You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/07/29 12:26:12 UTC

[GitHub] [airflow] ephraimbuddy commented on pull request #25346: Add option to mask sensitive data in UI configuration page

ephraimbuddy commented on PR #25346:
URL: https://github.com/apache/airflow/pull/25346#issuecomment-1199217647

   > This PR doesn't work if you are using the `_CMD` option to give values. For example:
   > 
   > ```
   > AIRFLOW__DATABASE__SQL_ALCHEMY_CONN_CMD='echo postgresl:///airflow' airflow webserver
   > ```
   > 
   > will fail because the value is replaced with `< hidden >` _before_ it tries to run the command, meaning it tries to run `"<" "hidden" ">"` as a command!
   
   I have rewritten the `display-sensitive` logic. This bug is in current main. Basically, if you set environment variable and also provide command line equivalent then `conf.as_dict(True, display_sensitive=False)` won't work because the `_include_envs` method of `AirflowConfigParser` hides sensitive envs and updates the `config_sources`. In the `_include_cmds` method, which is called after `_include_envs`, we just look up the section and key in the config_sources and we get `< hidden >` which is now run as command.
   
   What I have done is to hide sensitive values at the end of all these updates of the `config_sources`. Another option could be to look up envs with `CMD` at the end in `_include_cmds` instead of getting the value from the `config_sources`


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org