You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/10/10 05:21:47 UTC

[GitHub] [airflow] jhtimmins opened a new pull request #11389: Use permission constants

jhtimmins opened a new pull request #11389:
URL: https://github.com/apache/airflow/pull/11389


   This uses the permissions.py constants file to reference resource-based permission values.
   
   Builds on PR https://github.com/apache/airflow/pull/11189


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ashb commented on a change in pull request #11389: Use permission constants

Posted by GitBox <gi...@apache.org>.

ashb commented on a change in pull request #11389:
URL: https://github.com/apache/airflow/pull/11389#discussion_r506980528



##########
File path: airflow/www/security.py
##########
@@ -630,7 +630,7 @@ def sync_perm_for_dag(self, dag_id, access_control=None):
         :type dag_id: str
         :param access_control: a dict where each key is a rolename and
             each value is a set() of permission names (e.g.,
-            {'can_read'}
+            {permissions.ACTION_CAN_READ}

Review comment:
       ```suggestion
               {airflow.security.permissions.ACTION_CAN_READ}
   ```
   
   I think, so it's clearer from the docs where this constant is.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ashb commented on a change in pull request #11389: Use permission constants

Posted by GitBox <gi...@apache.org>.

ashb commented on a change in pull request #11389:
URL: https://github.com/apache/airflow/pull/11389#discussion_r506980437



##########
File path: airflow/models/dag.py
##########
@@ -387,7 +387,7 @@ def __exit__(self, _type, _value, _tb):
     def _upgrade_outdated_dag_access_control(access_control=None):
         """
         Looks for outdated dag level permissions (can_dag_read and can_dag_edit) in DAG
-        access_controls (for example, {'role1': {'can_dag_read'}, 'role2': {'can_dag_read', 'can_dag_edit'}})
+        access_controls (for example, {'role1': {"can_dag_read"}, 'role2': {"can_dag_read", "can_dag_edit"}})

Review comment:
       Inconsistent quoting here - pick one :)




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ashb commented on a change in pull request #11389: Use permission constants

Posted by GitBox <gi...@apache.org>.

ashb commented on a change in pull request #11389:
URL: https://github.com/apache/airflow/pull/11389#discussion_r506980791



##########
File path: airflow/security/permissions.py
##########
@@ -0,0 +1,38 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Resource Constants
+RESOURCE_ALL_DAGS = 'AllDags'
+RESOURCE_CONFIG = 'Config'
+RESOURCE_CONNECTION = 'Connection'
+RESOURCE_DAG_CODE = 'DagCode'
+RESOURCE_DAG_PREFIX = 'DAG:'
+RESOURCE_DAG_RUN = 'DagRun'
+RESOURCE_IMPORT_ERROR = 'ImportError'
+RESOURCE_LOG = 'Log'
+RESOURCE_POOL = 'Pool'
+RESOURCE_TASK = 'Task'
+RESOURCE_TASK_INSTANCE = 'TaskInstance'
+RESOURCE_VARIABLE = "Variable"
+RESOURCE_WEBSITE = 'Website'
+RESOURCE_XCOM = 'XCom'
+
+# Action Constants
+ACTION_CAN_CREATE = 'can_create'
+ACTION_CAN_READ = 'can_read'
+ACTION_CAN_EDIT = 'can_edit'
+ACTION_CAN_DELETE = 'can_delete'

Review comment:
       Lets do this later.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ashb commented on a change in pull request #11389: Use permission constants

Posted by GitBox <gi...@apache.org>.

ashb commented on a change in pull request #11389:
URL: https://github.com/apache/airflow/pull/11389#discussion_r506973675



##########
File path: airflow/security/permissions.py
##########
@@ -0,0 +1,38 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Resource Constants
+RESOURCE_ALL_DAGS = 'AllDags'
+RESOURCE_CONFIG = 'Config'
+RESOURCE_CONNECTION = 'Connection'
+RESOURCE_DAG_CODE = 'DagCode'
+RESOURCE_DAG_PREFIX = 'DAG:'
+RESOURCE_DAG_RUN = 'DagRun'
+RESOURCE_IMPORT_ERROR = 'ImportError'
+RESOURCE_LOG = 'Log'
+RESOURCE_POOL = 'Pool'
+RESOURCE_TASK = 'Task'
+RESOURCE_TASK_INSTANCE = 'TaskInstance'
+RESOURCE_VARIABLE = "Variable"
+RESOURCE_WEBSITE = 'Website'
+RESOURCE_XCOM = 'XCom'
+
+# Action Constants
+ACTION_CAN_CREATE = 'can_create'
+ACTION_CAN_READ = 'can_read'
+ACTION_CAN_EDIT = 'can_edit'
+ACTION_CAN_DELETE = 'can_delete'

Review comment:
       I by making it inherit from `str` too, which is supported by Enum, it will behave right for SQLA at least, and likely FAB too if it does anymore than pass it on.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ashb commented on a change in pull request #11389: Use permission constants

Posted by GitBox <gi...@apache.org>.

ashb commented on a change in pull request #11389:
URL: https://github.com/apache/airflow/pull/11389#discussion_r506981878



##########
File path: airflow/www/security.py
##########
@@ -630,7 +630,7 @@ def sync_perm_for_dag(self, dag_id, access_control=None):
         :type dag_id: str
         :param access_control: a dict where each key is a rolename and
             each value is a set() of permission names (e.g.,
-            {'can_read'}
+            {permissions.ACTION_CAN_READ}

Review comment:
       Could go either way. For user code/documentation it's probably easier to use string literals.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ashb commented on a change in pull request #11389: Use permission constants

Posted by GitBox <gi...@apache.org>.

ashb commented on a change in pull request #11389:
URL: https://github.com/apache/airflow/pull/11389#discussion_r506973563



##########
File path: airflow/security/permissions.py
##########
@@ -0,0 +1,38 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Resource Constants
+RESOURCE_ALL_DAGS = 'AllDags'
+RESOURCE_CONFIG = 'Config'
+RESOURCE_CONNECTION = 'Connection'
+RESOURCE_DAG_CODE = 'DagCode'
+RESOURCE_DAG_PREFIX = 'DAG:'
+RESOURCE_DAG_RUN = 'DagRun'
+RESOURCE_IMPORT_ERROR = 'ImportError'
+RESOURCE_LOG = 'Log'
+RESOURCE_POOL = 'Pool'
+RESOURCE_TASK = 'Task'
+RESOURCE_TASK_INSTANCE = 'TaskInstance'
+RESOURCE_VARIABLE = "Variable"
+RESOURCE_WEBSITE = 'Website'
+RESOURCE_XCOM = 'XCom'
+
+# Action Constants
+ACTION_CAN_CREATE = 'can_create'
+ACTION_CAN_READ = 'can_read'
+ACTION_CAN_EDIT = 'can_edit'
+ACTION_CAN_DELETE = 'can_delete'

Review comment:
       I'm not sure if it'll work easily with how FAB/SQLA works, but maybe making these an enum class:
   
   
   ```suggestion
   import enum
   
