Raphaël Riel

    Raphaël Riel

    1 year ago
    Hello all! Does setting+updating a Secret From within a Task is something possible with Prefect Cloud (In Cloud Context) ? I see I can easily do this via the Client/GraphQL, but didn’t manage to find a way to access the task’s current client/GraphQLClient. Any hints on how I could achieve writing to a secret from within a Task?
    I want to do this instead of setting the secret from the UI for the following reasons: • The Value is “hard” to generate+handle by a human (RSA Key), So it’s easier to have the generation/validation code within a task that will set the secret itself. • The Secret name must follow a specific nomenclature. Thus inducing a potential risk of mis-naming it in the UI
    nicholas

    nicholas

    1 year ago
    Hi @Raphaël Riel - I'm a little confused what you mean by accessing the task's client/graphql client. You can import and use the Prefect GraphQL client like this:
    from prefect import client
    
    @task
    def some_task():
      query = """
        mutation{
          set_secret(input:{name:"", value:""}) {
            success
           }
         }
      """  
    
    
      res = client.graphql(query=query)
    
      print(res)
    Raphaël Riel

    Raphaël Riel

    1 year ago
    Oh. That moment when you realize you were looking for something waaaayyyy too complicated 😂
    Thanks @nicholas
    nicholas

    nicholas

    1 year ago
    Yup yup! Lmk if that gets the job done 🙂
    Raphaël Riel

    Raphaël Riel

    1 year ago
    Hummm, actually both my IDE and runtime tell me this doesn’t work.
    AttributeError: module 'prefect.client' has no attribute 'graphql'
    Using :
    from prefect import client
    res = client.graphql(query=query)
    Idem with
    from prefect.client import client
    Those seems to be packages modules, and not an instance of
    Client
    Ok, got it. :
    from prefect import client
            query = """
                mutation{
                  set_secret(input:{name:"TEST_RRIEL", value:"{}"}) {
                    success
                   }
                 }
              """
            res = client.Client().graphql(query=query)
            print(res)
    And “Value” must be JSON.
    nicholas

    nicholas

    1 year ago
    Ahh I apologize, I didn't include the client instantiation in my example, that's my bad
    Raphaël Riel

    Raphaël Riel

    1 year ago
    NP. I posted it here in case someone else takes a look!
    Hummm, is there a way to allow an Agent to set a Secret? Running this live, I get a Forbidden on the Mutation Call.
    nicholas

    nicholas

    1 year ago
    Hm no, Agents can't set secrets. Can you post your error message? It's possible you need to authenticate your run.
    Raphaël Riel

    Raphaël Riel

    1 year ago
    There you go:
    Unexpected error: ClientError([{'path': ['set_secret'], 'message': 'Unauthorized', 'extensions': {'code': 'FORBIDDEN'}}])
    Traceback (most recent call last):
      File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/engine/runner.py", line 48, in inner
        new_state = method(self, state, *args, **kwargs)
      File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/engine/task_runner.py", line 856, in get_task_run_state
        value = prefect.utilities.executors.run_task_with_timeout(
      File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/utilities/executors.py", line 298, in run_task_with_timeout
        return task.run(*args, **kwargs)  # type: ignore
      File "/code/src/prefect_setup/tasks/dbt2.py", line 56, in run
        client.Client().set_secret(secret_name, new_value)
      File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/client/client.py", line 1548, in set_secret
        result = self.graphql(
      File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/prefect/client/client.py", line 319, in graphql
        raise ClientError(result["errors"])
    prefect.utilities.exceptions.ClientError: [{'path': ['set_secret'], 'message': 'Unauthorized', 'extensions': {'code': 'FORBIDDEN'}}]