bugraoz93 commented on issue #58230: URL: https://github.com/apache/airflow/issues/58230#issuecomment-3523762076
Good point! Thanks for raising it! I see you are willing to raise the solution, will assign it, thanks! It would be great to see airflowctl in headless environments. Normally, if we set the environment variable `AIRFLOW_CLI_TOKEN`, it makes `--api-token` or `auth login` with username or password not needed. It means, if you set the variable, it will cascade to the token. https://github.com/apache/airflow/blob/905f4752d475837021574f80e2376366fc8260f0/airflow-ctl/src/airflowctl/api/client.py#L320 Of course, this doesn't eliminate the fact that we need Keyring. **Some pointers:** This place is where we generate the client. We have the args and kwargs from the method. We can check on the fly if a parameter is passed, but we will need the `--api-url` as well, where `Credentials` `save` and `load` manage both https://github.com/apache/airflow/blob/905f4752d475837021574f80e2376366fc8260f0/airflow-ctl/src/airflowctl/api/client.py#L348 ``` Args: (Namespace(subcommand='list', env='production', output='table', func=functools.partial(<function CommandFactory._create_func_map_from_operation.<locals>._get_func at 0x7a1108fb4a40>, api_operation={'name': 'list', 'parameters': [], 'return_type': 'ConnectionCollectionResponse', 'parent': <ast.ClassDef object at 0x7a1108fc73d0>})),) Kwargs: {'api_operation': {'name': 'list', 'parameters': [], 'return_type': 'ConnectionCollectionResponse', 'parent': <ast.ClassDef object at 0x7a1108fc73d0>}} ``` Let's keep the environment variable approach as well, because some security tools can extract and listen to each and every command in the systems/containers, potentially exposing the credentials. In those cases, having the variable but not printing or executing should still exist as an option. This is where we add parameters to all commands, but for custom commands, you need to go a bit further down in the same file and add them to commands. https://github.com/apache/airflow/blob/905f4752d475837021574f80e2376366fc8260f0/airflow-ctl/src/airflowctl/ctl/cli_config.py#L788 There is a `merge_commands` method where maybe we can inject a similar approach and include some parameters to all commands. https://github.com/apache/airflow/blob/905f4752d475837021574f80e2376366fc8260f0/airflow-ctl/src/airflowctl/ctl/cli_config.py#L721 We also need to pass `ARG_AUTH_ENVIRONMENT` to all, but it seems custom ones are missing it, which it can leverage (not in this context). https://github.com/apache/airflow/blob/905f4752d475837021574f80e2376366fc8260f0/airflow-ctl/src/airflowctl/ctl/cli_config.py#L586 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
