[GitHub] [airflow] Taragolis commented on a diff in pull request #29016: Fix leak sensitive field via V1EnvVar on exception

["Taragolis (via GitHub)" <gi...@apache.org>]

Taragolis commented on code in PR #29016:
URL: https://github.com/apache/airflow/pull/29016#discussion_r1111255261


##########
kubernetes_tests/test_kubernetes_pod_operator.py:
##########
@@ -1283,3 +1283,39 @@ class MyK8SPodOperator(KubernetesPodOperator):
             == "apple-sauce"
         )
         assert MyK8SPodOperator(task_id=str(uuid4())).base_container_name == "tomato-sauce"
+
+
+def test_hide_sensitive_field_in_templated_fields_on_error(caplog, monkeypatch):
+    logger = logging.getLogger("airflow.task")
+    monkeypatch.setattr(logger, "propagate", True)
+
+    class Var:
+        def __getattr__(self, name):
+            raise KeyError(name)
+
+    context = {
+        "password": "secretpassword",
+        "var": Var(),
+    }
+    from airflow.providers.cncf.kubernetes.operators.kubernetes_pod import (
+        KubernetesPodOperator,
+    )
+
+    task = KubernetesPodOperator(
+        task_id="dry_run_demo",
+        name="hello-dry-run",
+        image="python:3.8-slim-buster",
+        cmds=["printenv"],
+        # env_vars=[
+        #     V1EnvVar(name="password", value="{{ conn.test_connection.password }}"),
+        #     V1EnvVar(name="VAR2", value="{{ var.value.nonexisting }}"),
+        # ],

Review Comment:
   ```suggestion
   ```
   
   Or ss incidentally commented out?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org