This is an automated email from the ASF dual-hosted git repository.
turbaszek pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/v1-10-test by this push:
new b581362 Add FernetEnabledRule for upgrade check command (#11116)
b581362 is described below
commit b5813628ab8c247dd1647246cfe19ada637ea58f
Author: sangarshanan <[email protected]>
AuthorDate: Sun Sep 27 16:04:37 2020 +0530
Add FernetEnabledRule for upgrade check command (#11116)
---
airflow/upgrade/rules/fernet_enabled.py | 39 +++++++++++++++++++++++++
tests/upgrade/rules/test_fernet_enabled.py | 47 ++++++++++++++++++++++++++++++
2 files changed, 86 insertions(+)
diff --git a/airflow/upgrade/rules/fernet_enabled.py
b/airflow/upgrade/rules/fernet_enabled.py
new file mode 100644
index 0000000..b5f9947
--- /dev/null
+++ b/airflow/upgrade/rules/fernet_enabled.py
@@ -0,0 +1,39 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from __future__ import absolute_import
+
+from airflow.configuration import conf
+from airflow.upgrade.rules.base_rule import BaseRule
+
+
+class FernetEnabledRule(BaseRule):
+ title = "Fernet is enabled by default"
+
+ description = (
+ "The fernet mechanism is enabled by default "
+ "to increase the security of the default installation."
+ )
+
+ def check(self):
+ fernet_key = conf.get("core", "fernet_key")
+ if not fernet_key:
+ return (
+ "fernet_key in airflow.cfg must be explicitly set empty as
fernet mechanism is enabled"
+ "by default. This means that the apache-airflow[crypto]
extra-packages are always installed."
+ "However, this requires that your operating system has
libffi-dev installed."
+ )
diff --git a/tests/upgrade/rules/test_fernet_enabled.py
b/tests/upgrade/rules/test_fernet_enabled.py
new file mode 100644
index 0000000..e2104f5
--- /dev/null
+++ b/tests/upgrade/rules/test_fernet_enabled.py
@@ -0,0 +1,47 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from unittest import TestCase
+
+from airflow.upgrade.rules.fernet_enabled import FernetEnabledRule
+from tests.test_utils.config import conf_vars
+
+
+class TestFernetEnabledRule(TestCase):
+ @conf_vars({("core", "fernet_key"): ""})
+ def test_invalid_check(self):
+ rule = FernetEnabledRule()
+
+ assert isinstance(rule.description, str)
+ assert isinstance(rule.title, str)
+
+ msg = (
+ "fernet_key in airflow.cfg must be explicitly set empty as fernet
mechanism is enabled"
+ "by default. This means that the apache-airflow[crypto]
extra-packages are always installed."
+ "However, this requires that your operating system has libffi-dev
installed."
+ )
+ response = rule.check()
+ assert response == msg
+
+ @conf_vars({("core", "fernet_key"): "dummyfernet"})
+ def test_valid_check(self):
+ rule = FernetEnabledRule()
+
+ assert isinstance(rule.description, str)
+ assert isinstance(rule.title, str)
+
+ response = rule.check()
+ assert response is None
