airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [airflow] potiuk commented on issue #6801: [AIRFLOW-6260] Drive _cmd config options by env var
Date Tue, 17 Dec 2019 15:55:58 GMT
potiuk commented on issue #6801: [AIRFLOW-6260] Drive _cmd config options by env var
URL: https://github.com/apache/airflow/pull/6801#issuecomment-566603555
 
 
   Geeee. Bad me .. I missed entirely the _cmd option in Airflow. So it seems we are already
past the dangerous line when user can not only write arbitrary python code in DAGs but also
arbitrary bash script :).
   
   Still what I see is that we allow that only for those "secret-related" cases. From the
docs:
   
   > The following config options support this _cmd version:
   > 
   > - sql_alchemy_conn in [core] section
   > - fernet_key in [core] section
   > - broker_url in [celery] section
   > - result_backend in [celery] section
   > - password in [atlas] section
   > - smtp_password in [smtp] section
   > - bind_password in [ldap] section
   > - git_password in [kubernetes] section
   
   
   So if we allow this ENV variable thing here it should also be limited to those variables
IMHO.
   
   > Never heard that one in Polish (half-Pole here ^^), but it translates as well in French
:)
   What is the French version then :) ? 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message