[
https://issues.apache.org/jira/browse/AIRFLOW-3178?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16649384#comment-16649384
]
ASF GitHub Bot commented on AIRFLOW-3178:
-----------------------------------------
ashb opened a new pull request #4050: [AIRFLOW-3178] Don't bake ENV and _cmd
into tmp config for non-sudo
URL: https://github.com/apache/incubator-airflow/pull/4050
Make sure you have checked _all_ steps below.
### Jira
- [ ] My PR addresses the following [Airflow
Jira](https://issues.apache.org/jira/browse/AIRFLOW/) issues and references
them in the PR title. For example, "\[AIRFLOW-XXX\] My Airflow PR"
- https://issues.apache.org/jira/browse/AIRFLOW-XXX
- In case you are fixing a typo in the documentation you can prepend your
commit with \[AIRFLOW-XXX\], code changes always need a Jira issue.
### Description
- [x] Further to #4029,
If we are running tasks via sudo then AIRFLOW__ config env vars won't be
visible anymore (without them showing up in `ps`) and we likely might
not have permission to run the _cmd's specified to find the passwords.
But if we are running as the same user then there is no need to "bake"
those options in to the temporary config file -- if the operator decided
they didn't want those values appearing in a config file on disk, then
lets do our best to respect that.
This also removes a possible race condition that would make temporary
config file be readable by more than the airflow or run-as user
The exact behaviour would depend on the umask we run under, and the
primary group of our user, likely this would mean the file was readably
by members of the airflow group (which in most cases would be just the
airflow user). To remove any such possibility set the umask before we
write anything to the file.
### Tests
- [x] My PR adds the following unit tests: added some tests to
tests/configuration.py.
### Commits
- [x] My commits all reference Jira issues in their subject lines, and I
have squashed multiple commits if they address the same issue. In addition, my
commits follow the guidelines from "[How to write a good git commit
message](http://chris.beams.io/posts/git-commit/)":
1. Subject is separated from body by a blank line
1. Subject is limited to 50 characters (not including Jira issue reference)
1. Subject does not end with a period
1. Subject uses the imperative mood ("add", not "adding")
1. Body wraps at 72 characters
1. Body explains "what" and "why", not "how"
### Documentation
- [x] In case of new functionality, my PR adds documentation that describes
how to use it.
- When adding new operators/hooks/sensors, the autoclass documentation
generation needs to be added.
### Code Quality
- [x] Passes `git diff upstream/master -u -- "*.py" | flake8 --diff`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> `airflow run` config doens't cope with % in config values.
> ----------------------------------------------------------
>
> Key: AIRFLOW-3178
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3178
> Project: Apache Airflow
> Issue Type: Bug
> Affects Versions: 1.10.0
> Reporter: Ash Berlin-Taylor
> Assignee: Ash Berlin-Taylor
> Priority: Major
> Fix For: 1.10.1
>
>
> ConfigParser uses %-signs for interpolation, so if you need a literal % in
> airflow.cfg it needs to be escaped in by specifying them as {{%%}}), but by
> the time they are written out to the temporary config that is passed to
> `airflow run` they escaping is lost.
> This is also true for configuration via environment variables, where {{%}}
> doesn't need to be escaped at all, but is included (sometimes needlessly) in
> the config un-escaped.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
