Improve diagnostics message when users have secret_key misconfigured (#…

…17410) * Improve diagnostics message when users have secret_key misconfigured Recently fixed log open-access vulnerability have caused quite a lot of questions and issues from the affected users who did not have webserver/secret_key configured for their workers (effectively leading to random value for those keys for workers) This PR explicitly explains the possible reason for the problem and encourages the user to configure their webserver's secret_key in both - workers and webserver. Related to: #17251 and a number of similar slack discussions. (cherry picked from commit 2321020)
apache · Aug 17, 2021 · a19657d · a19657d
1 parent 778c50e
commit a19657d
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/airflow/utils/log/file_task_handler.py b/airflow/utils/log/file_task_handler.py
@@ -186,6 +186,11 @@ def _read(self, ti, try_number, metadata=None):
                 )
                 response.encoding = "utf-8"
 
+                if response.status_code == 403:
+                    log += "*** !!!! Please make sure that all your webservers and workers have" \
+                           " the same 'secret_key' configured in 'webserver' section !!!!!\n***"
+                    log += "*** See more at https://airflow.apache.org/docs/apache-airflow/" \
+                           "stable/configurations-ref.html#secret-key\n***"
                 # Check if the resource was properly fetched
                 response.raise_for_status()