You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by po...@apache.org on 2021/08/10 20:36:26 UTC

[airflow] 15/22: Improve diagnostics message when users have secret_key misconfigured (#17410)

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch v2-1-test-jarek-cherry-picks
in repository https://gitbox.apache.org/repos/asf/airflow.git

commit 2df7e6e41cf6968b48658c21e989868cb3960027
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Wed Aug 4 15:15:38 2021 +0200

    Improve diagnostics message when users have secret_key misconfigured (#17410)
    
    * Improve diagnostics message when users have secret_key misconfigured
    
    Recently fixed log open-access vulnerability have caused
    quite a lot of questions and issues from the affected users who
    did not have webserver/secret_key configured for their workers
    (effectively leading to random value for those keys for workers)
    
    This PR explicitly explains the possible reason for the problem and
    encourages the user to configure their webserver's secret_key
    in both - workers and webserver.
    
    Related to: #17251 and a number of similar slack discussions.
    
    (cherry picked from commit 2321020e29511f3741940440739e4cc01c0a7ba2)
---
 airflow/utils/log/file_task_handler.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/airflow/utils/log/file_task_handler.py b/airflow/utils/log/file_task_handler.py
index 2dc9beb..56b9d23 100644
--- a/airflow/utils/log/file_task_handler.py
+++ b/airflow/utils/log/file_task_handler.py
@@ -186,6 +186,11 @@ class FileTaskHandler(logging.Handler):
                 )
                 response.encoding = "utf-8"
 
+                if response.status_code == 403:
+                    log += "*** !!!! Please make sure that all your webservers and workers have" \
+                           " the same 'secret_key' configured in 'webserver' section !!!!!\n***"
+                    log += "*** See more at https://airflow.apache.org/docs/apache-airflow/" \
+                           "stable/configurations-ref.html#secret-key\n***"
                 # Check if the resource was properly fetched
                 response.raise_for_status()