New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix redacting secrets in context exceptions. #17618
Fix redacting secrets in context exceptions. #17618
Conversation
@kaxil @jhtimmins - we might want to include that in 2.1.3 |
00981d2
to
2a047fd
Compare
2a047fd
to
b8e43d9
Compare
The PR most likely needs to run full matrix of tests because it modifies parts of the core of Airflow. However, committers might decide to merge it quickly and take the risk. If they don't merge it quickly - please rebase it to the latest main at your convenience, or amend the last commit of the PR, and push it with --force-with-lease. |
try:
try:
raise Exception("user:pass")
except Exception as e:
# This is how you get an exception with a __cause__
raise Exception("two") from e
except Exception as e:
err = e |
Secret masking did not work in implicit and explicit context exceptions (see https://www.python.org/dev/peps/pep-3134/) When there was a `try/except/raise` sequence, or `raise ... from` exception - the original exceptions were not redacted. Related: apache#17604
b8e43d9
to
b3f878a
Compare
Added |
Interesting thing... Actually that would work even before latest change, because in this case, the "cause" is also in "context":
But this wuldn't work:
|
Ahh cause and context are the same object in some cases:
|
Co-authored-by: Ash Berlin-Taylor <ash_github@firemirror.com>
* Fix redacting secrets in context exceptions. Secret masking did not work in implicit and explicit context exceptions (see https://www.python.org/dev/peps/pep-3134/) When there was a `try/except/raise` sequence, or `raise ... from` exception - the original exceptions were not redacted. Related: #17604 (cherry picked from commit 6df3ee7)
I cherry-picked that one to v2-1 @jhtimmins @kaxil |
* Fix redacting secrets in context exceptions. Secret masking did not work in implicit and explicit context exceptions (see https://www.python.org/dev/peps/pep-3134/) When there was a `try/except/raise` sequence, or `raise ... from` exception - the original exceptions were not redacted. Related: #17604 (cherry picked from commit 6df3ee7)
* Fix redacting secrets in context exceptions. Secret masking did not work in implicit and explicit context exceptions (see https://www.python.org/dev/peps/pep-3134/) When there was a `try/except/raise` sequence, or `raise ... from` exception - the original exceptions were not redacted. Related: #17604 (cherry picked from commit 6df3ee7)
Secret masking did not work in implicit and
explicit context exceptions (see
https://www.python.org/dev/peps/pep-3134/)
When there was a
try/except/raise
sequence,or
raise ... from
exception - the originalexceptions were not redacted.
Related: #17604
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code change, Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in UPDATING.md.