This is an automated email from the ASF dual-hosted git repository.
vincbeck pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new cb7f6afe039 fix RedshiftSQLHook._get_conn_params connection mutation
with iam (#64991)
cb7f6afe039 is described below
commit cb7f6afe039e1dd10650d71015b357af74e43801
Author: Justin Pakzad <[email protected]>
AuthorDate: Mon Apr 13 09:25:32 2026 -0400
fix RedshiftSQLHook._get_conn_params connection mutation with iam (#64991)
---
.../providers/amazon/aws/hooks/redshift_sql.py | 20 +++++++++-------
.../unit/amazon/aws/hooks/test_redshift_sql.py | 27 ++++++++++++++++++++++
2 files changed, 39 insertions(+), 8 deletions(-)
diff --git
a/providers/amazon/src/airflow/providers/amazon/aws/hooks/redshift_sql.py
b/providers/amazon/src/airflow/providers/amazon/aws/hooks/redshift_sql.py
index eca7bd5afb3..0a55c2bdc26 100644
--- a/providers/amazon/src/airflow/providers/amazon/aws/hooks/redshift_sql.py
+++ b/providers/amazon/src/airflow/providers/amazon/aws/hooks/redshift_sql.py
@@ -88,16 +88,20 @@ class RedshiftSQLHook(DbApiHook):
conn_params: dict[str, str | int] = {}
if conn.extra_dejson.get("iam", False):
- conn.login, conn.password, conn.port = self.get_iam_token(conn)
-
- if conn.login:
- conn_params["user"] = conn.login
- if conn.password:
- conn_params["password"] = conn.password
+ login, password, port = self.get_iam_token(conn)
+ else:
+ login = conn.login
+ password = conn.password
+ port = conn.port
+
+ if login:
+ conn_params["user"] = login
+ if password:
+ conn_params["password"] = password
+ if port:
+ conn_params["port"] = port
if conn.host:
conn_params["host"] = conn.host
- if conn.port:
- conn_params["port"] = conn.port
if conn.schema:
conn_params["database"] = conn.schema
diff --git a/providers/amazon/tests/unit/amazon/aws/hooks/test_redshift_sql.py
b/providers/amazon/tests/unit/amazon/aws/hooks/test_redshift_sql.py
index f1cf9855170..c8aaa5ac938 100644
--- a/providers/amazon/tests/unit/amazon/aws/hooks/test_redshift_sql.py
+++ b/providers/amazon/tests/unit/amazon/aws/hooks/test_redshift_sql.py
@@ -242,6 +242,33 @@ class TestRedshiftSQLHookConn:
AutoCreate=False,
)
+ @mock.patch("airflow.providers.amazon.aws.hooks.base_aws.AwsBaseHook.conn")
+
@mock.patch("airflow.providers.amazon.aws.hooks.redshift_sql.redshift_connector.connect")
+ def test_get_conn_iam_does_not_mutate_connection(self, mock_connect,
mock_aws_hook_conn):
+ self.connection.extra = json.dumps(
+ {"iam": True, "profile": "default", "cluster_identifier":
"my-test-cluster"}
+ )
+
+ mock_db_user = f"IAM:{LOGIN_USER}"
+ mock_db_pass = "aws_token"
+
+ mock_aws_hook_conn.get_cluster_credentials.return_value = {
+ "DbPassword": mock_db_pass,
+ "DbUser": mock_db_user,
+ }
+ self.db_hook.get_conn()
+ self.db_hook.get_conn()
+ assert mock_aws_hook_conn.get_cluster_credentials.call_count == 2
+ for call in mock_aws_hook_conn.get_cluster_credentials.call_args_list:
+ assert call == mock.call(
+ DbUser=LOGIN_USER,
+ DbName=LOGIN_SCHEMA,
+ ClusterIdentifier="my-test-cluster",
+ AutoCreate=False,
+ )
+
+ assert self.connection.login == LOGIN_USER
+
@mock.patch.dict("os.environ",
AIRFLOW_CONN_AWS_DEFAULT=f"aws://?region_name={MOCK_REGION_NAME}")
@pytest.mark.parametrize(
("connection_host", "connection_extra", "expected_identity"),
