great_expectations.data_context.util

Module Contents

Classes

PasswordMasker()

Used to mask passwords in Datasources. Does not mask sqlite urls.

Functions

instantiate_class_from_config(config, runtime_environment, config_defaults=None)

Build a GE class from configuration dictionaries.

build_store_from_config(store_name: str = None, store_config: dict = None, module_name: str = ‘great_expectations.data_context.store’, runtime_environment: dict = None)

format_dict_for_error_message(dict_)

substitute_config_variable(template_str, config_variables_dict, dollar_sign_escape_string: str = ‘\$’)

This method takes a string, and if it contains a pattern ${SOME_VARIABLE} or $SOME_VARIABLE,

substitute_value_from_secret_store(value)

This method takes a value, tries to parse the value to fetch a secret from a secret manager

substitute_value_from_aws_secrets_manager(value)

This methods uses a boto3 client and the secretsmanager service to try to retrieve the secret value

substitute_value_from_gcp_secret_manager(value)

This methods uses a google.cloud.secretmanager.SecretManagerServiceClient to try to retrieve the secret value

substitute_value_from_azure_keyvault(value)

This methods uses a azure.identity.DefaultAzureCredential to authenticate to the Azure SDK for Python

substitute_all_config_variables(data, replace_variables_dict, dollar_sign_escape_string: str = ‘\$’)

Substitute all config variables of the form ${SOME_VARIABLE} in a dictionary-like

file_relative_path(dunderfile, relative_path)

This function is useful when one needs to load a file that is

parse_substitution_variable(substitution_variable: str)

Parse and check whether the string contains a substitution variable of the case insensitive form ${SOME_VAR} or $SOME_VAR

default_checkpoints_exist(directory_path: str)

great_expectations.data_context.util.SecretClient
great_expectations.data_context.util.boto3
great_expectations.data_context.util.secretmanager
great_expectations.data_context.util.sa
great_expectations.data_context.util.logger
great_expectations.data_context.util.instantiate_class_from_config(config, runtime_environment, config_defaults=None)

Build a GE class from configuration dictionaries.

great_expectations.data_context.util.build_store_from_config(store_name: str = None, store_config: dict = None, module_name: str = 'great_expectations.data_context.store', runtime_environment: dict = None)
great_expectations.data_context.util.format_dict_for_error_message(dict_)
great_expectations.data_context.util.substitute_config_variable(template_str, config_variables_dict, dollar_sign_escape_string: str = '\$')

This method takes a string, and if it contains a pattern ${SOME_VARIABLE} or $SOME_VARIABLE, returns a string where the pattern is replaced with the value of SOME_VARIABLE, otherwise returns the string unchanged. These patterns are case sensitive. There can be multiple patterns in a string, e.g. all 3 will be substituted in the following: $SOME_VARIABLE${some_OTHER_variable}$another_variable

If the environment variable SOME_VARIABLE is set, the method uses its value for substitution. If it is not set, the value of SOME_VARIABLE is looked up in the config variables store (file). If it is not found there, the input string is returned as is.

If the value to substitute is not a string, it is returned as-is.

If the value to substitute begins with dollar_sign_escape_string it is not substituted.

If the value starts with the keyword secret|, it tries to apply secret store substitution.

Parameters
  • template_str – a string that might or might not be of the form ${SOME_VARIABLE} or $SOME_VARIABLE

  • config_variables_dict – a dictionary of config variables. It is loaded from the config variables store (by default, “uncommitted/config_variables.yml file)

  • dollar_sign_escape_string – a string that will be used in place of a $ when substitution is not desired.

Returns

a string with values substituted, or the same object if template_str is not a string.

great_expectations.data_context.util.substitute_value_from_secret_store(value)

This method takes a value, tries to parse the value to fetch a secret from a secret manager and returns the secret’s value only if the input value is a string and contains one of the following patterns:

  • AWS Secrets Manager: the input value starts with secret|arn:aws:secretsmanager

  • GCP Secret Manager: the input value matches the following regex ^secret\|projects\/[a-z0-9\_\-]{6,30}\/secrets

  • Azure Key Vault: the input value matches the following regex ^secret\|https:\/\/[a-zA-Z0-9\-]{3,24}\.vault\.azure\.net

Input value examples:

  • AWS Secrets Manager: secret|arn:aws:secretsmanager:eu-west-3:123456789012:secret:my_secret

  • GCP Secret Manager: secret|projects/gcp_project_id/secrets/my_secret

  • Azure Key Vault: secret|https://vault-name.vault.azure.net/secrets/my-secret

Parameters

value – a string that might or might not start with secret|

Returns

a string with the value substituted by the secret from the secret store, or the same object if value is not a string.

great_expectations.data_context.util.substitute_value_from_aws_secrets_manager(value)

This methods uses a boto3 client and the secretsmanager service to try to retrieve the secret value from the elements it is able to parse from the input value.

