https://prefect.io logo
Join Slack
Powered by
Hello all! Does setting+updating a Secret *From wi...
# ask-community
r
Hello all! Does setting+updating a Secret From within a Task is something possible with Prefect Cloud (In Cloud Context) ? I see I can easily do this via the Client/GraphQL, but didn’t manage to find a way to access the task’s current client/GraphQLClient. Any hints on how I could achieve writing to a secret from within a Task?
I want to do this instead of setting the secret from the UI for the following reasons: • The Value is “hard” to generate+handle by a human (RSA Key), So it’s easier to have the generation/validation code within a task that will set the secret itself. • The Secret name must follow a specific nomenclature. Thus inducing a potential risk of mis-naming it in the UI
n
Hi @Raphaël Riel - I'm a little confused what you mean by accessing the task's client/graphql client. You can import and use the Prefect GraphQL client like this:
Copy code
from prefect import client

@task
def some_task():
  query = """
    mutation{
      set_secret(input:{name:"", value:""}) {
        success
       }
     }
  """  


  res = client.graphql(query=query)

  print(res)
r
Oh. That moment when you realize you were looking for something waaaayyyy too complicated 😂
Thanks @nicholas
n
Yup yup! Lmk if that gets the job done 🙂
r
Hummm, actually both my IDE and runtime tell me this doesn’t work. 
AttributeError: module 'prefect.client' has no attribute 'graphql'
Using :
Copy code
from prefect import client
res = client.graphql(query=query)
Idem with 
from prefect.client import client
Those seems to be packages modules, and not an instance of 
Client
Ok, got it. :
Copy code
from prefect import client
        query = """
            mutation{
              set_secret(input:{name:"TEST_RRIEL", value:"{}"}) {
                success
               }
             }
          """
        res = client.Client().graphql(query=query)
        print(res)
And “Value” must be JSON.
n
Ahh I apologize, I didn't include the client instantiation in my example, that's my bad
r
NP. I posted it here in case someone else takes a look!
👍 1
Hummm, is there a way to allow an Agent to set a Secret? Running this live, I get a Forbidden on the Mutation Call.
n
Hm no, Agents can't set secrets. Can you post your error message? It's possible you need to authenticate your run.
r
There you go:
Copy code
Unexpected error: ClientError([{'path': ['set_secret'], 'message': 'Unauthorized', 'extensions': {'code': 'FORBIDDEN'}}])
Traceback (most recent call last):
  File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/engine/runner.py", line 48, in inner
    new_state = method(self, state, *args, **kwargs)
  File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/engine/task_runner.py", line 856, in get_task_run_state
    value = prefect.utilities.executors.run_task_with_timeout(
  File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/utilities/executors.py", line 298, in run_task_with_timeout
    return task.run(*args, **kwargs)  # type: ignore
  File "/code/src/prefect_setup/tasks/dbt2.py", line 56, in run
    client.Client().set_secret(secret_name, new_value)
  File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/client/client.py", line 1548, in set_secret
    result = self.graphql(
  File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/client/client.py", line 319, in graphql
    raise ClientError(result["errors"])
prefect.utilities.exceptions.ClientError: [{'path': ['set_secret'], 'message': 'Unauthorized', 'extensions': {'code': 'FORBIDDEN'}}]
2 Views
Open in Slack
PreviousNext
Powered by