airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AIRFLOW-2162) Run DAG as user other than airflow does NOT have access to AIRFLOW_ environment variables
Date Wed, 11 Apr 2018 01:15:00 GMT

    [ https://issues.apache.org/jira/browse/AIRFLOW-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16433262#comment-16433262
] 

ASF subversion and git services commented on AIRFLOW-2162:
----------------------------------------------------------

Commit 354492bc597130f43c76e7bec4bc894fb6deb7fe in incubator-airflow's branch refs/heads/master
from [~johnarnold]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-airflow.git;h=354492b ]

[AIRFLOW-2162] When impersonating another user, pass env variables to sudo


> Run DAG as user other than airflow does NOT have access to AIRFLOW_ environment variables
> -----------------------------------------------------------------------------------------
>
>                 Key: AIRFLOW-2162
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-2162
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: configuration
>            Reporter: Sebastian Radloff
>            Assignee: John Arnold
>            Priority: Minor
>              Labels: configuration
>
> When running airflow with LocalExecutor, I inject airflow environment variables that
are supposed to override what is in the airflow.cfg, according to the documentation [https://airflow.apache.org/configuration.html.
> I|https://airflow.apache.org/configuration.html.]f you specify to run your DAGs as another
linux user, root for example, this is what airflow executes under the hood:
> {code:java}
> ['bash', '-c', u'sudo -H -u root airflow run docker_sample docker_op_tester 2018-03-01T15:14:55.699668
--job_id 2 --raw -sd DAGS_FOLDER/docker-operator.py --cfg_path /tmp/tmpignV9B']
> {code}
>  
> It uses sudo and switches to the root linux user, unfortunately, it won't have access
to the environment variables injected to override the config. This is important for people
who are trying to inject variables into a docker container at run time while wishing to maintain
a level of security around database credentials.
> I think a decent proposal made by [~ashb] in gitter, would be to automatically pass
all environment variables starting with *AIRFLOW__* to any user. Please lmk if y'all want
any help on the documentation or point me in the right direction and I could create a PR. 
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message