potiuk commented on issue #38745:
URL: https://github.com/apache/airflow/issues/38745#issuecomment-2041528618
> in this case data author could include {{ var.value.get('SOME_SECRET') }}
template and get access to the variable if the target storage is available for
them
Yes. But you could do that with any code. DAG author could call
`self.render_template(`<EXTERNAL DATA>`, context) ` and store result somewhere
as well. I think even the name of the method is pretty explicit that it is
about expanding kwargs of a task. The signature of the method is:
```
def expand_kwargs(self, kwargs: OperatorExpandKwargsArgument, *, ...).
```
I don't see a danger of accidentally passing untrusted data there (but maybe
I am missing something?)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
