-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable default allowing the testing of connections in UI, API and CLI #32052
Disable default allowing the testing of connections in UI, API and CLI #32052
Conversation
2b38466
to
1a5678a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We also need to disable endpoints that serve this functionality! It can't be a UI only thing.
f1dfe9f
to
036dd59
Compare
2af54f5
to
9ba87b8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Few small nits, but LGTM
51652f9
to
dc44dfa
Compare
We also need a significant newsfragment for that one @pankajkoti |
Thank you. Naive to add this one. Added one by following the guideline here which says it can be like a git commit message for significant types and also taking reference of this PR |
35d4232
to
4a52e3e
Compare
The tests are failing because of an unrelated error
Looks like the PR which added this change is reverted now. I will rebase now. |
Users can enable test connection functionaility in UI with caution by setting the `enable_test_connection` key to `True` in the `[webserver]` section of airflow.cfg or by setting the environment variable `AIRFLOW__WEBSERVER__ENABLE_TEST_CONNECTION` to `True`.
4a52e3e
to
934c1e4
Compare
One more small comment. I've been thiknig about it.. Currently we have this but only in comments.
Should we make also add some more information (link to the right part of the security model documentation once we merge #32098 should be enough ) - both in the newsfragment (effectively release notes) and in the place in documentation where we explain test connection, to explain why it is - potentially - dangerous to enable test connection? I think we should be very explicit about it if we want to make our model influence decisions of our users. |
yes makes sense. Which part of the PR would we like to link it to? Some section in this file Will wait for the PR to be merged and then link it here. |
Likely. |
Or maybe better will be to add reference and link to it. I might add it now. |
Following up PR apache#32052 the test connection is disabled in UI, API and CLI. The API and CLI strictly check for the config value to be set as `Enabled` for the functionality to be enabled, whereas the UI just checks that is it not set to `Disabled`. As a result setting values to the config param other than `Disabled`, enables the button in the UI. Even though the button gets enabled, the API forbids it as there is a strict check in the API that the value is set to `Enabled` and only then allows, however, it makes sense to also strictly check in the UI that value is set to `Enabled`.
Following up PR #32052 the test connection is disabled in UI, API and CLI. The API and CLI strictly check for the config value to be set as `Enabled` for the functionality to be enabled, whereas the UI just checks that is it not set to `Disabled`. As a result setting values to the config param other than `Disabled`, enables the button in the UI. Even though the button gets enabled, the API forbids it as there is a strict check in the API that the value is set to `Enabled` and only then allows, however, it makes sense to also strictly check in the UI that value is set to `Enabled`.
Following up PR #32052 the test connection is disabled in UI, API and CLI. The API and CLI strictly check for the config value to be set as `Enabled` for the functionality to be enabled, whereas the UI just checks that is it not set to `Disabled`. As a result setting values to the config param other than `Disabled`, enables the button in the UI. Even though the button gets enabled, the API forbids it as there is a strict check in the API that the value is set to `Enabled` and only then allows, however, it makes sense to also strictly check in the UI that value is set to `Enabled`. (cherry picked from commit 50765eb)
…3342) Following up PR apache#32052 the test connection is disabled in UI, API and CLI. The API and CLI strictly check for the config value to be set as `Enabled` for the functionality to be enabled, whereas the UI just checks that is it not set to `Disabled`. As a result setting values to the config param other than `Disabled`, enables the button in the UI. Even though the button gets enabled, the API forbids it as there is a strict check in the API that the value is set to `Enabled` and only then allows, however, it makes sense to also strictly check in the UI that value is set to `Enabled`.
Following up PR apache/airflow#32052 the test connection is disabled in UI, API and CLI. The API and CLI strictly check for the config value to be set as `Enabled` for the functionality to be enabled, whereas the UI just checks that is it not set to `Disabled`. As a result setting values to the config param other than `Disabled`, enables the button in the UI. Even though the button gets enabled, the API forbids it as there is a strict check in the API that the value is set to `Enabled` and only then allows, however, it makes sense to also strictly check in the UI that value is set to `Enabled`. (cherry picked from commit 50765eb0883652c16b40d69d8a1ac78096646610) GitOrigin-RevId: eda4bc4b87deb6095cb009825ace9bf87eead369
With this PR, the test connection functionality will be disabled
by default across Airflow UI, API and CLI. The availability of the
functionality can be controlled by the
test_connection
flag inthe
core
section of the Airflow configuration (airflow.cfg
).It can also be controlled by the environment variable
AIRFLOW__CORE__TEST_CONNECTION
.The following values are accepted for this config param:
Disabled
: Disables the test connection functionality anddisables(greys out) the Test Connection button in the UI.
This is also the default value set in the Airflow configuration.
Enabled
: Enables the test connection functionality andactivates the Test Connection button in the UI.
Hidden
: Disables the test connection functionality andhides the Test Connection button in UI.
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named
{pr_number}.significant.rst
or{issue_number}.significant.rst
, in newsfragments.