Merge pull request apache#2400 from sekikn/AIRFLOW-1321

wndhydrnt · Jul 4, 2017 · f1d72e5 · f1d72e5
2 parents a5e57dc + 4620460
commit f1d72e5
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 18 deletions.
diff --git a/airflow/config_templates/default_test.cfg b/airflow/config_templates/default_test.cfg
@@ -85,3 +85,6 @@ max_threads = 2
 catchup_by_default = True
 scheduler_zombie_task_threshold = 300
 dag_dir_list_interval = 0
+
+[admin]
+hide_sensitive_variable_fields = True
diff --git a/airflow/www/utils.py b/airflow/www/utils.py
@@ -35,6 +35,20 @@
 
 AUTHENTICATE = configuration.getboolean('webserver', 'AUTHENTICATE')
 
+DEFAULT_SENSITIVE_VARIABLE_FIELDS = (
+    'password',
+    'secret',
+    'passwd',
+    'authorization',
+    'api_key',
+    'apikey',
+    'access_token',
+)
+
+def should_hide_value_for_key(key_name):
+    return any(s in key_name.lower() for s in DEFAULT_SENSITIVE_VARIABLE_FIELDS) \
+           and configuration.getboolean('admin', 'hide_sensitive_variable_fields')
+
 
 class LoginMixin(object):
     def is_accessible(self):

diff --git a/airflow/www/views.py b/airflow/www/views.py
@@ -90,16 +90,6 @@
 
 FILTER_BY_OWNER = False
 
-DEFAULT_SENSITIVE_VARIABLE_FIELDS = (
-    'password',
-    'secret',
-    'passwd',
-    'authorization',
-    'api_key',
-    'apikey',
-    'access_token',
-)
-
 if conf.getboolean('webserver', 'FILTER_BY_OWNER'):
     # filter_by_owner if authentication is enabled and filter_by_owner is true
     FILTER_BY_OWNER = not current_app.config['LOGIN_DISABLED']
@@ -281,12 +271,6 @@ def recurse_tasks(tasks, task_ids, dag_ids, task_id_to_dag):
         task_id_to_dag[tasks.task_id] = tasks.dag
 
 
-def should_hide_value_for_key(key_name):
-    return any(s in key_name for s in DEFAULT_SENSITIVE_VARIABLE_FIELDS) \
-           and conf.getboolean('admin', 'hide_sensitive_variable_fields')
-
-
-
 def get_chart_height(dag):
     """
     TODO(aoen): See [AIRFLOW-1263] We use the number of tasks in the DAG as a heuristic to
@@ -2282,7 +2266,7 @@ class VariableView(wwwutils.DataProfilingMixin, AirflowModelView):
     list_template = 'airflow/variable_list.html'
 
     def hidden_field_formatter(view, context, model, name):
-        if should_hide_value_for_key(model.key):
+        if wwwutils.should_hide_value_for_key(model.key):
             return Markup('*' * 8)
         return getattr(model, name)
 
@@ -2339,7 +2323,7 @@ def action_varexport(self, ids):
         return response
 
     def on_form_prefill(self, form, id):
-        if should_hide_value_for_key(form.key.data):
+        if wwwutils.should_hide_value_for_key(form.key.data):
             form.val.data = '*' * 8
 
 

diff --git a/tests/www/test_utils.py b/tests/www/test_utils.py
@@ -0,0 +1,36 @@
+# -*- coding: utf-8 -*-
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import unittest
+
+from airflow.www import utils
+
+
+class UtilsTest(unittest.TestCase):
+
+    def setUp(self):
+        super(UtilsTest, self).setUp()
+
+    def test_normal_variable_should_not_be_hidden(self):
+        self.assertFalse(utils.should_hide_value_for_key("key"))
+
+    def test_sensitive_variable_should_be_hidden(self):
+        self.assertTrue(utils.should_hide_value_for_key("google_api_key"))
+
+    def test_sensitive_variable_should_be_hidden_ic(self):
+        self.assertTrue(utils.should_hide_value_for_key("GOOGLE_API_KEY"))
+
+
+if __name__ == '__main__':
+    unittest.main()