dataflow-core 2.1.7__py3-none-any.whl → 2.1.9__py3-none-any.whl

dataflow/secrets_manager/providers/aws_manager.py

@@ -0,0 +1,164 @@
+
+import boto3
+import json
+from botocore.exceptions import BotoCoreError, ClientError, EndpointConnectionError, NoCredentialsError
+from ..interface import SecretManager
+from ...utils.exceptions import (
+    SecretNotFoundException,
+    SecretAlreadyExistsException,
+    SecretManagerAuthException,
+    SecretManagerServiceException
+)
+
+class AWSSecretsManager(SecretManager):
+    def __init__(self):
+        try:
+            self.client = boto3.client('secretsmanager')
+        except EndpointConnectionError as e:
+            raise SecretManagerServiceException("initialize_aws_client", original_error=str(e))
+        except NoCredentialsError as e:
+            raise SecretManagerAuthException("initialize_aws_client", original_error=str(e))
+        except Exception as e:
+            raise SecretManagerServiceException("initialize_aws_client", original_error=str(e))
+
+    def create_secret(self, vault_path: str, secret_data: dict) -> str:
+        try:
+            # Convert dictionary to JSON string before saving
+            secret_string = json.dumps(secret_data)
+            
+            self.client.create_secret(
+                Name=vault_path,
+                SecretString=secret_string,
+                Description=secret_data.get("description", "Created by AWSSecretsManager")
+            )
+            return "Secret created successfully"
+        except ClientError as e:
+            error_code = e.response['Error']['Code']
+            error_message = e.response['Error']['Message']
+            
+            if error_code == 'ResourceExistsException':
+                raise SecretAlreadyExistsException("secret", vault_path, original_error=str(e))
+            elif error_code == 'InvalidRequestException' and 'scheduled for deletion' in error_message:
+                # Special case for secrets in recovery period
+                raise SecretAlreadyExistsException("secret", vault_path, original_error=str(e), is_scheduled_for_deletion=True)
+            elif error_code in ['AccessDeniedException', 'UnauthorizedOperation', 'UnrecognizedClientException']:
+                raise SecretManagerAuthException("create_secret", original_error=str(e))
+            elif error_code in ['InvalidRequestException', 'LimitExceededException']:
+                raise SecretManagerServiceException("create_secret", original_error=str(e))
+            elif error_code == 'InternalServiceErrorException':
+                raise SecretManagerServiceException("create_secret", original_error=str(e))
+            else:
+                raise SecretManagerServiceException("create_secret", original_error=str(e))
+        except BotoCoreError as e:
+            raise SecretManagerServiceException("create_secret", original_error=str(e))
+        except Exception as e:
+            raise SecretManagerServiceException("create_secret", original_error=str(e))
+
+    def get_secret_by_key(self, vault_path: str) -> dict:
+        try:
+            response = self.client.get_secret_value(SecretId=vault_path)
+            secret_string = response.get('SecretString')
+            
+            # Convert JSON string back to dictionary before returning
+            secret_data = json.loads(secret_string)
+            return secret_data
+        except ClientError as e:
+            error_code = e.response['Error']['Code']
+            if error_code == 'ResourceNotFoundException':
+                raise SecretNotFoundException("secret", vault_path, original_error=str(e))
+            elif error_code in ['AccessDeniedException', 'UnauthorizedOperation', 'UnrecognizedClientException']:
+                raise SecretManagerAuthException("get_secret", original_error=str(e))
+            elif error_code in ['InvalidRequestException', 'DecryptionFailureException']:
+                raise SecretManagerServiceException("get_secret", original_error=str(e))
+            elif error_code == 'InternalServiceErrorException':
+                raise SecretManagerServiceException("get_secret", original_error=str(e))
+            else:
+                raise SecretManagerServiceException("get_secret", original_error=str(e))
+        except json.JSONDecodeError as e:
+            raise SecretManagerServiceException("get_secret", original_error=str(e))
+        except BotoCoreError as e:
+            raise SecretManagerServiceException("get_secret", original_error=str(e))
+        except Exception as e:
+            raise SecretManagerServiceException("get_secret", original_error=str(e))
+
+    def update_secret(self, vault_path: str, update_data: dict) -> str:
+        try:
+            # Get current secret data
