You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/07/15 10:22:28 UTC
[GitHub] [airflow] akotuc opened a new issue #17021: Secrets masking is not applied in the log if get_connection(conn_id) is used
akotuc opened a new issue #17021:
URL: https://github.com/apache/airflow/issues/17021
**Apache Airflow version**: 2.1.2
**Kubernetes version (if you are using kubernetes)** (use `kubectl version`): v1.16.7
**Environment**:
- **Cloud provider or hardware configuration**:
- **OS** (e.g. from /etc/os-release): Debian GNU/Linux 10
- **Kernel** (e.g. `uname -a`): Linux airflow 4.4.232-1.el7.elrepo.x86_64 #1 SMP Fri Jul 31 11:49:26 EDT 2020 x86_64 GNU/Linux
- **Install tools**:
- **Others**:
**What happened**:
When `BaseHook.get_connection(conn_id)` function is used webserver log contains exposed credentials.
In the webserver log is **unmasked** password if AF 2.1.x is used, e.g.: `[2021-07-15 10:08:21,074: INFO/ForkPoolWorker-31] Using connection to: id: airflow. Host: host, Port: None, Schema: , Login: user, Password: value, extra: None`
The same code in 1.10.15 sends to the log masked password, e.g.: `[2021-07-15 09:26:32,557] {{base_hook.py:89}} INFO - Using connection to: id: airflow. Host: host, Port: None, Schema: , Login: user, Password: XXXXXXXX, extra: None`
**What you expected to happen**:
Password (may be extras as well) to be masked in the log.
**How to reproduce it**:
Use `BaseHook.get_connection(conn_id)` in a DAG to get connection and check the output on the webserver.
**Anything else we need to know**:
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] boring-cyborg[bot] commented on issue #17021: Secrets masking is not applied in the log if get_connection(conn_id) is used
Posted by GitBox <gi...@apache.org>.
boring-cyborg[bot] commented on issue #17021:
URL: https://github.com/apache/airflow/issues/17021#issuecomment-880579401
Thanks for opening your first issue here! Be sure to follow the issue template!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] uranusjr closed issue #17021: Secrets masking is not applied in the log if get_connection(conn_id) is used
Posted by GitBox <gi...@apache.org>.
uranusjr closed issue #17021:
URL: https://github.com/apache/airflow/issues/17021
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] uranusjr commented on issue #17021: Secrets masking is not applied in the log if get_connection(conn_id) is used
Posted by GitBox <gi...@apache.org>.
uranusjr commented on issue #17021:
URL: https://github.com/apache/airflow/issues/17021#issuecomment-881072886
Already fixed in #16579.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org