Hook for winrm remote execution.

Module Contents



Hook for winrm remote execution using pywinrm.

class, endpoint=None, remote_host=None, remote_port=5985, transport='plaintext', username=None, password=None, service='HTTP', keytab=None, ca_trust_path=None, cert_pem=None, cert_key_pem=None, server_cert_validation='validate', kerberos_delegation=False, read_timeout_sec=30, operation_timeout_sec=20, kerberos_hostname_override=None, message_encryption='auto', credssp_disable_tlsv1_2=False, send_cbt=True)[source]

Bases: airflow.hooks.base.BaseHook

Hook for winrm remote execution using pywinrm.


  • ssh_conn_id (str | None) – connection id from airflow Connections from where all the required parameters can be fetched like username and password, though priority is given to the params passed during init.

  • endpoint (str | None) – When not set, endpoint will be constructed like this: ‘http://{remote_host}:{remote_port}/wsman’

  • remote_host (str | None) – Remote host to connect to. Ignored if endpoint is set.

  • remote_port (int) – Remote port to connect to. Ignored if endpoint is set.

  • transport (str) – transport type, one of ‘plaintext’ (default), ‘kerberos’, ‘ssl’, ‘ntlm’, ‘credssp’

  • username (str | None) – username to connect to the remote_host

  • password (str | None) – password of the username to connect to the remote_host

  • service (str) – the service name, default is HTTP

  • keytab (str | None) – the path to a keytab file if you are using one

  • ca_trust_path (str | None) – Certification Authority trust path

  • cert_pem (str | None) – client authentication certificate file path in PEM format

  • cert_key_pem (str | None) – client authentication certificate key file path in PEM format

  • server_cert_validation (str) – whether server certificate should be validated on Python versions that support it; one of ‘validate’ (default), ‘ignore’

  • kerberos_delegation (bool) – if True, TGT is sent to target server to allow multiple hops

  • read_timeout_sec (int) – maximum seconds to wait before an HTTP connect/read times out (default 30). This value should be slightly higher than operation_timeout_sec, as the server can block at least that long.

  • operation_timeout_sec (int) – maximum allowed time in seconds for any single wsman HTTP operation (default 20). Note that operation timeouts while receiving output (the only wsman operation that should take any significant time, and where these timeouts are expected) will be silently retried indefinitely.

  • kerberos_hostname_override (str | None) – the hostname to use for the kerberos exchange (defaults to the hostname in the endpoint URL)

  • message_encryption (str | None) – Will encrypt the WinRM messages if set and the transport auth supports message encryption. (Default ‘auto’)

  • credssp_disable_tlsv1_2 (bool) – Whether to disable TLSv1.2 support and work with older protocols like TLSv1.0, default is False

  • send_cbt (bool) – Will send the channel bindings over a HTTPS channel (Default: True)


Return connection for the hook.

Was this entry helpful?