+            current = self.client.get_secret_value(SecretId=vault_path)
+            current_string = current['SecretString']
+            
+            # Convert current JSON string to dictionary
+            current_data = json.loads(current_string)
+            
+            # Update with new data
+            current_data.update(update_data)
+            
+            # Convert updated dictionary back to JSON string
+            updated_string = json.dumps(current_data)
+            
+            self.client.update_secret(
+                SecretId=vault_path,
+                SecretString=updated_string,
+                Description=current_data.get('description', '')
+            )
+            return "Secret updated successfully"
+        except ClientError as e:
+            error_code = e.response['Error']['Code']
+            if error_code == 'ResourceNotFoundException':
+                raise SecretNotFoundException("secret", vault_path, original_error=str(e))
+            elif error_code in ['AccessDeniedException', 'UnauthorizedOperation', 'UnrecognizedClientException']:
+                raise SecretManagerAuthException("update_secret", original_error=str(e))
+            elif error_code in ['InvalidRequestException', 'DecryptionFailureException']:
+                raise SecretManagerServiceException("update_secret", original_error=str(e))
+            elif error_code == 'InternalServiceErrorException':
+                raise SecretManagerServiceException("update_secret", original_error=str(e))
+            else:
+                raise SecretManagerServiceException("update_secret", original_error=str(e))
+        except json.JSONDecodeError as e:
+            raise SecretManagerServiceException("update_secret", original_error=str(e))
+        except BotoCoreError as e:
+            raise SecretManagerServiceException("update_secret", original_error=str(e))
+        except Exception as e:
+            raise SecretManagerServiceException("update_secret", original_error=str(e))
+
+    def delete_secret(self, vault_path: str) -> str:
+        try:
+            if "git-ssh" in vault_path:
+                self.client.delete_secret(
+                    SecretId=vault_path,
+                    ForceDeleteWithoutRecovery=True
+                )
+            else:
+                self.client.delete_secret(
+                    SecretId=vault_path,
+                    RecoveryWindowInDays=7
+                )
+            return "Secret deleted successfully"
+        except ClientError as e:
+            error_code = e.response['Error']['Code']
+            if error_code == 'ResourceNotFoundException':
+                raise SecretNotFoundException("secret", vault_path, original_error=str(e))
+            elif error_code in ['AccessDeniedException', 'UnauthorizedOperation', 'UnrecognizedClientException']:
+                raise SecretManagerAuthException("delete_secret", original_error=str(e))
+            elif error_code == 'InvalidRequestException':
+                # Can occur if secret is already scheduled for deletion or in invalid state
+                raise SecretManagerServiceException("delete_secret", original_error=str(e))
+            elif error_code == 'InternalServiceErrorException':
+                raise SecretManagerServiceException("delete_secret", original_error=str(e))
+            else:
+                raise SecretManagerServiceException("delete_secret", original_error=str(e))
+        except BotoCoreError as e:
+            raise SecretManagerServiceException("delete_secret", original_error=str(e))
+        except Exception as e:
+            raise SecretManagerServiceException("delete_secret", original_error=str(e))
+
+    def test_connection(self, vault_path: str) -> str:
+        try:
+            secret = self.get_secret_by_key(vault_path)
+            return secret.get('status', 'Unknown')
+        except SecretNotFoundException:
+            raise
+        except (SecretManagerAuthException, SecretManagerServiceException):
+            raise
+        except Exception as e:
+            raise SecretManagerServiceException("test_connection", original_error=str(e))

dataflow/secrets_manager/providers/azure_manager.py

@@ -0,0 +1,185 @@
+
+from azure.keyvault.secrets import SecretClient
+from azure.identity import DefaultAzureCredential
+from azure.core.exceptions import (
+    ResourceNotFoundError,
+    ResourceExistsError,
+    HttpResponseError,
+    ClientAuthenticationError,
+    ServiceRequestError
+)
+from ..interface import SecretManager
+from ...utils.exceptions import (
+    SecretNotFoundException,
+    SecretAlreadyExistsException,
+    SecretManagerAuthException,
+    SecretManagerServiceException
+)
+import json
+
+class AzureKeyVault(SecretManager):
