Add a new config to configure the host of the scheduler health check server #35616
Conversation
| version_added: 2.8.0 | ||
| type: string | ||
| example: ~ | ||
| default: "0.0.0.0" |
There was a problem hiding this comment.
Should the default continue to be 0.0.0.0 ? For me it looks like we might choose no default and use IP reverse-dnsed from hostname callable: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#hostname-callable maybe?). That would be quite a bit more secure default and only slightly risky when it comes to backwards compatibility.
There was a problem hiding this comment.
I thought about it, but I think it's a breaking change.
There was a problem hiding this comment.
A bit. But we do allow breaking changes "because security" ....
There was a problem hiding this comment.
(just saying :D) . Not very strong on it
|
(and nice bandit to tell us so - BTW :) |
amoghrajesh
left a comment
amoghrajesh
left a comment
There was a problem hiding this comment.
@hussein-awala generally the changes look fine, can you have some test coverage here: test_scheduler_command.py?
|
Static checks failure is not related to this PR; I will try to fix it in a separate PR. |
…server (#35616) * Add a new config to configure the host of the scheduler healthcheck server * Add a test
4 participants
For security reasons, using "0.0.0.0" as a host is not a good practice, even for a health check server.
This PR creates a new config to configure the host of the scheduler health check server and uses the existing one as the default value.
related: #35615