airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] nsreenivas commented on issue #3764: [AIRFLOW-2916] Arg `verify` for AwsHook() & S3 sensors/operators
Date Tue, 21 Aug 2018 02:27:11 GMT
nsreenivas commented on issue #3764: [AIRFLOW-2916] Arg `verify` for AwsHook() & S3 sensors/operators
URL: https://github.com/apache/incubator-airflow/pull/3764#issuecomment-414529083
 
 
   I believe standard practice for most SSL communication is to provide a way to turn it off
but enable by default. S3 API and LDAP protocol support communication with and without SSL.
Organisations who want to disable insecure connection will generally block the port that allows
insecure communication (LDAP 389 port). Additionally, we have development environments where
users want to test tools without having to deal with things like TLS and Kerberos.
   
   The other point is when we are in an on-premise environment using tools like Minio or IBM
Cloud Object Store, we need to be able to pass certs that aren't the default AWS certificates.
This is a requirement for running Airflow securely in an on-premise cloud.
   
   I would suggest defaulting to SSL enabled but allow the opportunity for users to disable
it if required. As the AWS CLI does, an warning could be thrown telling users that noSSL is
an insecure option.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message