+    def __init__(self, vault_url: str):
+        try:
+            credential = DefaultAzureCredential(additionally_allowed_tenants=["*"])
+            self.client = SecretClient(vault_url=vault_url, credential=credential)
+        except ClientAuthenticationError as e:
+            raise SecretManagerAuthException("initialize_azure_client", original_error=str(e))
+        except ServiceRequestError as e:
+            raise SecretManagerServiceException("initialize_azure_client", original_error=str(e))
+        except Exception as e:
+            raise SecretManagerServiceException("initialize_azure_client", original_error=str(e))
+
+    def create_secret(self, vault_path: str, secret_data: dict) -> str:
+        try:
+            # Convert dictionary to JSON string before saving
+            secret_string = json.dumps(secret_data)
+            
+            self.client.set_secret(
+                name=vault_path,
+                value=secret_string,
+                content_type="application/json",
+                tags={"description": secret_data.get("description", "Created by AzureKeyVault")}
+            )
+            return "Secret created successfully"
+        except ResourceExistsError as e:
+            raise SecretAlreadyExistsException("secret", vault_path, original_error=str(e))
+        except ClientAuthenticationError as e:
+            raise SecretManagerAuthException("create_secret", original_error=str(e))
+        except HttpResponseError as e:
+            if e.status_code == 403:
+                raise SecretManagerAuthException("create_secret", original_error=str(e))
+            elif e.status_code == 409:
+                # Check if it's a scheduled deletion case
+                if "deleted but not purged" in str(e) or "being recovered" in str(e):
+                    raise SecretAlreadyExistsException("secret", vault_path, original_error=str(e), is_scheduled_for_deletion=True)
+                else:
+                    raise SecretAlreadyExistsException("secret", vault_path, original_error=str(e))
+            elif e.status_code == 429:
+                raise SecretManagerServiceException("create_secret", original_error=str(e))
+            elif e.status_code >= 500:
+                raise SecretManagerServiceException("create_secret", original_error=str(e))
+            else:
+                raise SecretManagerServiceException("create_secret", original_error=str(e))
+        except ServiceRequestError as e:
+            raise SecretManagerServiceException("create_secret", original_error=str(e))
+        except Exception as e:
+            raise SecretManagerServiceException("create_secret", original_error=str(e))
+
+    def get_secret_by_key(self, vault_path: str) -> dict:
+        try:
+            secret = self.client.get_secret(vault_path)
+            secret_string = secret.value
+            
+            # Convert JSON string back to dictionary before returning
+            secret_data = json.loads(secret_string)
+            return secret_data
+        except ResourceNotFoundError as e:
+            raise SecretNotFoundException("secret", vault_path, original_error=str(e))
+        except ClientAuthenticationError as e:
+            raise SecretManagerAuthException("get_secret", original_error=str(e))
+        except HttpResponseError as e:
+            if e.status_code == 403:
+                raise SecretManagerAuthException("get_secret", original_error=str(e))
+            elif e.status_code == 404:
+                raise SecretNotFoundException("secret", vault_path, original_error=str(e))
+            elif e.status_code >= 500:
+                raise SecretManagerServiceException("get_secret", original_error=str(e))
+            else:
+                raise SecretManagerServiceException("get_secret", original_error=str(e))
+        except json.JSONDecodeError as e:
+            raise SecretManagerServiceException("get_secret", original_error=str(e))
+        except ServiceRequestError as e:
+            raise SecretManagerServiceException("get_secret", original_error=str(e))
+        except Exception as e:
+            raise SecretManagerServiceException("get_secret", original_error=str(e))
+
+    def update_secret(self, vault_path: str, update_data: dict) -> str:
+        try:
+            # Get current secret data
+            current_secret = self.client.get_secret(vault_path)
+            current_string = current_secret.value
+            
+            # Convert current JSON string to dictionary
+            current_data = json.loads(current_string)
+            
+            # Update with new data
+            current_data.update(update_data)
+            
+            # Convert updated dictionary back to JSON string
+            updated_string = json.dumps(current_data)
+            
