Leondon9 opened a new pull request, #67143: URL: https://github.com/apache/airflow/pull/67143
Execution API JWT validation failures currently pass the raw bearer token into structured logs via `token=creds.credentials`. Airflow's structlog rendering includes that field in both text and JSON logs, so this can persist credential material when validation fails. This removes the raw token field from the warning log while preserving `exc_info=True` and the existing HTTP 403 behavior. closes: #67142 Validation: - `breeze run pytest airflow-core/tests/unit/api_fastapi/execution_api/test_security.py::TestJWTBearer::test_jwt_validation_failure_does_not_log_raw_token -xvs` - `breeze run pytest airflow-core/tests/unit/api_fastapi/execution_api/test_security.py -xvs` - `prek run ruff --files airflow-core/src/airflow/api_fastapi/execution_api/security.py airflow-core/tests/unit/api_fastapi/execution_api/test_security.py` - `git diff --check` --- ##### Was generative AI tooling used to co-author this PR? - [X] Yes — OpenAI Codex Generated-by: OpenAI Codex following [the guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
