Skip to content

Fix: Making sure sensitive data is always masked in airflowctl#59998

Closed
saifxyzyz wants to merge 14 commits intoapache:mainfrom
saifxyzyz:fix-masking
Closed

Fix: Making sure sensitive data is always masked in airflowctl#59998
saifxyzyz wants to merge 14 commits intoapache:mainfrom
saifxyzyz:fix-masking

Conversation

@saifxyzyz
Copy link
Copy Markdown

@saifxyzyz saifxyzyz commented Dec 31, 2025
edited
Loading

closes: #59843

  1. renamed _check_expose_config() and simplified the logic of the function
  2. checked and tested for any missing entries in the config.yml, found none missing

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in airflow-core/newsfragments.

@boring-cyborg boring-cyborg bot added area:API Airflow's REST/HTTP API area:ConfigTemplates labels Dec 31, 2025
@saifxyzyz saifxyzyz changed the title Fix masking Fix: Making sure sensitive data is always masked in airflowctl Jan 1, 2026
@saifxyzyz saifxyzyz requested a review from jscheffl January 1, 2026 17:39
jscheffl
jscheffl requested changes Jan 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jscheffl jscheffl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comment

jscheffl
jscheffl previously approved these changes Jan 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jscheffl jscheffl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good for me now. As it is security sensitive would like to have another pair of eyes on it from maintainer group prior merge.

@saifxyzyz
Copy link
Copy Markdown
Author

saifxyzyz commented Jan 1, 2026

Looks good for me now. As it is security sensitive would like to have another pair of eyes on it from maintainer group prior merge.

Yes, thanks for reviewing it!

@jscheffl
Copy link
Copy Markdown
Contributor

jscheffl commented Jan 1, 2026

Oh, some CI side effects of other cross-checks - seems to be they also need to be mastered.

@saifxyzyz
Copy link
Copy Markdown
Author

saifxyzyz commented Jan 3, 2026

I found that the smtp user and password were deprecated to use smtp connections instead, so reverted changes in the config.yml; found no missing entries the config.yml file

jscheffl
jscheffl reviewed Jan 3, 2026
View reviewed changes
@jscheffl
Copy link
Copy Markdown
Contributor

jscheffl commented Jan 3, 2026

I found that the smtp user and password were deprecated to use smtp connections instead, so reverted changes in the config.yml; found no missing entries the config.yml file

Okay, reading the diff now makes more sense. But the changes are functionally equivalent to previous code, just in other structure. Or do I mis-read the diff? Result is now more like a refactoring result, not a change.

@jscheffl jscheffl dismissed their stale review January 3, 2026 12:47

Changes

@saifxyzyz
Copy link
Copy Markdown
Author

saifxyzyz commented Jan 3, 2026

I found that the smtp user and password were deprecated to use smtp connections instead, so reverted changes in the config.yml; found no missing entries the config.yml file

Okay, reading the diff now makes more sense. But the changes are functionally equivalent to previous code, just in other structure. Or do I mis-read the diff? Result is now more like a refactoring result, not a change.

yes, it is just refactoring, if the structural changes alone aren't worth the merge, I'm open to closing this, I'll leave the final call to you

@saifxyzyz
Copy link
Copy Markdown
Author

saifxyzyz commented Jan 3, 2026

I believe PR #59880 would solve this issue as well, so closing this as non-functional refactor. Thanks for the review!

@saifxyzyz saifxyzyz closed this Jan 3, 2026
@jscheffl
Copy link
Copy Markdown
Contributor

jscheffl commented Jan 3, 2026

I believe PR #59880 would solve this issue as well, so closing this as non-functional refactor. Thanks for the review!

Thanks for the discussion and patience!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jscheffl jscheffl jscheffl left review comments

@ephraimbuddy ephraimbuddy Awaiting requested review from ephraimbuddy ephraimbuddy is a code owner

@pierrejeambrun pierrejeambrun Awaiting requested review from pierrejeambrun pierrejeambrun is a code owner

@rawwar rawwar Awaiting requested review from rawwar rawwar is a code owner

@jason810496 jason810496 Awaiting requested review from jason810496 jason810496 is a code owner

@bugraoz93 bugraoz93 Awaiting requested review from bugraoz93 bugraoz93 is a code owner

@shubhamraj-git shubhamraj-git Awaiting requested review from shubhamraj-git shubhamraj-git is a code owner

Assignees

No one assigned

Labels

area:API Airflow's REST/HTTP API area:ConfigTemplates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove config sensitive data from airflowctl

2 participants

@saifxyzyz @jscheffl