[AIRFLOW-4448] Don't bake ENV and _cmd into tmp config for non-sudo #4050
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I haven't thought enough if this will mess up with the Kubernetes Executor, so someone familair with that (@Fokko? @tedmiston?) should take a look at this. |
|
@ashb I just checked the Kubeternetes tests, and they seem to pass. Why do you think it messes up the Kubeternetes part? cc @dimberman |
|
It was more I wasn't sure how the Kubernetes Executor etc worked, and if something was going to mess up as a result of that change it would be that. |
XD-DENG
previously requested changes
Oct 23, 2018
ashb
force-pushed
the
dont-bake-env-into-tmp-config
branch
from
cd59ec5 to
0df13ac
Compare
|
@ashb, has this branch been intentionally pushed to the apache repo, or just a mistake? |
|
@ms32035 Yes it was intentional. Do you think there's a reason not to have it here? |
|
Not really. It was just so different from all other, that it made me wonder |
ashb
force-pushed
the
dont-bake-env-into-tmp-config
branch
from
0df13ac to
b005425
Compare
|
@bolkedebruin PTAL |
Fokko
reviewed
Oct 29, 2018
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
stale
bot
added
the
stale
ashb
force-pushed
the
dont-bake-env-into-tmp-config
branch
from
b005425 to
be38843
Compare
|
@Fokko updated (and rebased). PTAL. |
ashb
force-pushed
the
dont-bake-env-into-tmp-config
branch
from
be38843 to
c3dc3b4
Compare
|
@ashb just pinging on this since it seems like a pretty good addition :). |
ashb
force-pushed
the
dont-bake-env-into-tmp-config
branch
from
c3dc3b4 to
17bf3d1
Compare
|
@dimberman Turns out we forget our own PRs sometimes too 😁. Rebased, hopefully it's good now. |
Codecov Report
@@ Coverage Diff @@
## master #4050 +/- ##
==========================================
+ Coverage 78.54% 78.59% +0.04%
==========================================
Files 469 469
Lines 29981 30077 +96
==========================================
+ Hits 23550 23639 +89
- Misses 6431 6438 +7
Continue to review full report at Codecov.
|
ashb
changed the title
If we are running tasks via sudo then AIRFLOW__ config env vars won't be visible anymore (without them showing up in `ps`) and we likely might not have permission to run the _cmd's specified to find the passwords. But if we are running as the same user then there is no need to "bake" those options in to the temporary config file -- if the operator decided they didn't want those values appearing in a config file on disk, then lets do our best to respect that.
ashb
force-pushed
the
dont-bake-env-into-tmp-config
branch
from
17bf3d1 to
9918541
Compare
|
@dimberman Update to new jira too since the previous one was part of 1.10.1. PTAL |
|
@ashb LGTM! |
JCoder01
pushed a commit
to JCoder01/airflow
that referenced
this pull request
May 14, 2019
…pache#4050) If we are running tasks via sudo then AIRFLOW__ config env vars won't be visible anymore (without them showing up in `ps`) and we likely might not have permission to run the _cmd's specified to find the passwords. But if we are running as the same user then there is no need to "bake" those options in to the temporary config file -- if the operator decided they didn't want those values appearing in a config file on disk, then lets do our best to respect that.
ashb
added a commit
that referenced
this pull request
May 30, 2019
…4050) If we are running tasks via sudo then AIRFLOW__ config env vars won't be visible anymore (without them showing up in `ps`) and we likely might not have permission to run the _cmd's specified to find the passwords. But if we are running as the same user then there is no need to "bake" those options in to the temporary config file -- if the operator decided they didn't want those values appearing in a config file on disk, then lets do our best to respect that. (cherry picked from commit 670f2ed)
andriisoldatenko
pushed a commit
to andriisoldatenko/airflow
that referenced
this pull request
Jul 26, 2019
…pache#4050) If we are running tasks via sudo then AIRFLOW__ config env vars won't be visible anymore (without them showing up in `ps`) and we likely might not have permission to run the _cmd's specified to find the passwords. But if we are running as the same user then there is no need to "bake" those options in to the temporary config file -- if the operator decided they didn't want those values appearing in a config file on disk, then lets do our best to respect that.
wmorris75
pushed a commit
to modmed/incubator-airflow
that referenced
this pull request
Jul 29, 2019
…pache#4050) If we are running tasks via sudo then AIRFLOW__ config env vars won't be visible anymore (without them showing up in `ps`) and we likely might not have permission to run the _cmd's specified to find the passwords. But if we are running as the same user then there is no need to "bake" those options in to the temporary config file -- if the operator decided they didn't want those values appearing in a config file on disk, then lets do our best to respect that.
