is there any easy way to make an asset or selection depend o dagster #ask-community

is there any easy way to make an asset(or selectio...

Rene Silva

01/30/2023, 12:47 PM

is there any easy way to make an asset(or selection) depend on a resource-key? the use-case is to make

load_assets_from_dbt_project

depend on aws secretsmanager's secrets being exposed on environment variables (which are used on dbt profiles)

jamie

01/30/2023, 4:03 PM

Hi @Rene Silva are you trying to ensure that the assets loaded from dbt don’t appear (or aren’t loaded) if the aws secrets aren’t available in the the environment?

Rene Silva

01/30/2023, 4:27 PM

Hi! no, I'm trying to get the database credentials used by dbt from secretsmanater

jamie

01/30/2023, 4:30 PM

ohh i see. i’m not super familiar with that, but i feel like something like this could work

Copy code

def verify_credentials():
   # code to check that aws credentials are valid and return True or False

all_assets = []
if verify_credentials():
    all_assets.append(load_assets_from_dbt_project(...)

#add other assets to all_assets

defs = Definitions(assets=all_assets, ...)

Rene Silva

01/30/2023, 4:39 PM

• load_assets_from_dbt project depends on environment variables being set • secretsmanager resource can expose its secrets as environment variables, however ◦ any op/asset that needs it must set required_resource_keys={'secret'} so I can't access secretsmanager's secrets by default, so that is why I wanted to know is there was any easy way to make an asset(or selection) depend on a resource-key

jamie

01/30/2023, 4:41 PM

ah ok @owen could you take a look at this?

owen

01/30/2023, 5:03 PM

hi! the resource system is something that's generally relevant only when the actual computation is running (i.e. when you try to materialize one of the assets/models in your dbt project). So adding it as a required resource key would not have any impact on the functionality of

load_assets_from_dbt_project

when it's called initially, it'd only impact things around the time that the actual

dbt run

command would be invoked. is a correct summary of your issue just that you'd like secrets from secretsmanager to be available as environment variables which are read when compiling/running the dbt project? If so, I don't think this is currently possible purely by making changes to your python code, as the environment variables set in the host process (the dagster process) are not going to be available to the dbt process that's kicked off when we're compiling/running dbt code (as we don't pass the current environment into that subprocess) what executor/run launcher are you currently using? I think that would be a good place to start in terms of setting up the environment to have your secrets loaded

Rene Silva

01/30/2023, 5:05 PM

thanks for the reply!

Rene Silva

01/30/2023, 5:05 PM

I'm running hybrid deployment, with a docker agent on an ec2

Rene Silva

01/30/2023, 5:06 PM

I wanted to use secretsmanager in dagster itself so I didn't need to operate the instance itself whenever I need to rotate secrets

Rene Silva

01/30/2023, 5:08 PM

but I I'll use dagster cloud environment variables instead

2 Views

Open in Slack

Previous Next