dabla commented on PR #68377: URL: https://github.com/apache/airflow/pull/68377#issuecomment-4680550310
> Claude propose to change mask_secret to something like this, but dunno if this is a good idea: > > ``` > def mask_secret(secret: JsonValue, name: str | None = None) -> None: > """ > Mask a secret in both task process and supervisor process. > > For secrets loaded from backends (Vault, env vars, etc.), this ensures > they're masked in both the task subprocess AND supervisor's log output. > Works safely in both sync and async contexts. > > When called from an async context (event loop running), the supervisor > notification is scheduled as a fire-and-forget coroutine via > :func:`asyncio.ensure_future` so the event loop is never blocked. > """ > import asyncio > from contextlib import suppress > > from airflow.sdk._shared.secrets_masker import _secrets_masker > > _secrets_masker().add_mask(secret, name) > > with suppress(Exception): > # Try to tell supervisor (only if in task execution context) > from airflow.sdk.execution_time import task_runner > from airflow.sdk.execution_time.comms import MaskSecret > > if comms := getattr(task_runner, "SUPERVISOR_COMMS", None): > msg = MaskSecret(value=secret, name=name) > try: > asyncio.get_running_loop() > # We're on the event loop thread — must not call blocking send() here. > # Schedule asend() as a fire-and-forget task; MaskSecret needs no response. > asyncio.ensure_future(comms.asend(msg)) > except RuntimeError: > # No running event loop — safe to call sync send(). > comms.send(msg) > ``` > > This means detecting if mask_secret was called from an async context or not. Tested this solution and it doesn't solve the deadlock. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
