bugraoz93 commented on issue #54090: URL: https://github.com/apache/airflow/issues/54090#issuecomment-3168823161
Yes, the UI and airflowctl are using the same endpoints on those entities. There are a few for UI for specific tasks. Since they are using the same endpoints, I would expect them to behave similarly. If we reduct in UI, it makes sense to keep the same for it since the audience for GUI and CTL in general is the same. We can add one more layer, like a new endpoint and role. New role could be better because then we can control for multiple endpoints while we need to consider `GET` and `LIST` endpoints of the reducted entities. I am not sure if these things are more secure since the Read Connection role should also be given carefully. I also agree that export may be more dangerous, but if you have read access without `reduction`, you can easily automate the export. I think we should evaluate the reduction in general because it also covers getting a single connection and getting all connections. Those are also endpoints and behave similarly. This is basically an export if you all `airflowctl connections list -o yaml > a.yaml` because, as in the airflow CLI, we are returning all, and the list can return yaml, json, etc... This case also applies to `Variables` if it has some kind of password and needs a reduction, right? I am also okay to drop this from airflowctl and keep it in airflow as an administrative operation to read database directly since the values are sensitive, but I would like to have similar functionality with the UI if we can, because if you like and get used to commands where you can do the same with things with the UI, for example, I generally use CLI in that case where you feel more control over what you call (of course GUI can be easier), my point is it would be great if we would be consistent in between UI and CTL. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
