amoghrajesh commented on code in PR #43123:
URL: https://github.com/apache/airflow/pull/43123#discussion_r1811237658
##########
airflow/utils/cli.py:
##########
@@ -139,11 +140,18 @@ def _build_metrics(func_name, namespace):
:param namespace: Namespace instance from argparse
:return: dict with metrics
"""
- sub_commands_to_check = {"users", "connections"}
+ sub_commands_to_check_for_sensitive_fields = {"users", "connections"}
+ sub_commands_to_check_for_sensitive_key = {"variables"}
sensitive_fields = {"-p", "--password", "--conn-password"}
full_command = list(sys.argv)
sub_command = full_command[1] if len(full_command) > 1 else None
- if sub_command in sub_commands_to_check:
+ # For cases when value in variables have sensitive value
Review Comment:
nit: for cases when values under `sub_commands_to_check_for_sensitive_key`
have sensitive info
##########
airflow/utils/cli.py:
##########
@@ -140,10 +141,17 @@ def _build_metrics(func_name, namespace):
:return: dict with metrics
"""
sub_commands_to_check = {"users", "connections"}
+ sub_commands_to_check_based_upon_key = {"variables"}
sensitive_fields = {"-p", "--password", "--conn-password"}
full_command = list(sys.argv)
sub_command = full_command[1] if len(full_command) > 1 else None
- if sub_command in sub_commands_to_check:
+ # For cases when value in variables have sensitive value
+ if sub_command in sub_commands_to_check_based_upon_key:
+ key = full_command[-2] if len(full_command) > 3 else None
Review Comment:
Right, that makes sense since we only use it in audit endpoint / ui.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
