This alert can be definitely improved. I do think we should have it and we should not remove it. If you have some proposals, please feel free to create a PR, I'll be happy to review. Mentioning the other auth managers as alternatives is, I think, a great idea.
On 2025/03/21 07:20:26 Amogh Desai wrote: > Hmmm, I wonder if it can instead be made clearer. Something like this? > > *Simple Auth Manager Enabled.* > *The Simple Auth Manager is intended for development and testing. If you're > using it in production, ensure that access is controlled through other > means. * > *<link some doc>* > > Thanks & Regards, > Amogh Desai > > > On Thu, Mar 20, 2025 at 11:58 PM Daniel Standish > <daniel.stand...@astronomer.io.invalid> wrote: > > > I'm saying, sounds confusing! > > > > On Thu, Mar 20, 2025 at 11:27 AM <consta...@astronomer.io.invalid> wrote: > > > > > Sounds great! Do we have something in the config linter to highlight this > > > change? > > > > > > > On Mar 20, 2025, at 11:19 PM, Daniel Standish > > > <daniel.stand...@astronomer.io.invalid> wrote: > > > > > > > > It says this: > > > > > > > > Development-only auth manager configured > > > > The auth manager configured in your environment is the Simple Auth > > > Manager, > > > > which is intended for development use only. It is not suitable for > > > > production and should not be used in a production environment. > > > > > > > >> On Thu, Mar 20, 2025 at 10:48 AM Jarek Potiuk <ja...@potiuk.com> > > wrote: > > > >> > > > >> What's the alert - at least for me it did not get through > > > >> > > > >> On Thu, Mar 20, 2025 at 6:33 PM Daniel Standish > > > >> <daniel.stand...@astronomer.io.invalid> wrote: > > > >> > > > >>> I should add, the import here is, many users who never customized > > auth > > > >>> before will now see this message and not really have a clue what they > > > are > > > >>> supposed to do, and I think it will probably create a good amount of > > > >>> confusion. > > > >>> > > > >>> On Thu, Mar 20, 2025 at 10:27 AM Daniel Standish < > > > >>> daniel.stand...@astronomer.io> wrote: > > > >>> > > > >>>> I just saw this when spinning up airflow > > > >>>> > > > >>>> [image: image.png] > > > >>>> > > > >>>> I think the message is confusing / misleading / not very helpful. > > > >>>> > > > >>>> There's nothing necessarily wrong with having simple auth or no auth > > > if > > > >>>> you control access some other way. Moreover we don't tell users > > what > > > >> they > > > >>>> should do instead! > > > >>>> > > > >>>> So I think we should either remove this bubble or add more nuance > > and > > > >>>> point them in a direction that will lead them to what we *do* > > > recommend. > > > >>>> > > > >>>> > > > >> > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@airflow.apache.org > > > For additional commands, e-mail: dev-h...@airflow.apache.org > > > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@airflow.apache.org For additional commands, e-mail: dev-h...@airflow.apache.org
