Bugfix/fix fernet after removal global in configuration

airflow-core/src/airflow/configuration.py

@@ -74,8 +74,8 @@
 class _SecretKeys:
     """Holds the secret keys used in Airflow during runtime."""
 
-    fernet_key: str | None = None
-    jwt_secret_key: str | None = None
+    fernet_key: str = ""  # Set only if needed when generating a new file
+    jwt_secret_key: str = ""
 
 
 class ConfigModifications:
@@ -743,7 +743,7 @@ def write_default_airflow_configuration_if_needed() -> AirflowConfigParser:
                 raise FileNotFoundError(msg) from None
             log.debug("Create directory %r for Airflow config", config_directory.__fspath__())
             config_directory.mkdir(parents=True, exist_ok=True)
-        if conf.get("core", "fernet_key", fallback=None) in (None, ""):
+        if not conf.get("core", "fernet_key"):
             # We know that fernet_key is not set, so we can generate it, set as global key
             # and also write it to the config file so that same key will be used next time
             _SecretKeys.fernet_key = _generate_fernet_key()

airflow-core/tests/unit/core/test_configuration.py

@@ -1974,3 +1974,16 @@ def test_write_default_config_contains_generated_secrets(tmp_path, monkeypatch):
 
     assert fernet_line == f"fernet_key = {airflow.configuration._SecretKeys.fernet_key}"
     assert jwt_secret_line == f"jwt_secret = {airflow.configuration._SecretKeys.jwt_secret_key}"
+
+
+@conf_vars({("core", "fernet_key"): ""})
+def test_ensure_fernet_is_generated(tmp_path, monkeypatch: pytest.MonkeyPatch):
+    import airflow.configuration
+
+    cfgpath = tmp_path / "airflow-not-existing.cfg"
+    monkeypatch.setattr(airflow.configuration, "AIRFLOW_CONFIG", str(cfgpath))
+
+    airflow.configuration.write_default_airflow_configuration_if_needed()
+
+    assert airflow.configuration._SecretKeys.fernet_key
+    assert airflow.configuration._SecretKeys.fernet_key != "None"