You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Ash Berlin-Taylor (Jira)" <ji...@apache.org> on 2021/05/05 08:33:00 UTC
[jira] [Resolved] (AIRFLOW-4576) Rendered Template &
email_on_failure displays password variable in clear text
[ https://issues.apache.org/jira/browse/AIRFLOW-4576?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ash Berlin-Taylor resolved AIRFLOW-4576.
----------------------------------------
Resolution: Fixed
Will (finally!) be fixed in Airflow 2.1 by https://github.com/apache/airflow/pull/15599
> Rendered Template & email_on_failure displays password variable in clear text
> -----------------------------------------------------------------------------
>
> Key: AIRFLOW-4576
> URL: https://issues.apache.org/jira/browse/AIRFLOW-4576
> Project: Apache Airflow
> Issue Type: Bug
> Components: ui
> Affects Versions: 1.10.3
> Environment: Linux
> Reporter: Raj Sasidharan
> Priority: Critical
> Attachments: dag_rendered_template.JPG
>
>
> I have a DAG with a SSHOperator, which uses a ssh_conn_id to run the below command. As shown below, I am using Airflow Variables to pass credentials to the script that needs to run.
> *tac_job_run_command = "\{{ var.value.tac_metaservlet_path }}/MetaServletAirflowCaller.sh --tac-url=http://\{{ var.value.tac_server_ip }}:8080/tac/ --json-params='\{\"authPass\":\"{{ var.value.tac_tadmin_password }}\",\"authUser\":\"tadmin@abc.com\",\"taskId\":\{{ ti.xcom_pull(\"get_tac_job_id\")[0] }}}' "*
> The password variable (tac_tadmin_password), in the UI's variables screen shows as ***** and all works good, but once the job has run, the SSHOperator task's Rendered Template section displays the command with the variable values and also displays the password (tac_tadmin_password) in clear text. Is there any way we can avoid this or is this an issue that needs to be fixed?
> If the DAG fails, I have email_on_failure set to True, and the email also ends up displaying the rendered template with password in clear text.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)