From e5336a4a48648950583597102db7cce2ee54dbdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=ABl=20Bardelot?= Date: Mon, 4 May 2020 15:57:34 +0200 Subject: [PATCH] FIX Entrypoint and _CMD config variables (#8705) The entrypoint manages the two variables AIRFLOW__CORE__SQL_ALCHEMY_CONN and AIRFLOW__CELERY__BROKER_URL but does not take into account the fact that those configurations can be overriden by AIRFLOW__CORE__SQL_ALCHEMY_CONN_CMD and AIRFLOW__CELERY__BROKER_URL_CMD which is very useful when providing the connections to those endpoints using Swarm/Kubernetes secrets. The Dockerfile and its entrypoint come from the 2.0 refactoring (master branch) and have been backported to the 1.10 branch. Since the _CMD behaviour is present in the 1.10 stable branch the fix should be done there. --- entrypoint.sh | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 3d436e2b87ad5..f5191eaf6ce3b 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -90,16 +90,28 @@ function verify_db_connection { fi } -# if no DB configured - use sqlite db by default -AIRFLOW__CORE__SQL_ALCHEMY_CONN="${AIRFLOW__CORE__SQL_ALCHEMY_CONN:="sqlite:///${AIRFLOW_HOME}/airflow.db"}" - -verify_db_connection "${AIRFLOW__CORE__SQL_ALCHEMY_CONN}" - -AIRFLOW__CELERY__BROKER_URL=${AIRFLOW__CELERY__BROKER_URL:=} +# Warning: command environnement variables (*_CMD) have priority over usual configuration variables +# for configuration parameters that require sensitive information. This is the case for the SQL database +# and the broker backend in this entrypoint script. + +if [[ -n "$AIRFLOW__CORE__SQL_ALCHEMY_CONN_CMD" ]]; then + verify_db_connection "$(eval "$AIRFLOW__CORE__SQL_ALCHEMY_CONN_CMD")" +else + # if no DB configured - use sqlite db by default + AIRFLOW__CORE__SQL_ALCHEMY_CONN="${AIRFLOW__CORE__SQL_ALCHEMY_CONN:="sqlite:///${AIRFLOW_HOME}/airflow.db"}" + verify_db_connection "${AIRFLOW__CORE__SQL_ALCHEMY_CONN}" +fi -if [[ -n ${AIRFLOW__CELERY__BROKER_URL} ]] && \ - [[ ${AIRFLOW_COMMAND} =~ ^(scheduler|worker|flower)$ ]]; then - verify_db_connection "${AIRFLOW__CELERY__BROKER_URL}" +# Note: the broker backend configuration concerns only a subset of Airflow components +if [[ "${AIRFLOW_COMMAND}" =~ ^(scheduler|worker|flower)$ ]]; then + if [[ -n "$AIRFLOW__CELERY__BROKER_URL_CMD" ]]; then + verify_db_connection "$(eval "$AIRFLOW__CELERY__BROKER_URL_CMD")" + else + AIRFLOW__CELERY__BROKER_URL=${AIRFLOW__CELERY__BROKER_URL:=} + if [[ -n "${AIRFLOW__CELERY__BROKER_URL}" ]]; then + verify_db_connection "${AIRFLOW__CELERY__BROKER_URL}" + fi + fi fi if [[ ${AIRFLOW_COMMAND} == "" ]]; then