Channels
#prefect-community
Title
r
Raphaël Riel
01/15/2021, 2:29 PMHello all! Does setting+updating a Secret From within a Task is something possible with Prefect Cloud (In Cloud Context) ?
I see I can easily do this via the Client/GraphQL, but didn’t manage to find a way to access the task’s current client/GraphQLClient.
Any hints on how I could achieve writing to a secret from within a Task?
I want to do this instead of setting the secret from the UI for the following reasons:
• The Value is “hard” to generate+handle by a human (RSA Key), So it’s easier to have the generation/validation code within a task that will set the secret itself.
• The Secret name must follow a specific nomenclature. Thus inducing a potential risk of mis-naming it in the UI
n
nicholas
01/15/2021, 3:24 PM
Hi @Raphaël Riel - I'm a little confused what you mean by accessing the task's client/graphql client. You can import and use the Prefect GraphQL client like this:
Copy code
from prefect import client
@task
def some_task():
query = """
mutation{
set_secret(input:{name:"", value:""}) {
success
}
}
"""
res = client.graphql(query=query)
print(res)r
Raphaël Riel
01/15/2021, 3:38 PMOh. That moment when you realize you were looking for something waaaayyyy too complicated 😂
Thanks @nicholas
n
nicholas
01/15/2021, 3:42 PM
Yup yup! Lmk if that gets the job done 🙂
r
Raphaël Riel
01/15/2021, 3:46 PMHummm, actually both my IDE and runtime tell me this doesn’t work.
AttributeError: module 'prefect.client' has no attribute 'graphql' Copy code
from prefect import client
res = client.graphql(query=query)Idem with
from prefect.client import clientThose seems to be packages modules, and not an instance of
ClientOk, got it. :
Copy code
from prefect import client
query = """
mutation{
set_secret(input:{name:"TEST_RRIEL", value:"{}"}) {
success
}
}
"""
res = client.Client().graphql(query=query)
print(res)n
nicholas
01/15/2021, 3:52 PM
Ahh I apologize, I didn't include the client instantiation in my example, that's my bad
r
Raphaël Riel
01/15/2021, 4:10 PMNP. I posted it here in case someone else takes a look!
👍 1
Hummm, is there a way to allow an Agent to set a Secret? Running this live, I get a Forbidden on the Mutation Call.
n
nicholas
01/15/2021, 9:16 PM
Hm no, Agents can't set secrets. Can you post your error message? It's possible you need to authenticate your run.
r
Raphaël Riel
01/18/2021, 1:28 PMThere you go:
Copy code
Unexpected error: ClientError([{'path': ['set_secret'], 'message': 'Unauthorized', 'extensions': {'code': 'FORBIDDEN'}}])
Traceback (most recent call last):
File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/engine/runner.py", line 48, in inner
new_state = method(self, state, *args, **kwargs)
File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/engine/task_runner.py", line 856, in get_task_run_state
value = prefect.utilities.executors.run_task_with_timeout(
File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/utilities/executors.py", line 298, in run_task_with_timeout
return task.run(*args, **kwargs) # type: ignore
File "/code/src/prefect_setup/tasks/dbt2.py", line 56, in run
client.Client().set_secret(secret_name, new_value)
File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/client/client.py", line 1548, in set_secret
result = self.graphql(
File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/client/client.py", line 319, in graphql
raise ClientError(result["errors"])
prefect.utilities.exceptions.ClientError: [{'path': ['set_secret'], 'message': 'Unauthorized', 'extensions': {'code': 'FORBIDDEN'}}]2 Views