For me this looks good just one comment 👌

@kaxil waiting for your review 🙂

Can this be added to Airflow 1.10.13 milestone?

@abhilash1in -> this one looks like more of a convenience than an important change and we actually only cherry-pick to 1.10* what is absolutely necessary. We are getting closer to 2.0 release and we also need to have some "nice features" in 2.0 to get people more excited to migrate to it ;). Also we have two versions of the UI in 1.10 and if we add it to the DB we would have to also add it to both UIs. Plus we also have connection retrieval from the secret backends, so I guess @kaxil's review will point it out that we will have to add similar capabilities to secret backends.

I think it's far too little gain and far too much complexity to try to cherry-pick that one.

@potiuk that makes sense, thank you. I'm okay with this being added to 2.0.

Tests are failing

@kaxil There were two alembic heads since a new migration was pushed to master after I created my migration (both had the same down_revision). Tests were failing because of the multiple heads.

I've added a new commit to merge the alembic heads and rebased my fork to be in sync with master.

Plus we also have connection retrieval from the secret backends, so I guess @kaxil's review will point it out that we will have to add similar capabilities to secret backends.

Descriptions are only useful in the Web UI, and connections from the secret backends are not visible in Airflow, so it is not necessary to add support for this field in the backend secret.

Descriptions are only useful in the Web UI, and connections from the secret backends are not visible in Airflow, so it is not necessary to add support for this field in the backend secret.

Recently there was a discussion about showing the "names" but not "values" of the connections - so that we can see the connections in the UI even if they are coming from the secret backend. I think for 2.0 we should consciously decide what we do with the connection coming from the secrets and potentially show them in the UI. Otherwise it might be very misleading - the user sees a different "reality" than is "viewed" by the workers.

I believe if we want to add a new "property" of connection - it is very much related to what we are going to do with displaying them in UI (including secret backends)

WDYT @mik-laj - is it good that we do not see secret backend connection, and when we have the connection in db, we see a wrong one ? I think it's rather bad and might be super-confusing for the user.

That's why I think we should first decide what we want to do with the connections and later think about adding new properties to them.

@potiuk I'm eager to talk about the mailing list, but in my opinion displaying the item list is a significant extension of the backend secret concept. During its development, the topic of the web UI was discussed and it was decided that the backend secret is just a single interface with the get(key) method. We have also decided that we do not need to display these elements in the Web UI, as users can learn about these keys from their administrator.

WDYT @mik-laj - is it good that we do not see secret backend connection, and when we have the connection in db, we see a wrong one ? I think it's rather bad and might be super-confusing for the user.

This is confusing, and I agree that it is worth warning users about the consequences of configuring the backend secret. I think the warning "Your administrator has set up a secret backend. The data displayed in the Web UI may not represent the state available for the workers". I am afraid that reading any of the values by the webserver can be problematic in corporate environments as corporate environments have a very strict secret access policy. The most common environments I take care of are deployed consisting of several GCP projects. The webserver is in a project that cannot activate the API or access it at all.

Recently, I even had to deal with a issues related to it. In one case, the webserver still tried to make connections to the backend secret, but it never succeeded.
#10365

@abhilash1in It'd be great if you could add this same field for Variables.

@turbaszek @kaxil @potiuk @mik-laj Can someone please review and close this PR?

@kaxil do you think this PR requires changes to the secret backend? as I think the backends are working now, the additional columns have no effect and there is no obstacle to merging this change.

@kaxil do you think this PR requires changes to the secret backend? as I think the backends are working now, the additional columns have no effect and there is no obstacle to merging this change.

Yup, it will continue to work

Rebased the PR to the latest master, will merge as soon as CI is green

One tests failed:

FAILED tests/utils/test_db.py::TestDb::test_only_single_head_revision_in_migrations

Rebased to the latest master.

I also rebased to latest master.

The Workflow run is cancelling this PR. It has some failed jobs matching ^Pylint$,^Static checks$,^Build docs$,^Spell check docs$,^Backport packages$,^Checks: Helm tests$,^Test OpenAPI*.

This will be very helpful!
@abhilash1in any chance you can finalize?

@abhilash1in Can you do a rebase?

@abhilash1in Can you do a rebase?

On it. Resolving merge conflicts. Should be done soon.

You might also have to update alembic revision ids

The Workflow run is cancelling this PR. It has some failed jobs matching ^Pylint$,^Static checks,^Build docs$,^Spell check docs$,^Backport packages$,^Provider packages,^Checks: Helm tests$,^Test OpenAPI*.

@kaxil @mik-laj can you please take a look at the failing workflow? Not sure why there is an error Error: read ECONNRESET in Upload artifact for coverage step.

@abhilash1in Please ignore it. This is just a transistent problem. This should be fixed soon.

@kaxil @mik-laj All checks passed. Rebased again to latest master. Waiting for checks to run again. Please feel free to rebase again if required and please merge this PR as early as possible.