You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by bo...@apache.org on 2017/12/22 12:52:40 UTC
incubator-airflow git commit: [AIRFLOW-1846][AIRFLOW-1697] Hide Ad
Hoc Query behind secure_mode config
Repository: incubator-airflow
Updated Branches:
refs/heads/master 5774796f4 -> 657c5228b
[AIRFLOW-1846][AIRFLOW-1697] Hide Ad Hoc Query behind secure_mode config
Closes #2895 from bitsofdave/AIRFLOW-1846
Project: http://git-wip-us.apache.org/repos/asf/incubator-airflow/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-airflow/commit/657c5228
Tree: http://git-wip-us.apache.org/repos/asf/incubator-airflow/tree/657c5228
Diff: http://git-wip-us.apache.org/repos/asf/incubator-airflow/diff/657c5228
Branch: refs/heads/master
Commit: 657c5228ba4e12cfceba56d85d60f7ec734d498f
Parents: 5774796
Author: David Lo <bi...@bitsofdave.com>
Authored: Fri Dec 22 13:52:34 2017 +0100
Committer: Bolke de Bruin <bo...@xs4all.nl>
Committed: Fri Dec 22 13:52:34 2017 +0100
----------------------------------------------------------------------
airflow/config_templates/default_airflow.cfg | 4 ++--
airflow/config_templates/default_test.cfg | 1 +
airflow/www/app.py | 3 +--
tests/core.py | 21 +++++++++++++++++++++
4 files changed, 25 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/657c5228/airflow/config_templates/default_airflow.cfg
----------------------------------------------------------------------
diff --git a/airflow/config_templates/default_airflow.cfg b/airflow/config_templates/default_airflow.cfg
index e75cf9a..4564117 100644
--- a/airflow/config_templates/default_airflow.cfg
+++ b/airflow/config_templates/default_airflow.cfg
@@ -128,8 +128,8 @@ default_impersonation =
# What security module to use (for example kerberos):
security =
-# If set to False enables some unsecure features like Charts. In 2.0 will
-# default to True.
+# If set to False enables some unsecure features like Charts and Ad Hoc Queries.
+# In 2.0 will default to True.
secure_mode = False
# Turn unit test mode on (overwrites many configuration options with test
http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/657c5228/airflow/config_templates/default_test.cfg
----------------------------------------------------------------------
diff --git a/airflow/config_templates/default_test.cfg b/airflow/config_templates/default_test.cfg
index 1e8a7df..85343ee 100644
--- a/airflow/config_templates/default_test.cfg
+++ b/airflow/config_templates/default_test.cfg
@@ -39,6 +39,7 @@ fernet_key = {FERNET_KEY}
non_pooled_task_slot_count = 128
enable_xcom_pickling = False
killed_task_cleanup_time = 5
+secure_mode = False
[cli]
api_client = airflow.api.client.local_client
http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/657c5228/airflow/www/app.py
----------------------------------------------------------------------
diff --git a/airflow/www/app.py b/airflow/www/app.py
index dfdc04c..74e669a 100644
--- a/airflow/www/app.py
+++ b/airflow/www/app.py
@@ -69,9 +69,8 @@ def create_app(config=None, testing=False):
vs = views
av(vs.Airflow(name='DAGs', category='DAGs'))
- av(vs.QueryView(name='Ad Hoc Query', category="Data Profiling"))
-
if not conf.getboolean('core', 'secure_mode'):
+ av(vs.QueryView(name='Ad Hoc Query', category="Data Profiling"))
av(vs.ChartModelView(
models.Chart, Session, name="Charts", category="Data Profiling"))
av(vs.KnownEventView(
http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/657c5228/tests/core.py
----------------------------------------------------------------------
diff --git a/tests/core.py b/tests/core.py
index a57f0ed..0778628 100644
--- a/tests/core.py
+++ b/tests/core.py
@@ -1857,6 +1857,27 @@ class WebUiTests(unittest.TestCase):
session.close()
+class SecureModeWebUiTests(unittest.TestCase):
+ def setUp(self):
+ configuration.load_test_config()
+ configuration.conf.set("webserver", "authenticate", "False")
+ configuration.conf.set("core", "secure_mode", "True")
+ app = application.create_app()
+ app.config['TESTING'] = True
+ self.app = app.test_client()
+
+ def test_query(self):
+ response = self.app.get('/admin/queryview/')
+ self.assertEqual(response.status_code, 404)
+
+ def test_charts(self):
+ response = self.app.get('/admin/chart/')
+ self.assertEqual(response.status_code, 404)
+
+ def tearDown(self):
+ configuration.remove_option("core", "SECURE_MODE")
+
+
class WebPasswordAuthTest(unittest.TestCase):
def setUp(self):
configuration.conf.set("webserver", "authenticate", "True")