  • value: string with pattern secret|arn:aws:secretsmanager:${region_name}:${account_id}:secret:${secret_name}

    optional : after the value above, a secret version can be added :${secret_version}

    optional : after the value above, a secret key can be added |${secret_key}

  • region_name: AWS region used by the secrets manager

  • account_id: Account ID for the AWS account used by the secrets manager

    This value is currently not used.

  • secret_name: Name of the secret

  • secret_version: UUID of the version of the secret

  • secret_key: Only if the secret’s data is a JSON string, which key of the dict should be retrieve

Parameters

value – a string that starts with secret|arn:aws:secretsmanager

Returns

a string with the value substituted by the secret from the AWS Secrets Manager store

Raises

ImportError, ValueError

great_expectations.data_context.util.substitute_value_from_gcp_secret_manager(value)

This methods uses a google.cloud.secretmanager.SecretManagerServiceClient to try to retrieve the secret value from the elements it is able to parse from the input value.

value: string with pattern secret|projects/${project_id}/secrets/${secret_name}

optional : after the value above, a secret version can be added /versions/${secret_version}

optional : after the value above, a secret key can be added |${secret_key}

Parameters

value – a string that matches the following regex ^secret|projects/[a-z0-9_-]{6,30}/secrets

Returns

a string with the value substituted by the secret from the GCP Secret Manager store

Raises

ImportError, ValueError

great_expectations.data_context.util.substitute_value_from_azure_keyvault(value)

This methods uses a azure.identity.DefaultAzureCredential to authenticate to the Azure SDK for Python and a azure.keyvault.secrets.SecretClient to try to retrieve the secret value from the elements it is able to parse from the input value.

  • value: string with pattern secret|https://${vault_name}.vault.azure.net/secrets/${secret_name}

    optional : after the value above, a secret version can be added /${secret_version}

    optional : after the value above, a secret key can be added |${secret_key}

  • vault_name: Vault name of the secret manager

  • secret_name: Name of the secret

  • secret_version: ID of the version of the secret

  • secret_key: Only if the secret’s data is a JSON string, which key of the dict should be retrieve

Parameters

value – a string that matches the following regex ^secret|https://[a-zA-Z0-9-]{3,24}.vault.azure.net

Returns

a string with the value substituted by the secret from the Azure Key Vault store

Raises

ImportError, ValueError

great_expectations.data_context.util.substitute_all_config_variables(data, replace_variables_dict, dollar_sign_escape_string: str = '\$')

Substitute all config variables of the form ${SOME_VARIABLE} in a dictionary-like config object for their values.

The method traverses the dictionary recursively.

Parameters
  • data

  • replace_variables_dict

Returns

a dictionary with all the variables replaced with their values

great_expectations.data_context.util.file_relative_path(dunderfile, relative_path)

This function is useful when one needs to load a file that is relative to the position of the current file. (Such as when you encode a configuration file path in source file and want in runnable in any current working directory)

It is meant to be used like the following: file_relative_path(__file__, ‘path/relative/to/file’)

H/T https://github.com/dagster-io/dagster/blob/8a250e9619a49e8bff8e9aa7435df89c2d2ea039/python_modules/dagster/dagster/utils/__init__.py#L34

great_expectations.data_context.util.parse_substitution_variable(substitution_variable: str) → Optional[str]

Parse and check whether the string contains a substitution variable of the case insensitive form ${SOME_VAR} or $SOME_VAR :param substitution_variable: string to be parsed

Returns

string of variable name e.g. SOME_VAR or None if not parsable. If there are multiple substitution variables this currently returns the first e.g. $SOME_$TRING -> $SOME_

great_expectations.data_context.util.default_checkpoints_exist(directory_path: str) → bool
class great_expectations.data_context.util.PasswordMasker

Used to mask passwords in Datasources. Does not mask sqlite urls.

Example usage masked_db_url = PasswordMasker.mask_db_url(url) where url = “postgresql+psycopg2://username:password@host:65432/database” and masked_url = “postgresql+psycopg2://username:***@host:65432/database”

MASKED_PASSWORD_STRING = ***
static mask_db_url(url: str, use_urlparse: bool = False, **kwargs)

Mask password in database url. Uses sqlalchemy engine parsing if sqlalchemy is installed, otherwise defaults to using urlparse from the stdlib which does not handle kwargs. :param url: Database url e.g. “postgresql+psycopg2://username:password@host:65432/database” :param use_urlparse: Skip trying to parse url with sqlalchemy and use urlparse :param **kwargs: passed to create_engine()

Returns

//username:***@host:65432/database”

Return type

url with password masked e.g. “postgresql+psycopg2