anishgirianish commented on code in PR #60108:
URL: https://github.com/apache/airflow/pull/60108#discussion_r2700796690
##########
airflow-core/src/airflow/api_fastapi/execution_api/app.py:
##########
@@ -296,25 +296,74 @@ class InProcessExecutionAPI:
@cached_property
def app(self):
if not self._app:
+ import os
+ from base64 import urlsafe_b64encode
+
from airflow.api_fastapi.common.dagbag import create_dag_bag
from airflow.api_fastapi.execution_api.app import
create_task_execution_api_app
from airflow.api_fastapi.execution_api.deps import (
JWTBearerDep,
JWTBearerTIPathDep,
)
from airflow.api_fastapi.execution_api.routes.connections import
has_connection_access
+ from airflow.api_fastapi.execution_api.routes.task_instances
import JWTBearerWorkloadDep
from airflow.api_fastapi.execution_api.routes.variables import
has_variable_access
from airflow.api_fastapi.execution_api.routes.xcoms import
has_xcom_access
+ from airflow.configuration import conf
+
+ # Ensure JWT secret is available for in-process execution.
+ # The /run endpoint needs JWTGenerator to issue execution tokens.
+ # If the config option is empty, generate a random one for the
duration of this process.
+ if not conf.get("api_auth", "jwt_secret", fallback=None):
+ logger.debug(
+ "`api_auth/jwt_secret` is not set, generating a temporary
one for in-process execution"
+ )
+ conf.set("api_auth", "jwt_secret",
urlsafe_b64encode(os.urandom(16)).decode())
Review Comment:
From my understanding, this is only for InProcessExecutionAPI which is used
when running tasks without a separate API server - it generates a temporary
secret if none is configured. I'm still exploring this part of the codebase, so
please do correct me if I've misunderstood something.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
