gnudiff commented on issue #38745:
URL: https://github.com/apache/airflow/issues/38745#issuecomment-2247694070
Is this the same issue that when creating task via dynamic task mapping,
references to {{ var }} and {{ params }} get lost when templating, or should I
opend a new case?
Eg.
potiuk commented on issue #38745:
URL: https://github.com/apache/airflow/issues/38745#issuecomment-2041528618
> in this case data author could include {{ var.value.get('SOME_SECRET') }}
template and get access to the variable if the target storage is available for
them
Yes. But you c
alexdrydew commented on issue #38745:
URL: https://github.com/apache/airflow/issues/38745#issuecomment-2041073791
My concern was primarily about processing untrusted data from external
sources in DAGs: it seems malicious data can be used to steal secrets in some
cases:
```python
@dag(
potiuk commented on issue #38745:
URL: https://github.com/apache/airflow/issues/38745#issuecomment-2039774537
> In my opinion, the main problem with having templates being rendered in
this case is that now we need to sanitize user data when processing it in
expanded tasks (I didn't think of
alexdrydew commented on issue #38745:
URL: https://github.com/apache/airflow/issues/38745#issuecomment-2039259618
> If we don't do this, we won't be able to use templates in mapped tasks,
which is a big limitation for this great feature, so if it's not the same
behavior as expand, then we n
hussein-awala commented on issue #38745:
URL: https://github.com/apache/airflow/issues/38745#issuecomment-2038444630
For more context, I updated the behavior of `expand_kwargs` in 2.7.1 by
https://github.com/apache/airflow/pull/32272 to fix
https://github.com/apache/airflow/issues/32260.