[bitnami/airflow] Escape special characters in Airflow LDAP configuration values

[zanecodes]

Description of the change

This change fixes #65217 by escaping single quotes and backslashes in AIRFLOW_LDAP_ configuration values that are interpolated into webserver_config.py as Python strings.

However, values that are not interpolated as strings such as AIRFLOW_LDAP_ROLES_MAPPING, AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN, and AIRFLOW_LDAP_ALLOW_SELF_SIGNED are still susceptible to arbitrary Python injection.

Benefits

AIRFLOW_LDAP_ configuration values that are interpolated as Python strings (e.g. AIRFLOW_LDAP_BIND_PASSWORD) may now contain single quotes and backslashes, and the Airflow container will handle them correctly instead of erroring out on startup.

Possible drawbacks

If for some reason this behavior was being abused by users to inject arbitrary Python into webserver_config.py, that will no longer work; they should instead mount their own webserver_config.py into the container.

Applicable issues

• fixes [bitnami/airflow] Airflow container errors out if any AIRFLOW_LDAP_ environment variable contains a single quote #65217

[zanecodes]

Should this and #66535 each be broken up into three separate PRs for airflow, airflow-scheduler, and airflow-worker?

It seems that the CI pipeline skipped checks since this modifies multiple containers at once.

Also, the link to container best practices in CONTRIBUTING.md is currently broken.

[github-actions]

This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.

[alemorcuq]

Sorry for the late reply, @zanecodes. It's fine like this.

[github-actions]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary.

[github-actions]

This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.

[github-actions]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary.

[github-actions]

This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.

[github-actions]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary.

[juan131]

Thanks so much for this contribution and sorry for the big delay in the review process! LGTM

[juan131]

New releases including your changes now available:

• docker.io/bitnami/airflow-worker:2.9.3-debian-12-r4
• docker.io/bitnami/airflow-scheduler:2.9.3-debian-12-r4
• docker.io/bitnami/airflow:2.9.3-debian-12-r6