Secrets masking is not applied in the log if get_connection(conn_id) is used

[akotuc]

Apache Airflow version: 2.1.2

Kubernetes version (if you are using kubernetes) (use kubectl version): v1.16.7

Environment:

• Cloud provider or hardware configuration:
• OS (e.g. from /etc/os-release): Debian GNU/Linux 10
• Kernel (e.g. uname -a): Linux airflow 4.4.232-1.el7.elrepo.x86_64 #1 SMP Fri Jul 31 11:49:26 EDT 2020 x86_64 GNU/Linux
• Install tools:
• Others:

What happened:
When BaseHook.get_connection(conn_id) function is used webserver log contains exposed credentials.

In the webserver log is unmasked password if AF 2.1.x is used, e.g.: [2021-07-15 10:08:21,074: INFO/ForkPoolWorker-31] Using connection to: id: airflow. Host: host, Port: None, Schema: , Login: user, Password: value, extra: None

The same code in 1.10.15 sends to the log masked password, e.g.: [2021-07-15 09:26:32,557] {{base_hook.py:89}} INFO - Using connection to: id: airflow. Host: host, Port: None, Schema: , Login: user, Password: XXXXXXXX, extra: None

What you expected to happen:
Password (may be extras as well) to be masked in the log.

How to reproduce it:
Use BaseHook.get_connection(conn_id) in a DAG to get connection and check the output on the webserver.

Anything else we need to know:

[boring-cyborg]

Thanks for opening your first issue here! Be sure to follow the issue template!

[uranusjr]

Already fixed in #16579.