Closed ssulca closed 3 months ago
To address the issue with the AthenaAccessKeyProfileMapping
class in the astronomer-cosmos
package where an invalid AWS session token error occurs due to the inclusion of an empty aws_session_token
field, your proposed solution is on point. You can modify the class to conditionally include the aws_session_token
in the profile only if the token is present. Here's a refined approach to implement this:
@property
def profile(self) -> dict[str, Any | None]:
self.temporary_credentials = self._get_temporary_credentials() # type: ignore
profile = {
**self.mapped_params,
**self.profile_args,
"aws_access_key_id": self.temporary_credentials.access_key,
"aws_secret_access_key": self.get_env_var_format("aws_secret_access_key"),
}
if self.temporary_credentials.token:
profile["aws_session_token"] = self.get_env_var_format("aws_session_token")
return self.filter_null(profile)
This code ensures that aws_session_token
is only added to the profile if it exists, thus avoiding the error you encountered. It's important to test this change thoroughly to ensure it doesn't affect other functionalities within the astronomer-cosmos
package, especially those related to AWS authentication and dbt profile generation for Athena.
To continue the conversation, mention @dosu.
HI @ssulca , thanks for reporting the issue and proposing a solution! Would you like to contribute a PR with this fix? It would be highly appreciated.
Cosmos in AthenaAccessKeyProfileMapping always tries to use a session token, even when it is not provided by the Airflow connection
Context
When setting up a new aws connection using only
aws_access_key_id
andaws_secret_access_key
, it generates a profile like this:But
AthenaAccessKeyProfileMapping
sets theaws_session_token
as an empty string, and dbt takes this value, resulting in.Propose solutions In profile function
Add a condition that check if there is a token.