Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Redacted Variables override original value

See original GitHub issue

Apache Airflow version

2.2.2

What happened

Create a variable sample_access_token with value random
Export the variable, you will see the value
Click on edit and save
Export the variable, the variable value will be updated to ******* the

What you think should happen instead

The original variable value should be persisted even when redacted field is saved

How to reproduce

No response

Operating System

Debian GNU/Linux 10 (buster)

Versions of Apache Airflow Providers

No response

Deployment

Astronomer

Deployment details

No response

Anything else

We can also add a UI check for this, if the form is not edited, one shouldn’t be able to submit it

Are you willing to submit PR?

Yes I am willing to submit a PR!

Code of Conduct

I agree to follow this project’s Code of Conduct

Issue Analytics

State:
Created a year ago
Comments:12 (11 by maintainers)

Top GitHub Comments

1reaction

potiukcommented, Jun 30, 2022

For the “not saving ********” part, the difficult thing is that a variable’s value can literally be anything, including an empty string, and eight asterisks. The backend has no idea whether the value submitted is actually from user intention, and doing any checks in the backend purely based on a specific value is somewhat breaking compatibility.

If we are concerned, and escaping is not good enough of a solution, we could simply add a flag if a field is redacted or not and not save it then (and clean the “*****” and the flag whenever someone modifies the value. That would make it truly “write-only”.

The problem with sending the actual value in this case to frontend will be a CVE-worthy security vulnerability, simply 😃.

0reactions

alexsstockcommented, Aug 19, 2022

@bhavaniravi I found this issue trying to solve the same problem.

We have disabled “edit” for all the roles in the UI. This let’s people set and edit using the CLI only, but everyone can still see what is available in the UI.

I’m not sure if that helps you, but it helped our case.

Top Results From Across the Web

Define variables - Azure Pipelines | Microsoft Learn

Variables are name-value pairs defined by you for use in a pipeline. ... A variable set in the pipeline root level will override...

How to override environment variables through the Build ...

An environment variable processed before another one can't override the second one, but the second one can use the first one.

Input Variables - Configuration Language | Terraform

Passing a null value as a module input argument will override any default value. Setting nullable to false ensures that the variable value...

Introduction to environment variables - CircleCI

For a full list of built-in environment variables, see the Project values and ... will override environment variables declared with the environment and ......

Substituting variable values | Cloud Build Documentation

Note that substitutions are a mapping of variables to values rather than arrays or sequences. You can override default substitution variable values except ......