norm commented on code in PR #25346:
URL: https://github.com/apache/airflow/pull/25346#discussion_r931922836
##########
airflow/www/views.py:
##########
@@ -3724,8 +3724,38 @@ def conf(self):
raw = request.args.get('raw') == "true"
title = "Airflow Configuration"
subtitle = AIRFLOW_CONFIG
+
+ expose_config = conf.get('webserver', 'expose_config')
+
# Don't show config when expose_config variable is False in airflow
config
- if conf.getboolean("webserver", "expose_config"):
+ # Don't show sensitive config values if expose_config variable is
'non-sensitive-only'
+ # in airflow config
+ if expose_config.lower() == 'non-sensitive-only':
+ from airflow.configuration import SENSITIVE_CONFIG_VALUES
+
+ with open(AIRFLOW_CONFIG) as file:
+ config = file.readlines()
+ for line in config:
+ for _, key in SENSITIVE_CONFIG_VALUES:
Review Comment:
This is making an assumption that the name is unique amongst all sections. I
don't think it's a problem (better to redact too much than not enough) but
there is a possibility of this catching other settings.
As I said, not a problem per se, but I would add a comment to that effect.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
