The GitHub Actions job "Tests" on airflow.git/fix/simple-auth-production-warning has failed. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: f10578dea1e857ca66f7722727e36ff1b5e4a970 / Jarek Potiuk <[email protected]> Warn loudly when SimpleAuthManager runs in a production-shaped deployment SimpleAuthManager is dev-only by design: it stores passwords in plaintext JSON, prints generated passwords to stdout/logs on first init, and provides no rotation mechanism. Documentation says so in the class docstring, but nothing prevents an operator from configuring it (or leaving it at default) in a production deployment, where the password leak becomes a real exposure. Add a heuristic check at `init()` time: if any of the following are true, the deployment shape suggests production and we emit a `log.warning`: - The SQL backend is not sqlite (i.e. Postgres or MySQL is configured). - The API host is bound to a non-local address. - The configured executor is not a Local-/Sequential-/Debug-/InProcessExecutor. None of these are conclusive on their own — a developer can configure any combination locally — but the cumulative signal is strong enough that a loud warning in the startup log is worth the false-positive cost. The warning is non-blocking; it does not refuse to start. Reported by the L3 ASVS sweep at apache/tooling-agents#23 (FINDING-039). Report URL: https://github.com/apache/airflow/actions/runs/25509528543 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
