saveriogzz opened a new issue #15136:
URL: https://github.com/apache/airflow/issues/15136
<!--
Welcome to Apache Airflow! For a smooth issue process, try to answer the
following questions.
Don't worry if they're not all applicable; just try to include what you can
:-)
If you need to include code snippets or logs, please put them in fenced code
blocks. If they're super-long, please use the details tag like
<details><summary>super-long log</summary> lots of stuff </details>
Please delete these comment blocks before submitting the issue.
-->
<!--
IMPORTANT!!!
PLEASE CHECK "SIMILAR TO X EXISTING ISSUES" OPTION IF VISIBLE
NEXT TO "SUBMIT NEW ISSUE" BUTTON!!!
PLEASE CHECK IF THIS ISSUE HAS BEEN REPORTED PREVIOUSLY USING SEARCH!!!
Please complete the next sections or the issue will be closed.
These questions are the first thing we need to know to understand the
context.
-->
**Apache Airflow version**: 2.0.1 -
release:2.0.1+beb8af5ac6c438c29e2c186145115fb1334a3735
**Environment**:
- **OS** (e.g. from /etc/os-release): Ubuntu 20.04.2 LTS
**What happened**:
After I have hidden some sensitive variable values from the UI by writing
'secret' into their names, the task supposed to run using this variable value
fails for an authentication issue.
The task is a **BashOperator** with which I am doing **curl PUT** requests.
More in details, the bash operator is the following:
```python
put_task = BashOperator(
task_id='put_task',
bash_command=rest_operations.templated_put,
env={
'basepath': basepath,
'filename': filename,
'checksum': "{{ ti.xcom_pull(task_ids='create_metadata',
key='checksum') }}",
'user': user,
'password': Variable.get(f"{user}_apikey_secret")
}
)
```
where the templated bash command is:
```bash
curl --header "Content-Type: application/json" --request PUT --data-binary
@$basepath/$filename https://cloudnet.fmi.fi/upload/data/$checksum --user
$user:$password
```
and the variable is correctly rendered as secret:
```json
{
"basepath": "/path/to/my/binary/data",
"checksum": "mychecksum",
"filename": "myfile",
"password": "********",
"user": "myUser"
}
```
<!-- (please include exact error messages if you can) -->
I get this *Authorization required* message.
```
[2021-04-01 08:51:17,677] {bash.py:158} INFO - Running command: curl
--header "Content-Type: application/json" --request PUT
--data-binary @$basepath/$filename
https://cloudnet.fmi.fi/upload/data/$checksum --user $user:$password
[2021-04-01 08:51:17,849] {bash.py:169} INFO - Output:
[2021-04-01 08:51:18,069] {bash.py:173} INFO - % Total % Received %
Xferd Average Speed Time Time Time Current
[2021-04-01 08:51:18,072] {bash.py:173} INFO -
Dload Upload Total Spent Left Speed
[2021-04-01 08:51:18,190] {bash.py:173} INFO -
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 1367k 100 22 0 0 154 0 --:--:-- --:--:-- --:--:--
154
[2021-04-01 08:51:18,196] {bash.py:173} INFO - Authorization required
```
However, If I remove 'secret' from the variable name, then its value is
shown in clear, but everything works as expected.
**What you expected to happen**: I would expect the bash command to be
working also with the hidden variable value.
<!-- What do you think went wrong? -->
**How to reproduce it**:
<!---
As minimally and precisely as possible. Keep in mind we do not have access
to your cluster or dags.
If you are using kubernetes, please attempt to recreate the issue using
minikube or kind.
## Install minikube/kind
- Minikube https://minikube.sigs.k8s.io/docs/start/
- Kind https://kind.sigs.k8s.io/docs/user/quick-start/
If this is a UI bug, please provide a screenshot of the bug or a link to a
youtube video of the bug in action
You can include images using the .md style of
To record a screencast, mac users can use QuickTime and then create an
unlisted youtube video with the resulting .mov file.
--->
**Anything else we need to know**:
<!--
How often does this problem occur? Once? Every time etc?
Any relevant logs to include? Put them here in side a detail tag:
<details><summary>x.log</summary> lots of stuff </details>
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
