Yandex.Cloud Connection¶
The Yandex.Cloud connection type enables the authentication in Yandex.Cloud services.
Configuring the Connection¶
- Service account auth JSON
JSON object as a string.
Example:
{"id": "...", "service_account_id": "...", "private_key": "..."}
- Service account auth JSON file path
Path to the file containing service account auth JSON.
Example:
/home/airflow/authorized_key.json
- OAuth Token
OAuth token as a string.
Example:
y3_Vdheub7w9bIut67GHeL345gfb5GAnd3dZnf08FRbvjeUFvetYiohGvc
- SSH public key (optional)
The key will be placed to all created Compute nodes, allowing to have a root shell there.
- Folder ID (optional)
Folder is a entity to separate different projects within the cloud.
If specified, this ID will be used by default during creation of nodes and clusters.
See https://cloud.yandex.com/docs/resource-manager/operations/folder/get-id for details
- Endpoint (optional)
Set API endpoint
See https://github.com/yandex-cloud/python-sdk for default
Default Connection IDs¶
All hooks and operators related to Yandex.Cloud use yandexcloud_default
connection by default.
Authenticating to Yandex.Cloud¶
Using Authorized keys for authorization as service account¶
Before you start, make sure you have created
a Yandex Cloud Service Account
with the permissions lockbox.viewer
and lockbox.payloadViewer
.
First, you need to create Authorized key for your service account and save the generated JSON file with public and private key parts.
Then you need to specify the key in the Service account auth JSON
field.
Alternatively, you can specify the path to JSON file in the Service account auth JSON file path
field.
Using OAuth token for authorization as users account¶
First, you need to create OAuth token for user account.
It will looks like y3_Vdheub7w9bIut67GHeL345gfb5GAnd3dZnf08FRbvjeUFvetYiohGvc
.
Then you need to specify token in the OAuth Token
field.
Using metadata service¶
If no credentials are specified, the connection will attempt to use the metadata service for authentication.
To do this, you need to link your service account with your VM.