ashb commented on code in PR #25346:
URL: https://github.com/apache/airflow/pull/25346#discussion_r933066759
##########
airflow/www/views.py:
##########
@@ -3724,8 +3724,38 @@ def conf(self):
raw = request.args.get('raw') == "true"
title = "Airflow Configuration"
subtitle = AIRFLOW_CONFIG
+
+ expose_config = conf.get('webserver', 'expose_config')
+
# Don't show config when expose_config variable is False in airflow
config
- if conf.getboolean("webserver", "expose_config"):
+ # Don't show sensitive config values if expose_config variable is
'non-sensitive-only'
+ # in airflow config
+ if expose_config.lower() == 'non-sensitive-only':
+ from airflow.configuration import SENSITIVE_CONFIG_VALUES
+
+ with open(AIRFLOW_CONFIG) as file:
+ config = file.readlines()
+ for line in config:
+ for _, key in SENSITIVE_CONFIG_VALUES:
+ if key in line and not line.startswith('#'):
Review Comment:
I'd suggest that rather than trying to parse the format ourselves we should
use a module to handle this for us.
https://github.com/pyscaffold/configupdater is one that I've found that a)
does the job, b) preserves comments. The code to use it is
```python
updater = configupdater.ConfigUpdater()
updater.read(AIRFLOW_CONFIG)
for sect, key in SENSITIVE_CONFIG_VALUES:
if updater.has_option(sect, key):
updater[sect][key].value = '< hidden >'
config = str(updater)
```
(This module also has no extra deps which is a nice bonus.)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
