You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/04/02 13:57:55 UTC
[GitHub] [airflow] uranusjr opened a new pull request #15158: Permission guard templated field rendering
uranusjr opened a new pull request #15158:
URL: https://github.com/apache/airflow/pull/15158
This adds `(ACTION_CAN_READ, RESOURCE_TEMPLATE_FIELD)` to guard rendering for templated fields in a task instance, so sensitive information contained are not displayed to normal users in plain text. Users without the permission will see the field as *(value hidden)*.
Fix #8421, close #15151.
---
Read the **[Pull Request Guidelines](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pull-request-guidelines)** for more information.
In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed.
In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/master/UPDATING.md).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] uranusjr commented on a change in pull request #15158: Permission guard templated field rendering
Posted by GitBox <gi...@apache.org>.
uranusjr commented on a change in pull request #15158:
URL: https://github.com/apache/airflow/pull/15158#discussion_r616969760
##########
File path: airflow/security/permissions.py
##########
@@ -32,6 +32,7 @@
RESOURCE_JOB = "Jobs"
RESOURCE_POOL = "Pools"
RESOURCE_PLUGIN = "Plugins"
+RESOURCE_TEMPLATE_FIELD = "TemplateFields"
Review comment:
Fixed!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] ashb commented on pull request #15158: Permission guard templated field rendering
Posted by GitBox <gi...@apache.org>.
ashb commented on pull request #15158:
URL: https://github.com/apache/airflow/pull/15158#issuecomment-832511008
Closing this now #15599 is merged.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] jhtimmins commented on a change in pull request #15158: Permission guard templated field rendering
Posted by GitBox <gi...@apache.org>.
jhtimmins commented on a change in pull request #15158:
URL: https://github.com/apache/airflow/pull/15158#discussion_r614876105
##########
File path: airflow/security/permissions.py
##########
@@ -32,6 +32,7 @@
RESOURCE_JOB = "Jobs"
RESOURCE_POOL = "Pools"
RESOURCE_PLUGIN = "Plugins"
+RESOURCE_TEMPLATE_FIELD = "TemplateFields"
Review comment:
```suggestion
RESOURCE_TEMPLATE_FIELD = "Template Fields"
```
We've standardized around making the resource names human readable, since they are user facing.
Can you also place this alphabetically in the list of resources?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] uranusjr commented on pull request #15158: Permission guard templated field rendering
Posted by GitBox <gi...@apache.org>.
uranusjr commented on pull request #15158:
URL: https://github.com/apache/airflow/pull/15158#issuecomment-828188905
#8421 has been re-scoped to include more than rendered template fields, so I’ve modified the description to *not* close the issue. If we follow the approach in this PR, each kind of UI components should be controlled by one kind of permission. This PR handles template fields; permission to view logs will be implemented in another PR.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] ashb closed pull request #15158: Permission guard templated field rendering
Posted by GitBox <gi...@apache.org>.
ashb closed pull request #15158:
URL: https://github.com/apache/airflow/pull/15158
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org