dharamsk
pushed a commit
to postmates/airflow
that referenced
this pull request
Aug 8, 2019
…pache#4050) If we are running tasks via sudo then AIRFLOW__ config env vars won't be visible anymore (without them showing up in `ps`) and we likely might not have permission to run the _cmd's specified to find the passwords. But if we are running as the same user then there is no need to "bake" those options in to the temporary config file -- if the operator decided they didn't want those values appearing in a config file on disk, then lets do our best to respect that. (cherry picked from commit 670f2ed)
xyu
added a commit
to xyu/airflow
that referenced
this pull request
Feb 12, 2022
When sending configs to Airflow workers we materialize a temp config file. In apache#18772 a feature was added so that `_cmd` generated secrets are not written to the files in some cases instead favoring maintaining the raw `_cmd` settings. Unfortunately during materializing of the configs via `as_dict()` Airflow defaults are generated and materialized as well including defaults for the non `_cmd` versions of some settings. And due to Airflow setting precedence stating bare versions of settings winning over `_cmd` versions it results in `_cmd` settings being discarded: https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html This change checks `_cmd`, env, and secrets when materializing configs via `as_dict()` so that if the bare versions of the values is exactly the same as Airflow defaults and we have "hidden" / special versions of these configs that are trying to be set we remove the bare versions so that the correct version can be used. Fixes: apache#20092 Related to: apache#18772 apache#4050
potiuk
pushed a commit
that referenced
this pull request
Mar 15, 2022
* Filter out default configs when overrides exist. When sending configs to Airflow workers we materialize a temp config file. In #18772 a feature was added so that `_cmd` generated secrets are not written to the files in some cases instead favoring maintaining the raw `_cmd` settings. Unfortunately during materializing of the configs via `as_dict()` Airflow defaults are generated and materialized as well including defaults for the non `_cmd` versions of some settings. And due to Airflow setting precedence stating bare versions of settings winning over `_cmd` versions it results in `_cmd` settings being discarded: https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html This change checks `_cmd`, env, and secrets when materializing configs via `as_dict()` so that if the bare versions of the values is exactly the same as Airflow defaults and we have "hidden" / special versions of these configs that are trying to be set we remove the bare versions so that the correct version can be used. Fixes: #20092 Related to: #18772 #4050
ephraimbuddy
pushed a commit
that referenced
this pull request
Mar 16, 2022
* Filter out default configs when overrides exist. When sending configs to Airflow workers we materialize a temp config file. In #18772 a feature was added so that `_cmd` generated secrets are not written to the files in some cases instead favoring maintaining the raw `_cmd` settings. Unfortunately during materializing of the configs via `as_dict()` Airflow defaults are generated and materialized as well including defaults for the non `_cmd` versions of some settings. And due to Airflow setting precedence stating bare versions of settings winning over `_cmd` versions it results in `_cmd` settings being discarded: https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html This change checks `_cmd`, env, and secrets when materializing configs via `as_dict()` so that if the bare versions of the values is exactly the same as Airflow defaults and we have "hidden" / special versions of these configs that are trying to be set we remove the bare versions so that the correct version can be used. Fixes: #20092 Related to: #18772 #4050 (cherry picked from commit e07bc63)
ephraimbuddy
pushed a commit
that referenced
this pull request
Mar 20, 2022
* Filter out default configs when overrides exist. When sending configs to Airflow workers we materialize a temp config file. In #18772 a feature was added so that `_cmd` generated secrets are not written to the files in some cases instead favoring maintaining the raw `_cmd` settings. Unfortunately during materializing of the configs via `as_dict()` Airflow defaults are generated and materialized as well including defaults for the non `_cmd` versions of some settings. And due to Airflow setting precedence stating bare versions of settings winning over `_cmd` versions it results in `_cmd` settings being discarded: https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html This change checks `_cmd`, env, and secrets when materializing configs via `as_dict()` so that if the bare versions of the values is exactly the same as Airflow defaults and we have "hidden" / special versions of these configs that are trying to be set we remove the bare versions so that the correct version can be used. Fixes: #20092 Related to: #18772 #4050 (cherry picked from commit e07bc63)
ephraimbuddy
pushed a commit
that referenced
this pull request
Mar 22, 2022
* Filter out default configs when overrides exist. When sending configs to Airflow workers we materialize a temp config file. In #18772 a feature was added so that `_cmd` generated secrets are not written to the files in some cases instead favoring maintaining the raw `_cmd` settings. Unfortunately during materializing of the configs via `as_dict()` Airflow defaults are generated and materialized as well including defaults for the non `_cmd` versions of some settings. And due to Airflow setting precedence stating bare versions of settings winning over `_cmd` versions it results in `_cmd` settings being discarded: https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html This change checks `_cmd`, env, and secrets when materializing configs via `as_dict()` so that if the bare versions of the values is exactly the same as Airflow defaults and we have "hidden" / special versions of these configs that are trying to be set we remove the bare versions so that the correct version can be used. Fixes: #20092 Related to: #18772 #4050 (cherry picked from commit e07bc63)
ephraimbuddy
pushed a commit
that referenced
this pull request
Mar 22, 2022
