This is an automated email from the ASF dual-hosted git repository. potiuk pushed a commit to branch v2-1-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 2df7e6e41cf6968b48658c21e989868cb3960027 Author: Jarek Potiuk <ja...@potiuk.com> AuthorDate: Wed Aug 4 15:15:38 2021 +0200 Improve diagnostics message when users have secret_key misconfigured (#17410) * Improve diagnostics message when users have secret_key misconfigured Recently fixed log open-access vulnerability have caused quite a lot of questions and issues from the affected users who did not have webserver/secret_key configured for their workers (effectively leading to random value for those keys for workers) This PR explicitly explains the possible reason for the problem and encourages the user to configure their webserver's secret_key in both - workers and webserver. Related to: #17251 and a number of similar slack discussions. (cherry picked from commit 2321020e29511f3741940440739e4cc01c0a7ba2) --- airflow/utils/log/file_task_handler.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/airflow/utils/log/file_task_handler.py b/airflow/utils/log/file_task_handler.py index 2dc9beb..56b9d23 100644 --- a/airflow/utils/log/file_task_handler.py +++ b/airflow/utils/log/file_task_handler.py @@ -186,6 +186,11 @@ class FileTaskHandler(logging.Handler): ) response.encoding = "utf-8" + if response.status_code == 403: + log += "*** !!!! Please make sure that all your webservers and workers have" \ + " the same 'secret_key' configured in 'webserver' section !!!!!\n***" + log += "*** See more at https://airflow.apache.org/docs/apache-airflow/" \ + "stable/configurations-ref.html#secret-key\n***" # Check if the resource was properly fetched response.raise_for_status()