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: 58d894d071a57af2978d222b631a676571cbf65f / Piotr Klinski <[email protected]> Add Kubernetes Secrets Backend to cncf.kubernetes provider (#61527) * Add Kubernetes Secrets Backend to cncf.kubernetes provider Add a new secrets backend that reads Airflow connections, variables, and configurations from Kubernetes Secrets. This enables integration with External Secrets Operator (ESO) or any tool that creates Kubernetes secrets with a predictable naming scheme. Key design decisions: - Uses kubernetes.config.load_incluster_config() directly instead of KubernetesHook to avoid circular dependencies (the secrets backend cannot depend on Airflow connections since it IS the mechanism for resolving them). - Auto-detects namespace from pod service account metadata with fallback to 'default'. - Sanitizes secret names for Kubernetes DNS compatibility by converting underscores to hyphens and lowercasing. - Supports configurable prefixes and data keys for connections, variables, and configurations. Co-Authored-By: Claude Opus 4.6 <[email protected]> * label based approch * Update docs to reflect configurable namespace parameter - Fix docstring to reference automountServiceAccountToken instead of "not running inside a Kubernetes pod" (matching error message) - Update RST prerequisites to mention "target namespace" instead of assuming same namespace as Airflow pod - Add namespace as first parameter in backend_kwargs documentation - Rewrite authentication section to explain namespace override option Co-Authored-By: Claude Opus 4.6 <[email protected]> * Elevate log level from debug to warning for missing secrets When a secret or data key is not found during label-based lookup, a debug message is easy to miss. Upgrading to warning ensures operators are promptly notified of misconfigured or missing secrets. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Extract label defaults and namespace path to class-level constants Move hard-coded label keys and service account namespace path to class constants (DEFAULT_CONNECTIONS_LABEL, DEFAULT_VARIABLES_LABEL, DEFAULT_CONFIG_LABEL, SERVICE_ACCOUNT_NAMESPACE_PATH) for better discoverability and a single source of truth. Rename _get_secret_by_label to _get_secret, fix label values to use standard Airflow conventions (connection-id, variable-key, config-key), and fix formatting issues. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Remove redundant tests from KubernetesSecretsBackend (#61527) Address PR review feedback by removing duplicate tests: - Remove TestKubernetesSecretsBackendTeamName (team_name is ignored, already covered by existing connection/variable tests) - Remove TestKubernetesSecretsBackendResourceVersion (resource_version="0" is already verified in 4+ other tests via assert_called_once_with) Also document that multi-team isolation is not currently supported in get_conn_value and get_variable docstrings. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Move None label guard into _get_secret to reduce duplication (#61527) The `if label is None: return None` check was repeated in get_conn_value, get_variable, and get_config. Since _get_secret already receives the label as a parameter, it is the natural place for this guard. This simplifies the public methods to single-line delegations. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Update providers/cncf/kubernetes/src/airflow/providers/cncf/kubernetes/secrets/kubernetes_secrets_backend.py Co-authored-by: Jens Scheffler <[email protected]> * Fix static checks via prek rnu -a update-providers-build-files --------- Co-authored-by: Claude Opus 4.6 <[email protected]> Co-authored-by: Jens Scheffler <[email protected]> Co-authored-by: Jens Scheffler <[email protected]> Report URL: https://github.com/apache/airflow/actions/runs/22278282575 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