+            self.client.set_secret(
+                name=vault_path,
+                value=updated_string,
+                content_type="application/json",
+                tags={"description": current_data.get("description", "")}
+            )
+            return "Secret updated successfully"
+        except ResourceNotFoundError as e:
+            raise SecretNotFoundException("secret", vault_path, original_error=str(e))
+        except ClientAuthenticationError as e:
+            raise SecretManagerAuthException("update_secret", original_error=str(e))
+        except HttpResponseError as e:
+            if e.status_code == 403:
+                raise SecretManagerAuthException("update_secret", original_error=str(e))
+            elif e.status_code == 404:
+                raise SecretNotFoundException("secret", vault_path, original_error=str(e))
+            elif e.status_code >= 500:
+                raise SecretManagerServiceException("update_secret", original_error=str(e))
+            else:
+                raise SecretManagerServiceException("update_secret", original_error=str(e))
+        except json.JSONDecodeError as e:
+            raise SecretManagerServiceException("update_secret", original_error=str(e))
+        except ServiceRequestError as e:
+            raise SecretManagerServiceException("update_secret", original_error=str(e))
+        except Exception as e:
+            raise SecretManagerServiceException("update_secret", original_error=str(e))
+
+    def delete_secret(self, vault_path: str) -> str:
+        try:
+            if "git-ssh" in vault_path:
+                # For SSH keys, try to purge immediately after deletion
+                delete_poller = self.client.begin_delete_secret(vault_path)
+                delete_poller.wait()  # Wait for deletion to complete
+                try:
+                    # Try to purge immediately (only works if soft-delete is enabled and allows purging)
+                    self.client.purge_deleted_secret(vault_path)
+                except (ResourceNotFoundError, HttpResponseError):
+                    # Purge may fail if soft-delete is disabled or purging is not allowed - that's ok
+                    pass
+            else:
+                # For other secrets, just delete (respects soft-delete settings)
+                delete_poller = self.client.begin_delete_secret(vault_path)
+                delete_poller.wait()  # Wait for deletion to complete
+            return "Secret deleted successfully"
+        except ResourceNotFoundError as e:
+            raise SecretNotFoundException("secret", vault_path, original_error=str(e))
+        except ClientAuthenticationError as e:
+            raise SecretManagerAuthException("delete_secret", original_error=str(e))
+        except HttpResponseError as e:
+            if e.status_code == 403:
+                raise SecretManagerAuthException("delete_secret", original_error=str(e))
+            elif e.status_code == 404:
+                raise SecretNotFoundException("secret", vault_path, original_error=str(e))
+            elif e.status_code == 409:
+                # Can occur if secret is already being deleted or in invalid state
+                raise SecretManagerServiceException("delete_secret", original_error=str(e))
+            elif e.status_code >= 500:
+                raise SecretManagerServiceException("delete_secret", original_error=str(e))
+            else:
+                raise SecretManagerServiceException("delete_secret", original_error=str(e))
+        except ServiceRequestError as e:
+            raise SecretManagerServiceException("delete_secret", original_error=str(e))
+        except Exception as e:
+            raise SecretManagerServiceException("delete_secret", original_error=str(e))
+
+    def test_connection(self, vault_path: str) -> str:
+        try:
+            secret = self.get_secret_by_key(vault_path)
+            return secret.get('status', 'Unknown')
+        except SecretNotFoundException:
+            raise
+        except (SecretManagerAuthException, SecretManagerServiceException):
+            raise
+        except Exception as e:
+            raise SecretManagerServiceException("test_connection", original_error=str(e))

dataflow/secrets_manager/service.py

@@ -0,0 +1,156 @@
+from .interface import SecretManager
+from ..schemas.connection import ConnectionSave, ConnectionUpdate, ConnectionRead
+from ..schemas.secret import SecretSave, SecretUpdate, SecretRead
+from ..schemas.git_ssh import SSHSave, SSHRead
+from abc import ABC, abstractmethod
+from typing import List
+
+# --------------------------------------------------------------------------
+# BASE ACCESSOR
+# This contains all the methods for CRUD operations on secrets, connections, and SSH keys.
