You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/07/28 08:22:13 UTC

[GitHub] [airflow] norm commented on a diff in pull request #25346: Add option to mask sensitive data in UI configuration page

norm commented on code in PR #25346:
URL: https://github.com/apache/airflow/pull/25346#discussion_r931922836


##########
airflow/www/views.py:
##########
@@ -3724,8 +3724,38 @@ def conf(self):
         raw = request.args.get('raw') == "true"
         title = "Airflow Configuration"
         subtitle = AIRFLOW_CONFIG
+
+        expose_config = conf.get('webserver', 'expose_config')
+
         # Don't show config when expose_config variable is False in airflow config
-        if conf.getboolean("webserver", "expose_config"):
+        # Don't show sensitive config values if expose_config variable is 'non-sensitive-only'
+        # in airflow config
+        if expose_config.lower() == 'non-sensitive-only':
+            from airflow.configuration import SENSITIVE_CONFIG_VALUES
+
+            with open(AIRFLOW_CONFIG) as file:
+                config = file.readlines()
+                for line in config:
+                    for _, key in SENSITIVE_CONFIG_VALUES:

Review Comment:
   This is making an assumption that the name is unique amongst all sections. I don't think it's a problem (better to redact too much than not enough) but there is a possibility of this catching other settings.
   
   As I said, not a problem per se, but I would add a comment to that effect.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org