TECH-Airflow-Engineering-Team opened a new issue, #33276:
URL: https://github.com/apache/airflow/issues/33276
### Apache Airflow version
Other Airflow 2 version (please specify below)
### What happened
As a admin user shouldn't be able to get configuration value through
Bashoperator/ python operator.
Running version 2.0.1 But I am sure its not fixed in latest version too.
Here is output:
[2023-08-09 23:25:42,005] {taskinstance.py:1065} INFO - Executing
<Task(BashOperator): bash_command_test> on 2023-08-09T23:25:30.683689+00:00
[2023-08-09 23:25:42,009] {standard_task_runner.py:52} INFO - Started
process 264 to run task
[2023-08-09 23:25:42,017] {standard_task_runner.py:76} INFO - Running:
['airflow', 'tasks', 'run', 'airflow_bash_test', 'bash_command_test',
'2023-08-09T23:25:30.683689+00:00', '--job-id', '329', '--pool',
'default_pool', '--raw', '--subdir',
'DAGS_FOLDER/APP01729-Airflow-dag-templates/airflow_sample_dags/bash/airflow_bash_test.py',
'--cfg-path', '/tmp/tmpbkytri1x', '--error-file', '/tmp/tmpm5suhp_j']
[2023-08-09 23:25:42,019] {standard_task_runner.py:77} INFO - Job 329:
Subtask bash_command_test
[2023-08-09 23:25:42,100] {logging_mixin.py:104} INFO - Running
<TaskInstance: airflow_bash_test.bash_command_test
2023-08-09T23:25:30.683689+00:00 [running]> on host airflow-worker
[2023-08-09 23:25:42,178] {taskinstance.py:1263} INFO - Exporting the
following env vars:
AIRFLOW_CTX_DAG_OWNER=airflow-platform
AIRFLOW_CTX_DAG_ID=airflow_bash_test
AIRFLOW_CTX_TASK_ID=bash_command_test
AIRFLOW_CTX_EXECUTION_DATE=2023-08-09T23:25:30.683689+00:00
AIRFLOW_CTX_DAG_RUN_ID=manual__2023-08-09T23:25:30.683689+00:00
[2023-08-09 23:25:42,181] {bash.py:144} INFO - Tmp dir root location:
/tmp
[2023-08-09 23:25:42,183] {bash.py:167} INFO - Running command: airflow
config list
[2023-08-09 23:25:42,194] {bash.py:178} INFO - Output:
[2023-08-09 23:25:43,973] {bash.py:182} INFO - [core]
[2023-08-09 23:25:43,974] {bash.py:182} INFO - dags_folder =
/opt/nonroot/airflow/dags
[2023-08-09 23:25:43,974] {bash.py:182} INFO - hostname_callable =
socket.getfqdn
[2023-08-09 23:25:43,975] {bash.py:182} INFO - default_timezone = utc
[2023-08-09 23:25:43,976] {bash.py:182} INFO - executor = CeleryExecutor
[2023-08-09 23:25:43,977] {bash.py:182} INFO - sql_alchemy_conn =
postgres+psycopg2://XXXX:XXXXXX@airflow-db:5432/postgres
[2023-08-09 23:25:43,977] {bash.py:182} INFO - sql_engine_encoding = utf-8
[2023-08-09 23:25:43,978] {bash.py:182} INFO - sql_alchemy_pool_enabled =
True
[2023-08-09 23:25:43,978] {bash.py:182} INFO - sql_alchemy_pool_size = 5
[2023-08-09 23:25:43,979] {bash.py:182} INFO - sql_alchemy_max_overflow = 10
[2023-08-09 23:25:43,979] {bash.py:182} INFO - sql_alchemy_pool_recycle =
1800
[2023-08-09 23:25:43,980] {bash.py:182} INFO - sql_alchemy_pool_pre_ping =
True
[2023-08-09 23:25:43,980] {bash.py:182} INFO - sql_alchemy_schema =
[2023-08-09 23:25:43,980] {bash.py:182} INFO - parallelism = 32
[2023-08-09 23:25:43,981] {bash.py:182} INFO - dag_concurrency = 16
[2023-08-09 23:25:43,981] {bash.py:182} INFO - dags_are_paused_at_creation =
True
### What you think should happen instead
Instead bash operator shouldn't have access to airflow commands especially
airflow config and airflow connections
### How to reproduce
bash_command_test = BashOperator(
task_id='bash_command_test',
bash_command="airflow config list"
)
### Operating System
PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux"
VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian
HOME_URL="https://www.debian.org/"; SUPPORT_URL="https://www.debian.org/support";
BUG_REPORT_URL="https://bugs.debian.org/";
### Versions of Apache Airflow Providers
_No response_
### Deployment
Other Docker-based deployment
### Deployment details
_No response_
### Anything else
_No response_
### Are you willing to submit PR?
- [X] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
