This is an automated email from the ASF dual-hosted git repository. ephraimanierobi pushed a commit to branch v2-6-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit a50b33c0d854e2e8fee9e1f6ff508702957506e6 Author: herlambang <[email protected]> AuthorDate: Mon May 8 21:59:58 2023 +0700 Mask task attribute on task detail view (#31125) (cherry picked from commit ffe3a68f9ada2d9d35333d6a32eac2b6ac9c70d6) --- airflow/www/views.py | 2 +- tests/www/views/test_views_rendered.py | 84 ++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 1 deletion(-) diff --git a/airflow/www/views.py b/airflow/www/views.py index 91f92dadda..e6bf8f1cd4 100644 --- a/airflow/www/views.py +++ b/airflow/www/views.py @@ -1723,7 +1723,7 @@ class Airflow(AirflowBaseView): ) task_attrs = [ - (attr_name, attr) + (attr_name, secrets_masker.redact(attr, attr_name)) for attr_name, attr in ( (attr_name, getattr(task, attr_name)) for attr_name in filter(include_task_attrs, dir(task)) ) diff --git a/tests/www/views/test_views_rendered.py b/tests/www/views/test_views_rendered.py index c54212dc9f..6a2cb9717f 100644 --- a/tests/www/views/test_views_rendered.py +++ b/tests/www/views/test_views_rendered.py @@ -21,6 +21,7 @@ from unittest import mock from urllib.parse import quote_plus import pytest +from markupsafe import escape from airflow.models import DAG, RenderedTaskInstanceFields, Variable from airflow.operators.bash import BashOperator @@ -206,3 +207,86 @@ def test_rendered_template_secret(admin_client, create_dag_run, task_secret): check_content_not_in_response("secret_unlikely_to_happen_accidentally", resp) ti.refresh_from_task(task_secret) assert ti.state == TaskInstanceState.QUEUED + + [email protected]( + "env, expected", + [ + pytest.param( + {"plain_key": "plain_value"}, + "{'plain_key': 'plain_value'}", + id="env-plain-key-val", + ), + pytest.param( + {"plain_key": Variable.setdefault("plain_var", "banana")}, + "{'plain_key': 'banana'}", + id="env-plain-key-plain-var", + ), + pytest.param( + {"plain_key": Variable.setdefault("secret_var", "monkey")}, + "{'plain_key': '***'}", + id="env-plain-key-sensitive-var", + ), + pytest.param( + {"plain_key": "{{ var.value.plain_var }}"}, + "{'plain_key': '{{ var.value.plain_var }}'}", + id="env-plain-key-plain-tpld-var", + ), + pytest.param( + {"plain_key": "{{ var.value.secret_var }}"}, + "{'plain_key': '{{ var.value.secret_var }}'}", + id="env-plain-key-sensitive-tpld-var", + ), + pytest.param( + {"secret_key": "plain_value"}, + "{'secret_key': '***'}", + id="env-sensitive-key-plain-val", + ), + pytest.param( + {"secret_key": Variable.setdefault("plain_var", "monkey")}, + "{'secret_key': '***'}", + id="env-sensitive-key-plain-var", + ), + pytest.param( + {"secret_key": Variable.setdefault("secret_var", "monkey")}, + "{'secret_key': '***'}", + id="env-sensitive-key-sensitive-var", + ), + pytest.param( + {"secret_key": "{{ var.value.plain_var }}"}, + "{'secret_key': '***'}", + id="env-sensitive-key-plain-tpld-var", + ), + pytest.param( + {"secret_key": "{{ var.value.secret_var }}"}, + "{'secret_key': '***'}", + id="env-sensitive-key-sensitive-tpld-var", + ), + ], +) +def test_rendered_task_detail_env_secret(patch_app, admin_client, request, env, expected): + if request.node.callspec.id.endswith("-tpld-var"): + Variable.set("plain_var", "banana") + Variable.set("secret_var", "monkey") + + dag: DAG = patch_app.dag_bag.get_dag("testdag") + task_secret: BashOperator = dag.get_task(task_id="task1") + task_secret.env = env + date = quote_plus(str(DEFAULT_DATE)) + url = f"task?task_id=task1&dag_id=testdag&execution_date={date}" + + with create_session() as session: + dag.create_dagrun( + state=DagRunState.RUNNING, + execution_date=DEFAULT_DATE, + data_interval=(DEFAULT_DATE, DEFAULT_DATE), + run_type=DagRunType.SCHEDULED, + session=session, + ) + + resp = admin_client.get(url, follow_redirects=True) + check_content_in_response(str(escape(expected)), resp) + + if request.node.callspec.id.endswith("-tpld-var"): + Variable.delete("plain_var") + Variable.delete("secret_var")