+# --------------------------------------------------------------------------
+class _BaseAccessor(ABC):
+    def __init__(self, secret_manager: SecretManager):
+        self.secret_manager = secret_manager
+
+    @abstractmethod
+    def _get_vault_path(self, secret_type: str, key: str) -> str:
+        """This must be implemented by each specific context."""
+        pass
+
+    # --------------------------------------------------------------------------
+    # CONNECTION CRUD OPERATIONS
+    # --------------------------------------------------------------------------
+    def create_connection(self, connection_data: ConnectionSave) -> str:
+        """Create a new connection."""
+        vault_path = self._get_vault_path("connections", connection_data.conn_id)
+        # Convert schema to dict and then to JSON string for storage
+        connection_dict = connection_data.model_dump()
+        return self.secret_manager.create_secret(vault_path, connection_dict)
+
+    def get_connection(self, key: str) -> ConnectionRead:
+        """Get a connection by key."""
+        vault_path = self._get_vault_path("connections", key)
+        raw_data = self.secret_manager.get_secret_by_key(vault_path)
+        # Convert stored dict back to schema
+        return ConnectionRead(**raw_data)
+
+    def update_connection(self, key: str, connection_data: ConnectionUpdate) -> str:
+        """Update an existing connection."""
+        vault_path = self._get_vault_path("connections", key)
+        
+        # First, get the existing connection data
+        existing_data: dict = self.secret_manager.get_secret_by_key(vault_path)
+        
+        # Convert update schema to dict, only include non-None values
+        update_dict: dict = connection_data.model_dump(exclude_none=True)
+
+        # Merge existing data with update data
+        existing_data.update(update_dict)
+        
+        # Send the complete merged data back to storage
+        return self.secret_manager.update_secret(vault_path, existing_data)
+
+    def delete_connection(self, key: str) -> str:
+        """Delete a connection."""
+        vault_path = self._get_vault_path("connections", key)
+        return self.secret_manager.delete_secret(vault_path)
+
+    def test_connection(self, key: str):
+        """Test a connection."""
+        vault_path = self._get_vault_path("connections", key)
+        return self.secret_manager.test_connection(vault_path)
+
+    # --------------------------------------------------------------------------
+    # SSH CRUD OPERATIONS
+    # --------------------------------------------------------------------------
+    def create_ssh(self, ssh_data: SSHSave) -> str:
+        """Create a new SSH key."""
+        vault_path = self._get_vault_path("git-ssh", ssh_data.key_name)
+        # Convert schema to dict for storage
+        ssh_dict = ssh_data.model_dump()
+        return self.secret_manager.create_secret(vault_path, ssh_dict)
+
+    def get_ssh(self, key: str) -> SSHRead:
+        """Get an SSH key by key."""
+        vault_path = self._get_vault_path("git-ssh", key)
+        raw_data = self.secret_manager.get_secret_by_key(vault_path)
+        # Convert stored dict back to schema
+        return SSHRead(**raw_data)
+
+    def delete_ssh(self, key: str) -> str:
+        """Delete an SSH key."""
