Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revoking stale permissions breaks DAG import #42743

Closed
1 of 2 tasks
RostD opened this issue Oct 4, 2024 · 3 comments · Fixed by #42844
Closed
1 of 2 tasks

Revoking stale permissions breaks DAG import #42743

RostD opened this issue Oct 4, 2024 · 3 comments · Fixed by #42844
Labels
area:providers kind:bug This is a clearly a bug provider:fab

Comments

@RostD
Copy link

RostD commented Oct 4, 2024
edited
Loading

Apache Airflow Provider(s)

fab

Versions of Apache Airflow Providers

apache-airflow-providers-fab==1.4.0

Apache Airflow version

2.9.3

Operating System

Oracle Linux Server 8.10

Deployment

Virtualenv installation

Deployment details

No response

What happened

In DAG I use the "old" format of the access_control parameter. "DAG Import Errors" appears in the web interface when revoking stale permissions

Traceback(most recent call last):
  File "/opt/venv/lib64/python3.11/site-packages/airflow/providers/fab/auth_manager/security_manager/override.py", line 1128, in sync_perm_for_dag
    self._sync_dag_view_permissions(dag_id, access_control.copy())
  File "/opt/venv/lib64/python3.11/site-packages/airflow/providers/fab/auth_manager/security_manager/override.py", line 1175, in _sync_dag_view_permissions
    target_perms_for_role = access_control.get(role.name, {}).get(resource_name, set())
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'set' object has no attribute 'get'

What you think should happen instead

According to the provider's documentation, it supports the old format, I think its support should be added

How to reproduce

In DAG use the "old" format of the access_control parameter:
with DAG( ... access_control={'BASIC_ROLE': {'can_read', 'can_edit', 'can_delete'}, 'BASIC_ROLE_VIEW': {'can_read'}}, ... )

Wait until all permissions are added. Then remove can_delete permission, then when revoking obsolete permissions fab crashes and DAG Import Errors message appears in web interface

Anything else

No response

Are you willing to submit PR?

  • Yes I am willing to submit a PR!

Code of Conduct
@RostD RostD added area:providers kind:bug This is a clearly a bug needs-triage label for new issues that we didn't triage yet labels Oct 4, 2024
@boring-cyborg boring-cyborg
Copy link

boring-cyborg bot commented Oct 4, 2024

Thanks for opening your first issue here! Be sure to follow the issue template! If you are willing to raise PR to address this issue please do so, no need to wait for approval.

@dosubot dosubot bot added the provider:fab label Oct 4, 2024
@potiuk
Copy link
Member

potiuk commented Oct 5, 2024

Can. you take a look @joaopamaral ? It looks legit.

@joaopamaral joaopamaral mentioned this issue Oct 8, 2024
Merged
@joaopamaral
Copy link
Contributor

joaopamaral commented Oct 8, 2024
edited
Loading

Sorry for taking too long, I only had time to check it today. Here is the fix #42844

@nathadfield nathadfield removed the needs-triage label for new issues that we didn't triage yet label Oct 23, 2024
This was referenced Oct 27, 2024
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:providers kind:bug This is a clearly a bug provider:fab
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix revoke Dag stale permission on airflow < 2.10 joaopamaral/airflow
4 participants
@potiuk @nathadfield @joaopamaral @RostD