You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2019/09/07 14:55:20 UTC

[GitHub] [airflow] mik-laj commented on issue #6050: [AIRFLOW-5434][DONT-MERGE] Use hook to provide credentials in GKEPodOperator

mik-laj commented on issue #6050: [AIRFLOW-5434][DONT-MERGE] Use hook to provide credentials in GKEPodOperator
URL: https://github.com/apache/airflow/pull/6050#issuecomment-529115287
 
 
   I am wondering about the optional ``gcp_conn_id`` parameter. It was optional. Now it's required.  When the user did not provide a value, credentials was set up to use ADC strategies. I think we should abandon this mechanism for security reasons. Credentials should only be determined based on the connection configuration.  Now this is not a big problem, but in the future this connection configuration only by connecting can be crucial. In future, it may allow the introduction of further security mechanisms, e.g. IAM.  
   
   Do you think it is worth introducing backward compatibility or leaving the current implementation? If we leave the current implementation then I have to add a note in UPDATING.md
   
   It is worth noting that ADC is quite a complex mechanism and permissions may be mistakenly granted.
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services