ashb commented on code in PR #25346:
URL: https://github.com/apache/airflow/pull/25346#discussion_r932422157
##########
airflow/www/views.py:
##########
@@ -3727,8 +3727,41 @@ def conf(self):
raw = request.args.get('raw') == "true"
title = "Airflow Configuration"
subtitle = AIRFLOW_CONFIG
+
+ expose_config = conf.get('webserver', 'expose_config')
+
# Don't show config when expose_config variable is False in airflow
config
- if conf.getboolean("webserver", "expose_config"):
+ # Don't show sensitive config values if expose_config variable is
'non-sensitive-only'
+ # in airflow config
+ if expose_config.lower() == 'non-sensitive-only':
+ from airflow.configuration import SENSITIVE_CONFIG_VALUES
+
+ with open(AIRFLOW_CONFIG) as file:
+ config = file.readlines()
+ for line in config:
+ for _, key in SENSITIVE_CONFIG_VALUES:
+ # this masks the keys wherever it's found not
+ # minding the section
+ if key in line and not line.startswith('#'):
+ config[config.index(line)] = key + ' = ***\n'
+ break
+
+ config = ''.join(config)
+
+ running_conf = conf.as_dict(True, True)
+ for section, key in SENSITIVE_CONFIG_VALUES:
+ running_conf_value = running_conf[section].get(key, None)
+ if running_conf_value:
+ new = ('***', running_conf_value[1])
+ running_conf[section][key] = new
Review Comment:
I wonder if this behaviour should live as an option inside conf as_dict
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
