Apache Airflow Provider(s)

hashicorp

Versions of Apache Airflow Providers

apache-airflow==2.3.0
apache-airflow-providers-hashicorp==2.2.0
hvac==0.11.2

Apache Airflow version

2.3.0

Operating System

Ubuntu 18.04

Deployment

Official Apache Airflow Helm Chart

Deployment details

No response

What happened

Using the vault secrets backend prints a deprecation warning when using the kubernetes auth method:

/home/airflow/.local/lib/python3.8/site-packages/airflow/providers/hashicorp/_internal_client/vault_client.py:284 DeprecationWarning: Call to deprecated function 'auth_kubernetes'. This method will be removed in version '1.0.0' Please use the 'login' method on the 'hvac.api.auth_methods.kubernetes' class moving forward.

This code is still present in main at https://github.com/apache/airflow/blob/main/airflow/providers/hashicorp/_internal_client/vault_client.py#L258-L260.

What you think should happen instead

The new kubernetes authentication method should be used instead. This code:

            if self.auth_mount_point:
                _client.auth_kubernetes(role=self.kubernetes_role, jwt=jwt, mount_point=self.auth_mount_point)
            else:
                _client.auth_kubernetes(role=self.kubernetes_role, jwt=jwt)

Should be able to be updated to:

            from hvac.api.auth_methods import Kubernetes
            if self.auth_mount_point:
                Kubernetes(_client.adapter).login(role=self.kubernetes_role, jwt=jwt, mount_point=self.auth_mount_point)
            else:
                Kubernetes(_client.adapter).login(role=self.kubernetes_role, jwt=jwt)

How to reproduce

Use the vault secrets backend with the kubernetes auth method and look at the logs.

Anything else

No response

Are you willing to submit PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct