This is an automated email from the ASF dual-hosted git repository. kaxilnaik pushed a commit to branch v3-0-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 3ecefff6e9370fafe856eb5183f0e74657641436 Author: Pierre Jeambrun <[email protected]> AuthorDate: Tue May 6 11:05:35 2025 +0200 Move webserver expose config to api section (#50209) (cherry picked from commit 31c7c9626bab3e39a5a0592b87e220007d94d6b9) --- Dockerfile.ci | 2 +- .../api_fastapi/core_api/routes/public/config.py | 4 ++-- .../src/airflow/cli/commands/config_command.py | 4 ++++ airflow-core/src/airflow/config_templates/config.yml | 18 +++++++++--------- airflow-core/src/airflow/configuration.py | 3 ++- .../auth/managers/simple/test_middleware.py | 9 +++++---- .../api_fastapi/core_api/routes/public/test_config.py | 6 +++--- chart/docs/airflow-configuration.rst | 2 +- clients/python/README.md | 4 ++-- dev/README_RELEASE_PYTHON_CLIENT.md | 4 ++-- scripts/docker/entrypoint_ci.sh | 2 +- 11 files changed, 32 insertions(+), 26 deletions(-) diff --git a/Dockerfile.ci b/Dockerfile.ci index ac686c84ecc..39a5373ee1c 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -1121,7 +1121,7 @@ function start_api_server_with_examples(){ return fi export AIRFLOW__CORE__LOAD_EXAMPLES=True - export AIRFLOW__WEBSERVER__EXPOSE_CONFIG=True + export AIRFLOW__API__EXPOSE_CONFIG=True echo echo "${COLOR_BLUE}Initializing database${COLOR_RESET}" echo diff --git a/airflow-core/src/airflow/api_fastapi/core_api/routes/public/config.py b/airflow-core/src/airflow/api_fastapi/core_api/routes/public/config.py index 1df15825915..1509dd25e6f 100644 --- a/airflow-core/src/airflow/api_fastapi/core_api/routes/public/config.py +++ b/airflow-core/src/airflow/api_fastapi/core_api/routes/public/config.py @@ -70,11 +70,11 @@ text_example_response_for_get_config = { def _check_expose_config() -> bool: display_sensitive: bool | None = None - if conf.get("webserver", "expose_config").lower() == "non-sensitive-only": + if conf.get("api", "expose_config").lower() == "non-sensitive-only": expose_config = True display_sensitive = False else: - expose_config = conf.getboolean("webserver", "expose_config") + expose_config = conf.getboolean("api", "expose_config") display_sensitive = True if not expose_config: diff --git a/airflow-core/src/airflow/cli/commands/config_command.py b/airflow-core/src/airflow/cli/commands/config_command.py index b953e61d09c..0f5c5df5ba1 100644 --- a/airflow-core/src/airflow/cli/commands/config_command.py +++ b/airflow-core/src/airflow/cli/commands/config_command.py @@ -495,6 +495,10 @@ CONFIGS_CHANGES = [ renamed_to=ConfigParameter("fab", "proxy_fix_x_prefix"), breaking=True, ), + ConfigChange( + config=ConfigParameter("webserver", "expose_config"), + renamed_to=ConfigParameter("api", "expose_config"), + ), ConfigChange( config=ConfigParameter("webserver", "cookie_secure"), was_deprecated=False, diff --git a/airflow-core/src/airflow/config_templates/config.yml b/airflow-core/src/airflow/config_templates/config.yml index f6824e3da38..50a849a099d 100644 --- a/airflow-core/src/airflow/config_templates/config.yml +++ b/airflow-core/src/airflow/config_templates/config.yml @@ -1318,6 +1318,15 @@ secrets: api: description: ~ options: + expose_config: + description: | + Expose the configuration file in the web server. Set to ``non-sensitive-only`` to show all values + except those that have security implications. ``True`` shows all values. ``False`` hides the + configuration completely. + version_added: ~ + type: string + example: ~ + default: "False" base_url: description: | The base url of the API server. Airflow cannot guess what domain or CNAME you are using. @@ -1739,15 +1748,6 @@ webserver: sensitive: true example: ~ default: "{SECRET_KEY}" - expose_config: - description: | - Expose the configuration file in the web server. Set to ``non-sensitive-only`` to show all values - except those that have security implications. ``True`` shows all values. ``False`` hides the - configuration completely. - version_added: ~ - type: string - example: ~ - default: "False" expose_hostname: description: | Expose hostname in the web server diff --git a/airflow-core/src/airflow/configuration.py b/airflow-core/src/airflow/configuration.py index c48377c333c..ff214b3138a 100644 --- a/airflow-core/src/airflow/configuration.py +++ b/airflow-core/src/airflow/configuration.py @@ -355,6 +355,7 @@ class AirflowConfigParser(ConfigParser): ("api", "ssl_key"): ("webserver", "web_server_ssl_key", "3.0"), ("api", "access_logfile"): ("webserver", "access_logfile", "3.0"), ("triggerer", "capacity"): ("triggerer", "default_capacity", "3.0"), + ("api", "expose_config"): ("webserver", "expose_config", "3.0.1"), } # A mapping of new section -> (old section, since_version). @@ -1294,7 +1295,7 @@ class AirflowConfigParser(ConfigParser): def read( self, - filenames: (str | bytes | os.PathLike | Iterable[str | bytes | os.PathLike]), + filenames: