You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by bo...@apache.org on 2017/12/22 12:52:40 UTC

incubator-airflow git commit: [AIRFLOW-1846][AIRFLOW-1697] Hide Ad Hoc Query behind secure_mode config

Repository: incubator-airflow
Updated Branches:
  refs/heads/master 5774796f4 -> 657c5228b


[AIRFLOW-1846][AIRFLOW-1697] Hide Ad Hoc Query behind secure_mode config

Closes #2895 from bitsofdave/AIRFLOW-1846


Project: http://git-wip-us.apache.org/repos/asf/incubator-airflow/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-airflow/commit/657c5228
Tree: http://git-wip-us.apache.org/repos/asf/incubator-airflow/tree/657c5228
Diff: http://git-wip-us.apache.org/repos/asf/incubator-airflow/diff/657c5228

Branch: refs/heads/master
Commit: 657c5228ba4e12cfceba56d85d60f7ec734d498f
Parents: 5774796
Author: David Lo <bi...@bitsofdave.com>
Authored: Fri Dec 22 13:52:34 2017 +0100
Committer: Bolke de Bruin <bo...@xs4all.nl>
Committed: Fri Dec 22 13:52:34 2017 +0100

----------------------------------------------------------------------
 airflow/config_templates/default_airflow.cfg |  4 ++--
 airflow/config_templates/default_test.cfg    |  1 +
 airflow/www/app.py                           |  3 +--
 tests/core.py                                | 21 +++++++++++++++++++++
 4 files changed, 25 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/657c5228/airflow/config_templates/default_airflow.cfg
----------------------------------------------------------------------
diff --git a/airflow/config_templates/default_airflow.cfg b/airflow/config_templates/default_airflow.cfg
index e75cf9a..4564117 100644
--- a/airflow/config_templates/default_airflow.cfg
+++ b/airflow/config_templates/default_airflow.cfg
@@ -128,8 +128,8 @@ default_impersonation =
 # What security module to use (for example kerberos):
 security =
 
-# If set to False enables some unsecure features like Charts. In 2.0 will
-# default to True.
+# If set to False enables some unsecure features like Charts and Ad Hoc Queries.
+# In 2.0 will default to True.
 secure_mode = False
 
 # Turn unit test mode on (overwrites many configuration options with test

http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/657c5228/airflow/config_templates/default_test.cfg
----------------------------------------------------------------------
diff --git a/airflow/config_templates/default_test.cfg b/airflow/config_templates/default_test.cfg
index 1e8a7df..85343ee 100644
--- a/airflow/config_templates/default_test.cfg
+++ b/airflow/config_templates/default_test.cfg
@@ -39,6 +39,7 @@ fernet_key = {FERNET_KEY}
 non_pooled_task_slot_count = 128
 enable_xcom_pickling = False
 killed_task_cleanup_time = 5
+secure_mode = False
 
 [cli]
 api_client = airflow.api.client.local_client

http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/657c5228/airflow/www/app.py
----------------------------------------------------------------------
diff --git a/airflow/www/app.py b/airflow/www/app.py
index dfdc04c..74e669a 100644
--- a/airflow/www/app.py
+++ b/airflow/www/app.py
@@ -69,9 +69,8 @@ def create_app(config=None, testing=False):
         vs = views
         av(vs.Airflow(name='DAGs', category='DAGs'))
 
-        av(vs.QueryView(name='Ad Hoc Query', category="Data Profiling"))
-
         if not conf.getboolean('core', 'secure_mode'):
+            av(vs.QueryView(name='Ad Hoc Query', category="Data Profiling"))
             av(vs.ChartModelView(
                 models.Chart, Session, name="Charts", category="Data Profiling"))
         av(vs.KnownEventView(

http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/657c5228/tests/core.py
----------------------------------------------------------------------
diff --git a/tests/core.py b/tests/core.py
index a57f0ed..0778628 100644
--- a/tests/core.py
+++ b/tests/core.py
@@ -1857,6 +1857,27 @@ class WebUiTests(unittest.TestCase):
         session.close()
 
 
+class SecureModeWebUiTests(unittest.TestCase):
+    def setUp(self):
+        configuration.load_test_config()
+        configuration.conf.set("webserver", "authenticate", "False")
+        configuration.conf.set("core", "secure_mode", "True")
+        app = application.create_app()
+        app.config['TESTING'] = True
+        self.app = app.test_client()
+
+    def test_query(self):
+        response = self.app.get('/admin/queryview/')
+        self.assertEqual(response.status_code, 404)
+
+    def test_charts(self):
+        response = self.app.get('/admin/chart/')
+        self.assertEqual(response.status_code, 404)
+
+    def tearDown(self):
+        configuration.remove_option("core", "SECURE_MODE")
+
+
 class WebPasswordAuthTest(unittest.TestCase):
     def setUp(self):
         configuration.conf.set("webserver", "authenticate", "True")