Skip to content

SecretContext for secret env vars, profiles + packages only #4311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 19, 2021
Merged

SecretContext for secret env vars, profiles + packages only #4311

merged 4 commits into from
Nov 19, 2021
+164 −15

Conversation

jtcohen6
Copy link
Contributor

@jtcohen6 jtcohen6 commented Nov 19, 2021
edited
Loading

resolves #4310

Description

  • Adds SecretContext for use by the ProfileRenderer (profiles.yml) + PackageRenderer (packages.yml)
  • In all other rendering contexts, the env_var context member will raise an exception (disallow_secret_env_var) if it encounters a var prefixed with DBT_ENV_SECRET_

Adjust integration tests accordingly:

  • check for ParsingException if secret env var is used in a model
  • ensure that secret env vars can be used in profiles.yml + packages.yml
  • ensure that the value of a secret env var is scrubbed from the logs (even if defined as a string literal, not via env_var())

Checklist

  • I have signed the CLA
  • I have run this code in development and it appears to resolve the stated issue
  • This PR includes tests, or tests are not required/relevant for this PR
  • I have updated the CHANGELOG.md and added information about my change

Sorry, something went wrong.

@jtcohen6
SecretContext for secret env vars

Verified

This commit was signed with the committer’s verified signature.
vszakats Viktor Szakats
GPG key ID: B5ABD165E2AEF201
Verified
Learn about vigilant mode
976467e
@jtcohen6
Cleanup exception. Add + edit tests
faba836
@cla-bot cla-bot bot added the cla:yes label Nov 19, 2021
@jtcohen6 jtcohen6 marked this pull request as ready for review November 19, 2021 14:08
@jtcohen6 jtcohen6 requested review from gshank and leahwicz November 19, 2021 14:08
gshank
gshank approved these changes Nov 19, 2021
View reviewed changes
Copy link
Contributor

@gshank gshank left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Nice work :)

@jtcohen6
Copy link
Contributor Author

@gshank Couldn't have done it without you. The code reorg + annotations re: contexts are what made this possible

@jtcohen6 jtcohen6 merged commit d300add into main Nov 19, 2021
@jtcohen6 jtcohen6 deleted the env-var-profiles-packages-only branch November 19, 2021 18:36
iknox-fa pushed a commit that referenced this pull request Feb 8, 2022
@jtcohen6 @iknox-fa
SecretContext for secret env vars, profiles + packages only (#4311)
c4748d8 
* SecretContext for secret env vars

* Cleanup exception. Add + edit tests

* Add changelog entry

automatic commit by git-black, original commits:
  d300add
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gshank gshank

@leahwicz leahwicz

Assignees
No one assigned
Labels
cla:yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Stricter secret env vars: allow in profiles.yml + packages.yml, disallow elsewhere
2 participants
@jtcohen6 @gshank