You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2019/04/30 21:40:00 UTC

[jira] [Commented] (AIRFLOW-4448) Don't bake env vars/cmd in to tmp config when not using impersonation

    [ https://issues.apache.org/jira/browse/AIRFLOW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16830721#comment-16830721 ] 

ASF subversion and git services commented on AIRFLOW-4448:
----------------------------------------------------------

Commit 9918541beb554189eb49b64fc9f3b9d11905a76b in airflow's branch refs/heads/dont-bake-env-into-tmp-config from Ash Berlin-Taylor
[ https://gitbox.apache.org/repos/asf?p=airflow.git;h=9918541 ]

[AIRFLOW-4448] Don't bake ENV and _cmd into tmp config for non-sudo

If we are running tasks via sudo then AIRFLOW__ config env vars won't be
visible anymore (without them showing up in `ps`) and we likely might
not have permission to run the _cmd's specified to find the passwords.

But if we are running as the same user then there is no need to "bake"
those options in to the temporary config file -- if the operator decided
they didn't want those values appearing in a config file on disk, then
lets do our best to respect that.


> Don't bake env vars/cmd in to tmp config when not using impersonation
> ---------------------------------------------------------------------
>
>                 Key: AIRFLOW-4448
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-4448
>             Project: Apache Airflow
>          Issue Type: Bug
>            Reporter: Ash Berlin-Taylor
>            Priority: Major
>
> If we are running tasks via sudo then AIRFLOW__ config env vars won't be
>  visible anymore (without them showing up in {{ps}}) and we likely might
>  not have permission to run the _cmd's specified to find the passwords.
> But if we are running as the same user then there is no need to "bake"
>  those options in to the temporary config file -- if the operator decided
>  they didn't want those values appearing in a config file on disk, then
>  lets do our best to respect that.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)