str | bytes | os.PathLike | Iterable[str | bytes | os.PathLike], encoding=None, ): super().read(filenames=filenames, encoding=encoding) diff --git a/airflow-core/tests/unit/api_fastapi/auth/managers/simple/test_middleware.py b/airflow-core/tests/unit/api_fastapi/auth/managers/simple/test_middleware.py index dcd39ef19ed..fa4bd5566b7 100644 --- a/airflow-core/tests/unit/api_fastapi/auth/managers/simple/test_middleware.py +++ b/airflow-core/tests/unit/api_fastapi/auth/managers/simple/test_middleware.py @@ -32,7 +32,7 @@ def all_access_test_client(): with conf_vars( { ("core", "simple_auth_manager_all_admins"): "true", - ("webserver", "expose_config"): "true", + ("api", "expose_config"): "true", } ): app = create_app() @@ -56,6 +56,7 @@ def all_access_test_client(): ) def test_all_endpoints_without_auth_header(all_access_test_client, method, path): response = all_access_test_client.request(method, path) - assert response.status_code not in {401, 403}, ( - f"Unexpected status code {response.status_code} for {method} {path}" - ) + assert response.status_code not in { + 401, + 403, + }, f"Unexpected status code {response.status_code} for {method} {path}" diff --git a/airflow-core/tests/unit/api_fastapi/core_api/routes/public/test_config.py b/airflow-core/tests/unit/api_fastapi/core_api/routes/public/test_config.py index 1fec270f34f..c057d2d32a7 100644 --- a/airflow-core/tests/unit/api_fastapi/core_api/routes/public/test_config.py +++ b/airflow-core/tests/unit/api_fastapi/core_api/routes/public/test_config.py @@ -77,9 +77,9 @@ MOCK_CONFIG_OVERRIDE = { (SECTION_SMTP, OPTION_KEY_SMTP_MAIL_FROM): OPTION_VALUE_SMTP_MAIL_FROM, } -AIRFLOW_CONFIG_ENABLE_EXPOSE_CONFIG = {("webserver", "expose_config"): "True"} -AIRFLOW_CONFIG_DISABLE_EXPOSE_CONFIG = {("webserver", "expose_config"): "False"} -AIRFLOW_CONFIG_NON_SENSITIVE_ONLY_CONFIG = {("webserver", "expose_config"): "non-sensitive-only"} +AIRFLOW_CONFIG_ENABLE_EXPOSE_CONFIG = {("api", "expose_config"): "True"} +AIRFLOW_CONFIG_DISABLE_EXPOSE_CONFIG = {("api", "expose_config"): "False"} +AIRFLOW_CONFIG_NON_SENSITIVE_ONLY_CONFIG = {("api", "expose_config"): "non-sensitive-only"} FORBIDDEN_RESPONSE = { "detail": "Your Airflow administrator chose not to expose the configuration, most likely for security reasons." } diff --git a/chart/docs/airflow-configuration.rst b/chart/docs/airflow-configuration.rst index 39a541fb505..65c7cb83e3f 100644 --- a/chart/docs/airflow-configuration.rst +++ b/chart/docs/airflow-configuration.rst @@ -28,7 +28,7 @@ allow webserver users to view the config from within the UI: .. code-block:: yaml config: - webserver: + api: expose_config: 'True' # by default this is 'False' Generally speaking, it is useful to familiarize oneself with the Airflow diff --git a/clients/python/README.md b/clients/python/README.md index 07ae5c81b3a..0fa289542a5 100644 --- a/clients/python/README.md +++ b/clients/python/README.md @@ -555,11 +555,11 @@ You can also set it by env variable: `export AIRFLOW__CORE__LOAD_EXAMPLES=True` In the `[webserver]` section of your `airflow.cfg` set: ```ini -[webserver] +[api] expose_config = True ``` -You can also set it by env variable: `export AIRFLOW__WEBSERVER__EXPOSE_CONFIG=True` +You can also set it by env variable: `export AIRFLOW__API__EXPOSE_CONFIG=True` * Configure your host/ip/user/password in the `test_python_client.py` file diff --git a/dev/README_RELEASE_PYTHON_CLIENT.md b/dev/README_RELEASE_PYTHON_CLIENT.md index dab9bf9e41e..be46acce909 100644 --- a/dev/README_RELEASE_PYTHON_CLIENT.md +++ b/dev/README_RELEASE_PYTHON_CLIENT.md @@ -478,7 +478,7 @@ and allows you to test the client in a real environment. ```shell export AIRFLOW__API__AUTH_BACKENDS=airflow.providers.fab.auth_manager.api.auth.backend.session,airflow.providers.fab.auth_manager.api.auth.backend.basic_auth -export AIRFLOW__WEBSERVER__EXPOSE_CONFIG=True +export AIRFLOW__API__EXPOSE_CONFIG=True ``` @@ -487,7 +487,7 @@ or `http://localhost:28080` from the host) and you should be able to access the with `admin`/`admin` credentials. The `http://localhost:8080` and `admin`/`admin` credentials are default in the `clients/python/test_python_client.py` test. -The ``AIRFLOW__WEBSERVER__EXPOSE_CONFIG`` is optional - the script will also succeed when +The ``AIRFLOW__API__EXPOSE_CONFIG`` is optional - the script will also succeed when (default setting) exposing configuration is disabled. 2. Start Airflow in Breeze with example dags enabled: diff --git a/scripts/docker/entrypoint_ci.sh b/scripts/docker/entrypoint_ci.sh index 67ae117fda6..7813c351b31 100755 --- a/scripts/docker/entrypoint_ci.sh +++ b/scripts/docker/entrypoint_ci.sh @@ -355,7 +355,7 @@ function start_api_server_with_examples(){ return fi export AIRFLOW__CORE__LOAD_EXAMPLES=True - export AIRFLOW__WEBSERVER__EXPOSE_CONFIG=True + export AIRFLOW__API__EXPOSE_CONFIG=True echo echo "${COLOR_BLUE}Initializing database${COLOR_RESET}" echo
