You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2023/01/05 15:55:53 UTC

[GitHub] [airflow] vchiapaikeo opened a new issue, #28746: UIAlert returns AttributeError: 'NoneType' object has no attribute 'roles' when specifying AUTH_ROLE_PUBLIC

vchiapaikeo opened a new issue, #28746:
URL: https://github.com/apache/airflow/issues/28746

   ### Apache Airflow version
   
   2.5.0
   
   ### What happened
   
   When adding a [role-based UIAlert following these docs](https://airflow.apache.org/docs/apache-airflow/stable/howto/customize-ui.html#add-custom-alert-messages-on-the-dashboard), I received the below stacktrace:
   
   ```
   Traceback (most recent call last):
     File "/home/airflow/.local/lib/python3.9/site-packages/flask/app.py", line 2525, in wsgi_app
       response = self.full_dispatch_request()
     File "/home/airflow/.local/lib/python3.9/site-packages/flask/app.py", line 1822, in full_dispatch_request
       rv = self.handle_user_exception(e)
     File "/home/airflow/.local/lib/python3.9/site-packages/flask/app.py", line 1820, in full_dispatch_request
       rv = self.dispatch_request()
     File "/home/airflow/.local/lib/python3.9/site-packages/flask/app.py", line 1796, in dispatch_request
       return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
     File "/home/airflow/.local/lib/python3.9/site-packages/airflow/www/auth.py", line 47, in decorated
       return func(*args, **kwargs)
     File "/home/airflow/.local/lib/python3.9/site-packages/airflow/www/views.py", line 780, in index
       dashboard_alerts = [
     File "/home/airflow/.local/lib/python3.9/site-packages/airflow/www/views.py", line 781, in <listcomp>
       fm for fm in settings.DASHBOARD_UIALERTS if fm.should_show(get_airflow_app().appbuilder.sm)
     File "/home/airflow/.local/lib/python3.9/site-packages/airflow/www/utils.py", line 820, in should_show
       user_roles = {r.name for r in securitymanager.current_user.roles}
   AttributeError: 'NoneType' object has no attribute 'roles'
   ```
   
   On further inspection, I realized this is happening because my webserver_config.py has this specification:
   
   ```py
   # Uncomment and set to desired role to enable access without authentication
   AUTH_ROLE_PUBLIC = 'Viewer'
   ```
   
   When we set AUTH_ROLE_PUBLIC to a role like Viewer, [this line](https://github.com/apache/airflow/blob/ad7f8e09f8e6e87df2665abdedb22b3e8a469b49/airflow/www/utils.py#L828) returns an exception because `securitymanager.current_user` is None.
   
   Relevant code snippet:
   ```py
       def should_show(self, securitymanager) -> bool:Open an interactive python shell in this frame
           """Determine if the user should see the message based on their role membership"""
           if self.roles:
               user_roles = {r.name for r in securitymanager.current_user.roles}
               if not user_roles.intersection(set(self.roles)):
                   return False
           return True
   ```
   
   ### What you think should happen instead
   
   If we detect that the securitymanager.current_user is None, we should not attempt to get its `roles` attribute. 
   
   Instead, we can check to see if the AUTH_ROLE_PUBLIC is set in webserver_config.py which will tell us if a public role is being used. If it is, we can assume that because the current_user is None, the current_user's role is the public role.
   
   In code, this might look like this:
   
   ```py
       def should_show(self, securitymanager) -> bool:
           """Determine if the user should see the message based on their role membership"""
           if self.roles:
               user_roles = set()
               if hasattr(securitymanager.current_user, "roles"):
                   user_roles = {r.name for r in securitymanager.current_user.roles}
               elif "AUTH_ROLE_PUBLIC" in securitymanager.appbuilder.get_app.config:
                   # Give anonymous user public role
                   user_roles = set([securitymanager.appbuilder.get_app.config["AUTH_ROLE_PUBLIC"]])
               if not user_roles.intersection(set(self.roles)):
                   return False
           return True
   ```
   
   Expected result on the webpage:
   
   <img width="1440" alt="image" src="https://user-images.githubusercontent.com/9200263/210823778-4c619b75-40a3-4caa-9a2c-073651da7f0d.png">
   
   
   ### How to reproduce
   
   Start breeze:
   
   ```
   breeze --python 3.7 --backend postgres start-airflow  
   ```
   
   After the webserver, triggerer, and scheduler are started, modify webserver_config.py to uncomment AUTH_ROLE_PUBLIC and add airflow_local_settings.py:
   
   ```bash
   cd $AIRFLOW_HOME
   
   # Uncomment AUTH_ROLE_PUBLIC
   vi webserver_config.py
   
   mkdir -p config
   
   # Add sample airflow_local_settings.py below
   vi config/airflow_local_settings.py
   ```
   
   ```py
   from airflow.www.utils import UIAlert
   
   DASHBOARD_UIALERTS = [
       UIAlert("Role based alert", category="warning", roles=["Viewer"]),
   ]
   ```
   
   Restart the webserver and navigate to airflow. You should see this page:
   
   <img width="1440" alt="image" src="https://user-images.githubusercontent.com/9200263/210820838-e74ffc23-7b6b-42dc-85f1-29ab8b0ee3d5.png">
   
   
   ### Operating System
   
   Debian 11
   
   ### Versions of Apache Airflow Providers
   
   2.5.0
   
   ### Deployment
   
   Official Apache Airflow Helm Chart
   
   ### Deployment details
   
   Locally
   
   ### Anything else
   
   This problem only occurs if you add a role based UIAlert and are using AUTH_ROLE_PUBLIC
   
   ### Are you willing to submit PR?
   
   - [X] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] pierrejeambrun commented on issue #28746: UIAlert returns AttributeError: 'NoneType' object has no attribute 'roles' when specifying AUTH_ROLE_PUBLIC

Posted by GitBox <gi...@apache.org>.

pierrejeambrun commented on issue #28746:
URL: https://github.com/apache/airflow/issues/28746#issuecomment-1374459855

   Hello @vchiapaikeo,
   
   Thanks for reporting this.
   
   Feel free to open a PR, I just assigned you :) 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] eladkal closed issue #28746: UIAlert returns AttributeError: 'NoneType' object has no attribute 'roles' when specifying AUTH_ROLE_PUBLIC

Posted by GitBox <gi...@apache.org>.

eladkal closed issue #28746: UIAlert returns AttributeError: 'NoneType' object has no attribute 'roles' when specifying AUTH_ROLE_PUBLIC
URL: https://github.com/apache/airflow/issues/28746


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org