Fix zenml deploy secret stores (zenml-io#2454)

safoinme · stefannica · adtygan · commit 42579082c67f · 2024-03-20T07:51:20.000Z
* Refactor AWS and GCP secrets store configuration

* Apply suggestions from code review

Co-authored-by: Stefan Nica &lt;stefan@zenml.io&gt;

---------

Co-authored-by: Stefan Nica &lt;stefan@zenml.io&gt;
diff --git a/src/zenml/zen_stores/secrets_stores/aws_secrets_store.py b/src/zenml/zen_stores/secrets_stores/aws_secrets_store.py
@@ -86,23 +86,33 @@ def populate_config(cls, values: Dict[str, Any]) -> Dict[str, Any]:
         """
         # Search for legacy attributes and populate the connector configuration
         # from them, if they exist.
-        if (
-            values.get("aws_access_key_id")
-            and values.get("aws_secret_access_key")
-            and values.get("region_name")
-        ):
-            logger.warning(
-                "The `aws_access_key_id`, `aws_secret_access_key` and "
-                "`region_name` AWS secrets store attributes are deprecated and "
-                "will be removed in a future version of ZenML. Please use the "
-                "`auth_method` and `auth_config` attributes instead."
-            )
-            values["auth_method"] = AWSAuthenticationMethods.SECRET_KEY
-            values["auth_config"] = dict(
-                aws_access_key_id=values.get("aws_access_key_id"),
-                aws_secret_access_key=values.get("aws_secret_access_key"),
-                region=values.get("region_name"),
-            )
+        if values.get("region_name"):
+            if not values.get("aws_access_key_id") or not values.get(
+                "aws_secret_access_key"
+            ):
+                logger.warning(
+                    "The `region_name` AWS secrets store attribute is deprecated "
+                    "and will be removed in a future version of ZenML. Please use "
+                    "the `auth_method` and `auth_config` attributes instead. "
+                    "Using an implicit authentication method for AWS Secrets."
+                )
+                values["auth_method"] = AWSAuthenticationMethods.IMPLICIT
+                values["auth_config"] = dict(
+                    region=values.get("region_name"),
+                )
+            else:
+                logger.warning(
+                    "The `aws_access_key_id`, `aws_secret_access_key` and "
+                    "`region_name` AWS secrets store attributes are deprecated and "
+                    "will be removed in a future version of ZenML. Please use the "
+                    "`auth_method` and `auth_config` attributes instead."
+                )
+                values["auth_method"] = AWSAuthenticationMethods.SECRET_KEY
+                values["auth_config"] = dict(
+                    aws_access_key_id=values.get("aws_access_key_id"),
+                    aws_secret_access_key=values.get("aws_secret_access_key"),
+                    region=values.get("region_name"),
+                )
 
         return values
 
diff --git a/src/zenml/zen_stores/secrets_stores/gcp_secrets_store.py b/src/zenml/zen_stores/secrets_stores/gcp_secrets_store.py
@@ -91,23 +91,36 @@ def populate_config(cls, values: Dict[str, Any]) -> Dict[str, Any]:
         """
         # Search for legacy attributes and populate the connector configuration
         # from them, if they exist.
-        if values.get("project_id") and os.environ.get(
-            "GOOGLE_APPLICATION_CREDENTIALS"
-        ):
-            logger.warning(
-                "The `project_id` GCP secrets store attribute and the "
-                "`GOOGLE_APPLICATION_CREDENTIALS` environment variable are "
-                "deprecated and will be removed in a future version of ZenML. "
-                "Please use the `auth_method` and `auth_config` attributes "
-                "instead."
-            )
-            values["auth_method"] = GCPAuthenticationMethods.SERVICE_ACCOUNT
-            values["auth_config"] = dict(
-                project_id=values.get("project_id"),
-            )
-            # Load the service account credentials from the file
-            with open(os.environ["GOOGLE_APPLICATION_CREDENTIALS"]) as f:
-                values["auth_config"]["service_account_json"] = f.read()
+        if values.get("project_id"):
+            if not os.environ.get("GOOGLE_APPLICATION_CREDENTIALS"):
+                logger.warning(
+                    "The `project_id` GCP secrets store attribute is "
+                    "deprecated and will be removed in a future version of ZenML. "
+                    "Please use the `auth_method` and `auth_config` attributes "
+                    "instead. Using an implicit GCP authentication to access "
+                    "the GCP Secrets Manager API."
+                )
+                values["auth_method"] = GCPAuthenticationMethods.IMPLICIT
+                values["auth_config"] = dict(
+                    project_id=values.get("project_id"),
+                )
+            else:
+                logger.warning(
+                    "The `project_id` GCP secrets store attribute and the "
+                    "`GOOGLE_APPLICATION_CREDENTIALS` environment variable are "
+                    "deprecated and will be removed in a future version of ZenML. "
+                    "Please use the `auth_method` and `auth_config` attributes "
+                    "instead."
+                )
+                values[
+                    "auth_method"
+                ] = GCPAuthenticationMethods.SERVICE_ACCOUNT
+                values["auth_config"] = dict(
+                    project_id=values.get("project_id"),
+                )
+                # Load the service account credentials from the file
+                with open(os.environ["GOOGLE_APPLICATION_CREDENTIALS"]) as f:
+                    values["auth_config"]["service_account_json"] = f.read()
 
         return values
 
