airflow-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jarek Potiuk <ja...@potiuk.com>
Subject [DISCUSS] Managing provider Connections via UI in managed Airflow services
Date Sun, 13 Jun 2021 15:45:22 GMT
Dear Airflow community,

Here is another result of discussions. I would like to raise an attention
to potential Connection management problems that might affect managed
services for Airflow 2.0 and some providers.

With Airflow 2.0, connection UI "customisations" are baked into the
provider package and in order to see - for example Postgres connection in
the UI, you need to have the "postgres" provider installed in the Webserver.

As far as I know some of the Managed Airflow services (MWAA, Composer,
possibly other) do not currently allow their users installation of
additional packages in the webserver (the webserver container is different
than the scheduler/worker). This makes it impossible to configure/edit
provider connections via UI (unless those providers are pre-installed in
the webserver image).

While this is understandable from security point of view to forbid "any''
package installation, I think the official
"apache-airlfow-providers-*" should be allowlisted for those images and
installed or otherwise made available (for example via pre-installing all
providers in the webserver image if this is not possible from security
point of view to rebuild the image dynamically)

I wonder what people (and especially the people from MWAA, Composer team)
think about it - do I get it right about the security concerns? Any other
comments?


J.

-- 
+48 660 796 129

Mime
View raw message