   
   class Resouece(str, enum.Enum):
       ALL_DAGS = 'AllDags'
       CONFIG = 'Config'
       CONNECTION = 'Connection'
       DAG_CODE = 'DagCode'
       DAG_PREFIX = 'DAG:'
       DAG_RUN = 'DagRun'
       IMPORT_ERROR = 'ImportError'
       LOG = 'Log'
       POOL = 'Pool'
       TASK = 'Task'
       TASK_INSTANCE = 'TaskInstance'
       VARIABLE = "Variable"
       WEBSITE = 'Website'
       XCOM = 'XCom'
   
   class Actions(str, enum.Enum):
       CAN_CREATE = 'can_create'
       CAN_READ = 'can_read'
       CAN_EDIT = 'can_edit'
       CAN_DELETE = 'can_delete'
   ```
   
   What do you think?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] jhtimmins commented on a change in pull request #11389: Use permission constants

Posted by GitBox <gi...@apache.org>.

jhtimmins commented on a change in pull request #11389:
URL: https://github.com/apache/airflow/pull/11389#discussion_r506981092



##########
File path: airflow/www/security.py
##########
@@ -630,7 +630,7 @@ def sync_perm_for_dag(self, dag_id, access_control=None):
         :type dag_id: str
         :param access_control: a dict where each key is a rolename and
             each value is a set() of permission names (e.g.,
-            {'can_read'}
+            {permissions.ACTION_CAN_READ}

Review comment:
       This is actually the result of a bad search and replace. I wasn't trying make comment strings use the constants. Do you think they should though?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ashb merged pull request #11389: Use permission constants

Posted by GitBox <gi...@apache.org>.

ashb merged pull request #11389:
URL: https://github.com/apache/airflow/pull/11389


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org