[GitHub] [airflow] o-nikolas commented on a diff in pull request #32052: Disable allowing by default testing of connnections in UI

Thu, 22 Jun 2023 14:11:03 -0700 


o-nikolas commented on code in PR #32052:
URL: https://github.com/apache/airflow/pull/32052#discussion_r1239028771


##########
airflow/config_templates/config.yml:
##########
@@ -1794,6 +1794,15 @@ webserver:
       type: string
       example: "sha256"
       default: "md5"
+    enable_test_connection:
+      description: |
+        The ability to allow testing connections from UI. By default, it is 
disabled.

Review Comment:
   Wording suggestion, feel free to take it or not :) 
   ```suggestion
           Enables or disables the ability to test connections from UI. By 
default, it is disabled.
   ```



##########
airflow/config_templates/config.yml:
##########
@@ -1794,6 +1794,15 @@ webserver:
       type: string
       example: "sha256"
       default: "md5"
+    enable_test_connection:
+      description: |
+        The ability to allow testing connections from UI. By default, it is 
disabled.
+        If you're enabling it by setting it to True, make sure that you trust 
your users
+        who can add or edit connections in the UI and that they do not use it 
maliciously.

Review Comment:
   Another suggested wording, feel free to use or not (if used here, be sure to 
also copy it below in default config)
   ```suggestion
           Before setting this to True, make sure that you review the users who 
are able
           to add/edit connections in the UI and ensure they are trusted.
           Connection testing can can be done maliciously leading to undesired 
and insecure outcomes.
   ```



##########
airflow/www/static/js/connection_form.js:
##########
@@ -123,6 +125,16 @@ function applyFieldBehaviours(connection) {
  */
 function handleTestConnection(connectionType, testableConnections) {
   const testButton = document.getElementById("test-connection");
+
+  if (!configTestConnectionEnabled) {
+    // If test connection is not enabled in config, disable button and display 
toolip
+    // alerting the user.
+    $(testButton)
+      .prop("disabled", true)
+      .attr("title", "Test connection is not enabled in config.");

Review Comment:
   Another suggestion
   ```suggestion
         .attr("title", "Testing connections is disabled in Airflow 
configuration.");
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to