+        vault_path = self._get_vault_path("git-ssh", key)
+        return self.secret_manager.delete_secret(vault_path)
+
+    # --------------------------------------------------------------------------
+    # SECRET CRUD OPERATIONS
+    # --------------------------------------------------------------------------
+    def create_secret(self, secret_data: SecretSave) -> str:
+        """Create a new secret."""
+        vault_path = self._get_vault_path("secrets", secret_data.key)
+        # Convert schema to dict for storage
+        secret_dict = secret_data.model_dump()
+        return self.secret_manager.create_secret(vault_path, secret_dict)
+
+    def get_secret(self, key: str) -> SecretRead:
+        """Get a secret by key."""
+        vault_path = self._get_vault_path("secrets", key)
+        raw_data = self.secret_manager.get_secret_by_key(vault_path)
+        # Convert stored dict back to schema
+        return SecretRead(**raw_data)
+
+    def update_secret(self, key: str, secret_data: SecretUpdate) -> str:
+        """Update an existing secret."""
+        vault_path = self._get_vault_path("secrets", key)
+        # Convert schema to dict, only include non-None values
+        update_dict = secret_data.model_dump(exclude_none=True)
+        return self.secret_manager.update_secret(vault_path, update_dict)
+
+    def delete_secret(self, key: str) -> str:
+        """Delete a secret."""
+        vault_path = self._get_vault_path("secrets", key)
+        return self.secret_manager.delete_secret(vault_path)
+
+# --------------------------------------------------------------------------
+# CONTEXT-SPECIFIC ACCESSORS
+# These classes implement the logic for building the vault path based on the context.
+# --------------------------------------------------------------------------
+class _RuntimeAccessor(_BaseAccessor):
+    def __init__(self, secret_manager: SecretManager, runtime_env: str, slug: str = None):
+        super().__init__(secret_manager)
+        self.runtime_env = runtime_env
+        self.slug = slug
+
+    def _get_vault_path(self, secret_type: str, key: str) -> str:
+        # Special case for git-ssh in runtime context
+        if secret_type == "git-ssh":
+            return f"{self.runtime_env}-{secret_type}-{self.slug}"
+
+        # Standard format for all other secret types
+        context = self.slug if self.slug else "global"
+        return f"{self.runtime_env}-{context}-{secret_type}-{key}"
+
+class _StudioAccessor(_BaseAccessor):
+    def __init__(self, secret_manager: SecretManager, user_name: str):
+        super().__init__(secret_manager)
+        self.user_name = user_name
+
+    def _get_vault_path(self, secret_type: str, key: str) -> str:
+        return f"{self.user_name}-{secret_type}-{key}"
+
+# --------------------------------------------------------------------------
+# PUBLIC INTERFACE CLASS
+# This is the class external systems will interact with.
+# --------------------------------------------------------------------------
+class SecretsService:
+    def __init__(self, secret_manager: SecretManager):
+        self._secret_manager = secret_manager
+
+    def runtime(self, env: str, slug: str = None) -> _RuntimeAccessor:
+        """Sets the context to RUNTIME and returns the appropriate accessor."""
+        return _RuntimeAccessor(self._secret_manager, env, slug)
+
+    def studio(self, user: str) -> _StudioAccessor:
+        """Sets the context to STUDIO and returns the appropriate accessor."""
+        return _StudioAccessor(self._secret_manager, user)

dataflow/utils/exceptions.py

@@ -0,0 +1,112 @@
+"""Custom exceptions for the dataflow secrets manager."""
+
+from dataflow.utils.logger import CustomLogger
+from typing import Optional
+
+
+class SecretsManagerException(Exception):
+    """Base exception for all secrets manager errors."""
