You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/12/13 20:45:06 UTC

[GitHub] [airflow] potiuk commented on issue #13046: installation of simplejson breaks airlfow webserver 2.0.0rc2

potiuk commented on issue #13046:
URL: https://github.com/apache/airflow/issues/13046#issuecomment-744065890


   I agree that in most cases there should be the same image used for all containers. I know for security reasons cloud providers are making they webserver slightly different than scheduler /workers (for example both Composer and MWAW disallow plugins for the webserver) but i think it would be great to protect against simplejson breaking airflow webserver in non-cloud mode.
   
   In Airflow 2.0 we allow custom providers in Airflow and they can modify webserver behaviour in a more secure way - they have to provide 'airflow.provider' entry point and this can be verified at installation time by the providers (like only allow built-in providers and do not allow any other packages that have that entry point defined). I am not sure if that is 'secure enough' for the cloud providers (will check with composer) but i imagine in this case just installing a package with simplejson as dependency would break webserver.
   
   And for on premise installation i think sharing same image is rather common. So protecting against that might be a good idea. 
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org