You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2023/01/05 15:55:53 UTC
[GitHub] [airflow] vchiapaikeo opened a new issue, #28746: UIAlert returns AttributeError: 'NoneType' object has no attribute 'roles' when specifying AUTH_ROLE_PUBLIC
vchiapaikeo opened a new issue, #28746:
URL: https://github.com/apache/airflow/issues/28746
### Apache Airflow version
2.5.0
### What happened
When adding a [role-based UIAlert following these docs](https://airflow.apache.org/docs/apache-airflow/stable/howto/customize-ui.html#add-custom-alert-messages-on-the-dashboard), I received the below stacktrace:
```
Traceback (most recent call last):
File "/home/airflow/.local/lib/python3.9/site-packages/flask/app.py", line 2525, in wsgi_app
response = self.full_dispatch_request()
File "/home/airflow/.local/lib/python3.9/site-packages/flask/app.py", line 1822, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/home/airflow/.local/lib/python3.9/site-packages/flask/app.py", line 1820, in full_dispatch_request
rv = self.dispatch_request()
File "/home/airflow/.local/lib/python3.9/site-packages/flask/app.py", line 1796, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
File "/home/airflow/.local/lib/python3.9/site-packages/airflow/www/auth.py", line 47, in decorated
return func(*args, **kwargs)
File "/home/airflow/.local/lib/python3.9/site-packages/airflow/www/views.py", line 780, in index
dashboard_alerts = [
File "/home/airflow/.local/lib/python3.9/site-packages/airflow/www/views.py", line 781, in <listcomp>
fm for fm in settings.DASHBOARD_UIALERTS if fm.should_show(get_airflow_app().appbuilder.sm)
File "/home/airflow/.local/lib/python3.9/site-packages/airflow/www/utils.py", line 820, in should_show
user_roles = {r.name for r in securitymanager.current_user.roles}
AttributeError: 'NoneType' object has no attribute 'roles'
```
On further inspection, I realized this is happening because my webserver_config.py has this specification:
```py
# Uncomment and set to desired role to enable access without authentication
AUTH_ROLE_PUBLIC = 'Viewer'
```
When we set AUTH_ROLE_PUBLIC to a role like Viewer, [this line](https://github.com/apache/airflow/blob/ad7f8e09f8e6e87df2665abdedb22b3e8a469b49/airflow/www/utils.py#L828) returns an exception because `securitymanager.current_user` is None.
Relevant code snippet:
```py
def should_show(self, securitymanager) -> bool:Open an interactive python shell in this frame
"""Determine if the user should see the message based on their role membership"""
if self.roles:
user_roles = {r.name for r in securitymanager.current_user.roles}
if not user_roles.intersection(set(self.roles)):
return False
return True
```
### What you think should happen instead
If we detect that the securitymanager.current_user is None, we should not attempt to get its `roles` attribute.
Instead, we can check to see if the AUTH_ROLE_PUBLIC is set in webserver_config.py which will tell us if a public role is being used. If it is, we can assume that because the current_user is None, the current_user's role is the public role.
In code, this might look like this:
```py
def should_show(self, securitymanager) -> bool:
"""Determine if the user should see the message based on their role membership"""
if self.roles:
user_roles = set()
if hasattr(securitymanager.current_user, "roles"):
user_roles = {r.name for r in securitymanager.current_user.roles}
elif "AUTH_ROLE_PUBLIC" in securitymanager.appbuilder.get_app.config:
# Give anonymous user public role
user_roles = set([securitymanager.appbuilder.get_app.config["AUTH_ROLE_PUBLIC"]])
if not user_roles.intersection(set(self.roles)):
return False
return True
```
Expected result on the webpage:
<img width="1440" alt="image" src="https://user-images.githubusercontent.com/9200263/210823778-4c619b75-40a3-4caa-9a2c-073651da7f0d.png">
### How to reproduce
Start breeze:
```
breeze --python 3.7 --backend postgres start-airflow
```
After the webserver, triggerer, and scheduler are started, modify webserver_config.py to uncomment AUTH_ROLE_PUBLIC and add airflow_local_settings.py:
```bash
cd $AIRFLOW_HOME
# Uncomment AUTH_ROLE_PUBLIC
vi webserver_config.py
mkdir -p config
# Add sample airflow_local_settings.py below
vi config/airflow_local_settings.py
```
```py
from airflow.www.utils import UIAlert
DASHBOARD_UIALERTS = [
UIAlert("Role based alert", category="warning", roles=["Viewer"]),
]
```
Restart the webserver and navigate to airflow. You should see this page:
<img width="1440" alt="image" src="https://user-images.githubusercontent.com/9200263/210820838-e74ffc23-7b6b-42dc-85f1-29ab8b0ee3d5.png">
### Operating System
Debian 11
### Versions of Apache Airflow Providers
2.5.0
### Deployment
Official Apache Airflow Helm Chart
### Deployment details
Locally
### Anything else
This problem only occurs if you add a role based UIAlert and are using AUTH_ROLE_PUBLIC
### Are you willing to submit PR?
- [X] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] pierrejeambrun commented on issue #28746: UIAlert returns AttributeError: 'NoneType' object has no attribute 'roles' when specifying AUTH_ROLE_PUBLIC
Posted by GitBox <gi...@apache.org>.
pierrejeambrun commented on issue #28746:
URL: https://github.com/apache/airflow/issues/28746#issuecomment-1374459855
Hello @vchiapaikeo,
Thanks for reporting this.
Feel free to open a PR, I just assigned you :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] eladkal closed issue #28746: UIAlert returns AttributeError: 'NoneType' object has no attribute 'roles' when specifying AUTH_ROLE_PUBLIC
Posted by GitBox <gi...@apache.org>.
eladkal closed issue #28746: UIAlert returns AttributeError: 'NoneType' object has no attribute 'roles' when specifying AUTH_ROLE_PUBLIC
URL: https://github.com/apache/airflow/issues/28746
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org