+    
+    def __init__(self, message: str, details: Optional[str] = None, operation: Optional[str] = None):
+        self.message = message
+        self.details = details
+        self.operation = operation
+        self.logger = CustomLogger().get_logger(__name__)
+        
+        # Log detailed error information
+        log_msg = f"SecretsManager Error"
+        if operation:
+            log_msg += f" in {operation}"
+        log_msg += f": {message}"
+        if details:
+            log_msg += f" | Details: {details}"
+            
+        self.logger.error(log_msg)
+        super().__init__(message)
+
+
+class SecretNotFoundException(SecretsManagerException):
+    """Raised when a requested secret is not found."""
+    
+    def __init__(self, secret_type: str, key: str, context: Optional[str] = None, original_error: Optional[str] = None):
+        message = f"{secret_type.capitalize()} not found"
+        
+        details = f"Secret type: {secret_type}, Key: {key}"
+        if context:
+            details += f", Context: {context}"
+        if original_error:
+            details += f", Original error: {original_error}"
+            
+        super().__init__(message, details, f"get_{secret_type}")
+
+
+class SecretAlreadyExistsException(SecretsManagerException):
+    """Raised when trying to create a secret that already exists."""
+    
+    def __init__(self, secret_type: str, key: str, context: Optional[str] = None, original_error: Optional[str] = None, is_scheduled_for_deletion: bool = False):
+        if is_scheduled_for_deletion:
+            message = f"{secret_type.capitalize()} is in recovery mode. Please use another key name"
+        else:
+            message = f"{secret_type.capitalize()} already exists. Please use another key name"
+        
+        details = f"Secret type: {secret_type}, Key: {key}"
+        if context:
+            details += f", Context: {context}"
+        if is_scheduled_for_deletion:
+            details += ", Status: Scheduled for deletion"
+        if original_error:
+            details += f", Original error: {original_error}"
+            
+        super().__init__(message, details, f"create_{secret_type}")
+
+
+class SecretValidationException(SecretsManagerException):
+    """Raised when secret data validation fails."""
+    
+    def __init__(self, secret_type: str, validation_error: str, original_error: Optional[str] = None):
+        message = f"Invalid {secret_type} data. Please check your input"
+        
+        details = f"Secret type: {secret_type}, Validation error: {validation_error}"
+        if original_error:
+            details += f", Original error: {original_error}"
+            
+        super().__init__(message, details, f"validate_{secret_type}")
+
+
+class SecretManagerAuthException(SecretsManagerException):
+    """Raised when authentication or authorization fails."""
+    
+    def __init__(self, operation: str, original_error: Optional[str] = None):
+        message = "Access denied. Please check your permissions"
+        
+        details = f"Operation: {operation}"
+        if original_error:
+            details += f", Original error: {original_error}"
+            
+        super().__init__(message, details, operation)
+
+
+class SecretManagerServiceException(SecretsManagerException):
+    """Raised when the secret manager service is unavailable or fails."""
+    
+    def __init__(self, operation: str, original_error: Optional[str] = None):
+        message = "We're experiencing some issues. Our best minds are working on it!"
+        
+        details = f"Operation: {operation}"
+        if original_error:
+            details += f", Original error: {original_error}"
+            
+        super().__init__(message, details, operation)
+
+
+class SecretManagerConfigException(SecretsManagerException):
+    """Raised when there's a configuration error."""
+    
+    def __init__(self, config_issue: str, original_error: Optional[str] = None):
+        message = "Configuration issue detected. Please contact support"
+        
+        details = f"Config issue: {config_issue}"
+        if original_error:
+            details += f", Original error: {original_error}"
+            
+        super().__init__(message, details, "configuration")

{dataflow_core-2.1.7.dist-info → dataflow_core-2.1.9.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dataflow-core
-Version: 2.1.7
+Version: 2.1.9
 Summary: Dataflow core package
 Author: Dataflow
 Author-email: 
@@ -9,6 +9,8 @@ Requires-Dist: boto3
 Requires-Dist: psycopg2-binary
 Requires-Dist: pymysql
 Requires-Dist: requests
+Requires-Dist: azure-identity
+Requires-Dist: azure-keyvault-secrets
 Dynamic: author
 Dynamic: requires-dist
 Dynamic: summary