You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by da...@apache.org on 2017/10/10 18:34:02 UTC
incubator-airflow git commit: [AIRFLOW-1697] Mode to disable charts
endpoint
Repository: incubator-airflow
Updated Branches:
refs/heads/master ebe715c56 -> 21e94c7d1
[AIRFLOW-1697] Mode to disable charts endpoint
Project: http://git-wip-us.apache.org/repos/asf/incubator-airflow/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-airflow/commit/21e94c7d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-airflow/tree/21e94c7d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-airflow/diff/21e94c7d
Branch: refs/heads/master
Commit: 21e94c7d1594c5e0806d9e1ae1205a41bf98b5d3
Parents: ebe715c
Author: Dan Davydov <da...@airbnb.com>
Authored: Mon Oct 9 14:46:38 2017 -0700
Committer: Dan Davydov <da...@airbnb.com>
Committed: Tue Oct 10 11:33:50 2017 -0700
----------------------------------------------------------------------
UPDATING.md | 2 ++
airflow/config_templates/default_airflow.cfg | 4 ++++
airflow/www/app.py | 7 +++++--
airflow/www/views.py | 9 ++++++++-
scripts/ci/airflow_travis.cfg | 1 +
5 files changed, 20 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/21e94c7d/UPDATING.md
----------------------------------------------------------------------
diff --git a/UPDATING.md b/UPDATING.md
index 6a0b8bc..ebcb5cd 100644
--- a/UPDATING.md
+++ b/UPDATING.md
@@ -270,6 +270,8 @@ supported and will be removed entirely in Airflow 2.0
Previously, `Operator.__init__()` accepted any arguments (either positional `*args` or keyword `**kwargs`) without
complaint. Now, invalid arguments will be rejected. (https://github.com/apache/incubator-airflow/pull/1285)
+- The config value secure_mode will default to True which will disable some insecure endpoints/features
+
### Known Issues
There is a report that the default of "-1" for num_runs creates an issue where errors are reported while parsing tasks.
It was not confirmed, but a workaround was found by changing the default back to `None`.
http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/21e94c7d/airflow/config_templates/default_airflow.cfg
----------------------------------------------------------------------
diff --git a/airflow/config_templates/default_airflow.cfg b/airflow/config_templates/default_airflow.cfg
index b051583..dee6dc7 100644
--- a/airflow/config_templates/default_airflow.cfg
+++ b/airflow/config_templates/default_airflow.cfg
@@ -117,6 +117,10 @@ default_impersonation =
# What security module to use (for example kerberos):
security =
+# If set to False enables some unsecure features like Charts. In 2.0 will
+# default to True.
+secure_mode = False
+
# Turn unit test mode on (overwrites many configuration options with test
# values at runtime)
unit_test_mode = False
http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/21e94c7d/airflow/www/app.py
----------------------------------------------------------------------
diff --git a/airflow/www/app.py b/airflow/www/app.py
index bbb9410..dfdc04c 100644
--- a/airflow/www/app.py
+++ b/airflow/www/app.py
@@ -22,6 +22,7 @@ from flask_wtf.csrf import CSRFProtect
csrf = CSRFProtect()
import airflow
+from airflow import configuration as conf
from airflow import models, LoggingMixin
from airflow.settings import Session
@@ -69,8 +70,10 @@ def create_app(config=None, testing=False):
av(vs.Airflow(name='DAGs', category='DAGs'))
av(vs.QueryView(name='Ad Hoc Query', category="Data Profiling"))
- av(vs.ChartModelView(
- models.Chart, Session, name="Charts", category="Data Profiling"))
+
+ if not conf.getboolean('core', 'secure_mode'):
+ av(vs.ChartModelView(
+ models.Chart, Session, name="Charts", category="Data Profiling"))
av(vs.KnownEventView(
models.KnownEvent,
Session, name="Known Events", category="Data Profiling"))
http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/21e94c7d/airflow/www/views.py
----------------------------------------------------------------------
diff --git a/airflow/www/views.py b/airflow/www/views.py
index ad27238..bc63b5b 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -37,7 +37,8 @@ import sqlalchemy as sqla
from sqlalchemy import or_, desc, and_, union_all
from flask import (
- redirect, url_for, request, Markup, Response, current_app, render_template, make_response)
+ abort, redirect, url_for, request, Markup, Response, current_app, render_template,
+ make_response)
from flask_admin import BaseView, expose, AdminIndexView
from flask_admin.contrib.sqla import ModelView
from flask_admin.actions import action
@@ -299,6 +300,9 @@ class Airflow(BaseView):
def chart_data(self):
from airflow import macros
import pandas as pd
+ if conf.getboolean('core', 'secure_mode'):
+ abort(404)
+
session = settings.Session()
chart_id = request.args.get('chart_id')
csv = request.args.get('csv') == "true"
@@ -437,6 +441,9 @@ class Airflow(BaseView):
@expose('/chart')
@data_profiling_required
def chart(self):
+ if conf.getboolean('core', 'secure_mode'):
+ abort(404)
+
session = settings.Session()
chart_id = request.args.get('chart_id')
embed = request.args.get('embed')
http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/21e94c7d/scripts/ci/airflow_travis.cfg
----------------------------------------------------------------------
diff --git a/scripts/ci/airflow_travis.cfg b/scripts/ci/airflow_travis.cfg
index 6827138..6a8db93 100644
--- a/scripts/ci/airflow_travis.cfg
+++ b/scripts/ci/airflow_travis.cfg
@@ -23,6 +23,7 @@ donot_pickle = False
dag_concurrency = 16
dags_are_paused_at_creation = False
default_impersonation =
+secure_mode = False
fernet_key = af7CN0q6ag5U3g08IsPsw3K45U7Xa0axgVFhoh-3zB8=
[webserver]