Ignore DAG content in Create Workflow API (!132) · Merge requests · OSDU Software / OSDU Data Platform / Data Flow / Data Ingestion / Ingestion Workflow

Abhiman Neelakanteswara requested to merge feature/ignore_dag_content into master Jun 22, 2021

Motivation

POST /workflow API used to create new workflows accepts python script under dagContent attribute. As there is no vulnerability scan done on this script presently, it poses a security concern of malicious script injection.

Changes

To temporarily handle this concern until a more robust solution is in place, the dagContent is being ignored based on osdu.azure.airflow.ignoreDagContent value to be set in application.properties of the provider module before deploying. For ease of setting this variable, it has been made an deployment environment variable as ignore_dagContent

Edited Jun 29, 2021 by Abhiman Neelakanteswara

Ignore DAG content in Create Workflow API

Motivation

Changes

Merge request reports