* Filter out default configs when overrides exist. When sending configs to Airflow workers we materialize a temp config file. In #18772 a feature was added so that `_cmd` generated secrets are not written to the files in some cases instead favoring maintaining the raw `_cmd` settings. Unfortunately during materializing of the configs via `as_dict()` Airflow defaults are generated and materialized as well including defaults for the non `_cmd` versions of some settings. And due to Airflow setting precedence stating bare versions of settings winning over `_cmd` versions it results in `_cmd` settings being discarded: https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html This change checks `_cmd`, env, and secrets when materializing configs via `as_dict()` so that if the bare versions of the values is exactly the same as Airflow defaults and we have "hidden" / special versions of these configs that are trying to be set we remove the bare versions so that the correct version can be used. Fixes: #20092 Related to: #18772 #4050 (cherry picked from commit e07bc63)
ephraimbuddy
pushed a commit
that referenced
this pull request
Mar 22, 2022
* Filter out default configs when overrides exist. When sending configs to Airflow workers we materialize a temp config file. In #18772 a feature was added so that `_cmd` generated secrets are not written to the files in some cases instead favoring maintaining the raw `_cmd` settings. Unfortunately during materializing of the configs via `as_dict()` Airflow defaults are generated and materialized as well including defaults for the non `_cmd` versions of some settings. And due to Airflow setting precedence stating bare versions of settings winning over `_cmd` versions it results in `_cmd` settings being discarded: https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html This change checks `_cmd`, env, and secrets when materializing configs via `as_dict()` so that if the bare versions of the values is exactly the same as Airflow defaults and we have "hidden" / special versions of these configs that are trying to be set we remove the bare versions so that the correct version can be used. Fixes: #20092 Related to: #18772 #4050 (cherry picked from commit e07bc63)
ephraimbuddy
pushed a commit
that referenced
this pull request
Mar 22, 2022
* Filter out default configs when overrides exist. When sending configs to Airflow workers we materialize a temp config file. In #18772 a feature was added so that `_cmd` generated secrets are not written to the files in some cases instead favoring maintaining the raw `_cmd` settings. Unfortunately during materializing of the configs via `as_dict()` Airflow defaults are generated and materialized as well including defaults for the non `_cmd` versions of some settings. And due to Airflow setting precedence stating bare versions of settings winning over `_cmd` versions it results in `_cmd` settings being discarded: https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html This change checks `_cmd`, env, and secrets when materializing configs via `as_dict()` so that if the bare versions of the values is exactly the same as Airflow defaults and we have "hidden" / special versions of these configs that are trying to be set we remove the bare versions so that the correct version can be used. Fixes: #20092 Related to: #18772 #4050 (cherry picked from commit e07bc63)
ephraimbuddy
pushed a commit
that referenced
this pull request
Mar 24, 2022
* Filter out default configs when overrides exist. When sending configs to Airflow workers we materialize a temp config file. In #18772 a feature was added so that `_cmd` generated secrets are not written to the files in some cases instead favoring maintaining the raw `_cmd` settings. Unfortunately during materializing of the configs via `as_dict()` Airflow defaults are generated and materialized as well including defaults for the non `_cmd` versions of some settings. And due to Airflow setting precedence stating bare versions of settings winning over `_cmd` versions it results in `_cmd` settings being discarded: https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html This change checks `_cmd`, env, and secrets when materializing configs via `as_dict()` so that if the bare versions of the values is exactly the same as Airflow defaults and we have "hidden" / special versions of these configs that are trying to be set we remove the bare versions so that the correct version can be used. Fixes: #20092 Related to: #18772 #4050 (cherry picked from commit e07bc63)
ephraimbuddy
pushed a commit
that referenced
this pull request
Mar 26, 2022
* Filter out default configs when overrides exist. When sending configs to Airflow workers we materialize a temp config file. In #18772 a feature was added so that `_cmd` generated secrets are not written to the files in some cases instead favoring maintaining the raw `_cmd` settings. Unfortunately during materializing of the configs via `as_dict()` Airflow defaults are generated and materialized as well including defaults for the non `_cmd` versions of some settings. And due to Airflow setting precedence stating bare versions of settings winning over `_cmd` versions it results in `_cmd` settings being discarded: https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html This change checks `_cmd`, env, and secrets when materializing configs via `as_dict()` so that if the bare versions of the values is exactly the same as Airflow defaults and we have "hidden" / special versions of these configs that are trying to be set we remove the bare versions so that the correct version can be used. Fixes: #20092 Related to: #18772 #4050 (cherry picked from commit e07bc63)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Make sure you have checked all steps below.
Jira
Description
If we are running tasks via sudo then AIRFLOW__ config env vars won't be
visible anymore (without them showing up in
ps) and we likely mightnot have permission to run the _cmd's specified to find the passwords.
But if we are running as the same user then there is no need to "bake"
those options in to the temporary config file -- if the operator decided
they didn't want those values appearing in a config file on disk, then
lets do our best to respect that.
Tests
Commits
Documentation
Code Quality
git diff upstream/master -u -- "*.py" | flake8 --diff