yuseok89 commented on code in PR #60392:
URL: https://github.com/apache/airflow/pull/60392#discussion_r2698437813
##########
airflow-core/src/airflow/api_fastapi/core_api/datamodels/connections.py:
##########
@@ -129,6 +129,28 @@ def redact_extra_fields(cls, v: Mapping | None):
if v is None:
return None
+ # Check if extra_fields contains param spec structures (result of
SerializedParam.dump())
+ # which have "value" and "schema" keys, or simple dictionary structures
+ has_param_spec_structure = any(
+ isinstance(field_spec, dict) and "value" in field_spec and
"schema" in field_spec
+ for field_spec in v.values()
+ )
+
+ if has_param_spec_structure:
+ redacted_extra_fields = {}
+ for field_name, field_spec in v.items():
+ if isinstance(field_spec, dict) and "value" in field_spec and
"schema" in field_spec:
+ if should_hide_value_for_key(field_name) and
field_spec.get("value") is not None:
+ # Mask only the value, preserve everything else
including schema.type
+ redacted_extra_fields[field_name] = {**field_spec,
"value": "***"}
+ else:
+ # Not sensitive or no value, keep as is
+ redacted_extra_fields[field_name] = field_spec
+ else:
+ # Not a param spec structure, keep as is
+ redacted_extra_fields[field_name] = field_spec
Review Comment:
Thanks for the suggestion! This ensures that non-param-spec fields are also
properly redacted if they're sensitive, which is more consistent and secure.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
