Merge pull request #1762 from edx/katebygrace/snowflake-jobs-secretsmanager

katebygrace · web-flow · commit bccebdb31def · 2024-05-17T17:01:55.000-04:00
Katebygrace/snowflake expire jobs secretsmanager
diff --git a/dataeng/jobs/analytics/SnowflakeExpirePasswords.groovy b/dataeng/jobs/analytics/SnowflakeExpirePasswords.groovy
@@ -41,8 +41,6 @@ class SnowflakeExpirePasswords {
                     }
                 }
                 environmentVariables {
-                    env('KEY_PATH', allVars.get('KEY_PATH'))
-                    env('PASSPHRASE_PATH', allVars.get('PASSPHRASE_PATH'))
                     env('USER', allVars.get('USER'))
                     env('ACCOUNT', allVars.get('ACCOUNT'))
                 }
diff --git a/dataeng/resources/snowflake-expire-individual-password.sh b/dataeng/resources/snowflake-expire-individual-password.sh
@@ -10,9 +10,17 @@ source "${PYTHON_VENV}/bin/activate"
 cd $WORKSPACE/analytics-tools/snowflake
 make requirements
 
+
+python3 secrets-manager.py -w -n analytics-secure/snowflake/rsa_key_snowflake_task_automation_user.p8 -v rsa_key_snowflake_task_automation_user
+python3 secrets-manager.py -w -n analytics-secure/snowflake/rsa_key_passphrase_snowflake_task_automation_user -v rsa_key_passphrase_snowflake_task_automation_user
+
 python expire_user_passwords.py \
-    --key_path $KEY_PATH \
-    --passphrase_path $PASSPHRASE_PATH \
-    --automation_user $USER \
-    --account $ACCOUNT \
-    --user_to_expire $USER_TO_EXPIRE
+    --automation_user 'SNOWFLAKE_TASK_AUTOMATION_USER' \
+    --account 'edx.us-east-1' \
+    --user_to_expire $USER_TO_EXPIRE \
+    --key_file "$(cat "rsa_key_snowflake_task_automation_user")" \
+    --pass_file  "$(cat "rsa_key_passphrase_snowflake_task_automation_user")"
+
+
+rm rsa_key_snowflake_task_automation_user
+rm rsa_key_passphrase_snowflake_task_automation_user
diff --git a/dataeng/resources/snowflake-expire-passwords.sh b/dataeng/resources/snowflake-expire-passwords.sh
@@ -10,8 +10,15 @@ source "${PYTHON_VENV}/bin/activate"
 cd $WORKSPACE/analytics-tools/snowflake
 make requirements
 
+
+python3 secrets-manager.py -w -n analytics-secure/snowflake/rsa_key_snowflake_task_automation_user.p8 -v rsa_key_snowflake_task_automation_user
+python3 secrets-manager.py -w -n analytics-secure/snowflake/rsa_key_passphrase_snowflake_task_automation_user -v rsa_key_passphrase_snowflake_task_automation_user
+
 python expire_user_passwords.py \
-    --key_path $KEY_PATH \
-    --passphrase_path $PASSPHRASE_PATH \
-    --automation_user $USER \
-    --account $ACCOUNT
+    --automation_user 'SNOWFLAKE_TASK_AUTOMATION_USER' \
+    --account 'edx.us-east-1' \
+    --key_file "$(cat "rsa_key_snowflake_task_automation_user")" \
+    --pass_file  "$(cat "rsa_key_passphrase_snowflake_task_automation_user")"
+
+rm rsa_key_snowflake_task_automation_user
+rm rsa_key_passphrase_snowflake_task_automation_user

Original file line number	Diff line number	Diff line change
`@@ -41,8 +41,6 @@ class SnowflakeExpirePasswords {`
`41`	`41`	`}`
`42`	`42`	`}`
`43`	`43`	`environmentVariables {`
`44`		`- env('KEY_PATH', allVars.get('KEY_PATH'))`
`45`		`- env('PASSPHRASE_PATH', allVars.get('PASSPHRASE_PATH'))`
`46`	`44`	`env('USER', allVars.get('USER'))`
`47`	`45`	`env('ACCOUNT', allVars.get('ACCOUNT'))`
`48`	`46`	`}`