You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by ka...@apache.org on 2020/12/03 13:49:12 UTC
[airflow] branch v1-10-test updated: Don't let webserver run with
dangerous config (#12747)
This is an automated email from the ASF dual-hosted git repository.
kaxilnaik pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/v1-10-test by this push:
new dd00196 Don't let webserver run with dangerous config (#12747)
dd00196 is described below
commit dd0019662f633d14bbc3fd8cd6f050dc99a4b01c
Author: Ash Berlin-Taylor <as...@firemirror.com>
AuthorDate: Wed Dec 2 10:55:22 2020 +0000
Don't let webserver run with dangerous config (#12747)
(cherry picked from commit dab783fcdcd6e18ee4d46c6daad0d43a0b075ada)
---
airflow/bin/cli.py | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/airflow/bin/cli.py b/airflow/bin/cli.py
index 4f23038..ac1b9a4 100644
--- a/airflow/bin/cli.py
+++ b/airflow/bin/cli.py
@@ -1138,6 +1138,17 @@ def webserver(args):
py2_deprecation_waring()
print(settings.HEADER)
+ # Check for old/insecure config, and fail safe (i.e. don't launch) if the config is wildly insecure.
+ if conf.get('webserver', 'secret_key') == 'temporary_key':
+ print(
+ "ERROR: The `secret_key` setting under the webserver config has an insecure "
+ "value - Airflow has failed safe and refuses to start. Please change this value to a new, "
+ "per-environment, randomly generated string, for example using this command `openssl rand "
+ "-hex 30`",
+ file=sys.stderr,
+ )
+ sys.exit(1)
+
access_logfile = args.access_logfile or conf.get('webserver', 'access_logfile')
error_logfile = args.error_logfile or conf.get('webserver', 'error_logfile')
num_workers = args.workers or conf.get('webserver', 'workers')