You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/08/09 13:54:49 UTC
[GitHub] [airflow] sudarshan2906 opened a new issue #17508: Changing role name in access_control doesn't remove permission from previous role
sudarshan2906 opened a new issue #17508:
URL: https://github.com/apache/airflow/issues/17508
**Apache Airflow version**: 2.1.2
- **Cloud provider or hardware configuration**:
- **OS** (e.g. from /etc/os-release): Debian 10
- **Kernel** (e.g. `uname -a`):
- **Install tools**:
- **Others**:
**What happened**:
When access_control is configured in a dag, and we remove a role from access_control. The permission doesn't get removed from that role
When `access_control={"test_role":{"can_edit"}}`
After access_control is changed to {}
**What you expected to happen**:
The role should have also updated and the permission should be removed
**How to reproduce it**:
Create a dag with access control property set and after it gets created, edit the dag's access_control property by just removing a role or just replace it with another role.
How often does this problem occur? Once? Every time etc?
Every Time
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] jedcunningham commented on issue #17508: Changing role name in access_control doesn't remove permission from previous role
Posted by GitBox <gi...@apache.org>.
jedcunningham commented on issue #17508:
URL: https://github.com/apache/airflow/issues/17508#issuecomment-991100838
What version of Airflow are you running? I see it in help:
```
$ airflow sync-perm --help
usage: airflow sync-perm [-h] [--include-dags]
Update permissions for existing roles and optionally DAGs
optional arguments:
-h, --help show this help message and exit
--include-dags If passed, DAG specific permissions will also be synced.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] alete89 edited a comment on issue #17508: Changing role name in access_control doesn't remove permission from previous role
Posted by GitBox <gi...@apache.org>.
alete89 edited a comment on issue #17508:
URL: https://github.com/apache/airflow/issues/17508#issuecomment-991070760
is there at least a CLI command that we could run to refresh permissions from DAGs `access_control` field? both remove and add new ones.
It looks like `airflow sync-perm` doesn't check DAGs :(
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] alete89 commented on issue #17508: Changing role name in access_control doesn't remove permission from previous role
Posted by GitBox <gi...@apache.org>.
alete89 commented on issue #17508:
URL: https://github.com/apache/airflow/issues/17508#issuecomment-991070760
is there at least a CLI command that we could run to refresh permissions from DAGs `access_control` field? both remove and add new ones.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] alete89 edited a comment on issue #17508: Changing role name in access_control doesn't remove permission from previous role
Posted by GitBox <gi...@apache.org>.
alete89 edited a comment on issue #17508:
URL: https://github.com/apache/airflow/issues/17508#issuecomment-991070760
is there at least a CLI command that we could run to refresh permissions from DAGs `access_control` field? both remove and add new ones.
It looks like `airflow sync-perm` doesn't check DAGs :(
for future reference: you can run `airflow sync-perm --inlcude-dags` this is on the docs, but not in the CLI help.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] alete89 edited a comment on issue #17508: Changing role name in access_control doesn't remove permission from previous role
Posted by GitBox <gi...@apache.org>.
alete89 edited a comment on issue #17508:
URL: https://github.com/apache/airflow/issues/17508#issuecomment-991070760
is there at least a CLI command that we could run to refresh permissions from DAGs `access_control` field? both remove and add new ones.
It looks like `airflow sync-perm` doesn't check DAGs :(
EDIT:
for future reference: you can run `airflow sync-perm --inlcude-dags` this is on the docs, but not in the CLI help.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] alete89 commented on issue #17508: Changing role name in access_control doesn't remove permission from previous role
Posted by GitBox <gi...@apache.org>.
alete89 commented on issue #17508:
URL: https://github.com/apache/airflow/issues/17508#issuecomment-991121373
Woops! You're right, Jed, I suppose I missed something when I ran it last time.
Now getting back to the bug, I'm experiencing this on 2.1.4 but I tested it on 2.2.2 locally and it happens as well.
What I'm experiencing is Airflow not updating permissions at all (neither adding or removing role permissions) based on DAG `access_control` field.
Only by running `airflow sync-perm --inlcude-dags` will add new permissions if existing, but not removing any (as the issue states).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] jedcunningham commented on issue #17508: Changing role name in access_control doesn't remove permission from previous role
Posted by GitBox <gi...@apache.org>.
jedcunningham commented on issue #17508:
URL: https://github.com/apache/airflow/issues/17508#issuecomment-991158608
I wonder if you are running into this? #18575
Make a trivial change and watch your UI for an import_error (it'll only last a single dag parsing cycle), or look in your parsing log (e.g. AIRFLOW_HOME/logs/scheduler/...).
Removal of the role isn't an easy fix, unfortunately, but adding new roles should work.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org