You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/11/20 18:17:49 UTC
[GitHub] [airflow] XD-DENG opened a new pull request #12516: Housekeeping for www/security.py
XD-DENG opened a new pull request #12516:
URL: https://github.com/apache/airflow/pull/12516
This PR includes a few changes in `www/security.py`:
- Correct type hint for dag_id (`str` rather than `int`)
- Use DAG name without prefix "DAG:" in logging (line 644)
- Avoid unnecessary duplicated operation (line 653. Duplicated with line 648)
<!--
Thank you for contributing! Please make sure that your code changes
are covered with tests. And in case of new features or big changes
remember to adjust the documentation.
Feel free to ping committers for the review!
In case of existing issue, reference it using one of the following:
closes: #ISSUE
related: #ISSUE
How to write a good git commit message:
http://chris.beams.io/posts/git-commit/
-->
---
**^ Add meaningful description above**
Read the **[Pull Request Guidelines](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pull-request-guidelines)** for more information.
In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed.
In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/master/UPDATING.md).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] github-actions[bot] commented on pull request #12516: Housekeeping for www/security.py
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #12516:
URL: https://github.com/apache/airflow/pull/12516#issuecomment-731415020
[The Workflow run](https://github.com/apache/airflow/actions/runs/375182012) is cancelling this PR. It has some failed jobs matching ^Pylint$,^Static checks,^Build docs$,^Spell check docs$,^Backport packages$,^Provider packages,^Checks: Helm tests$,^Test OpenAPI*.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] XD-DENG commented on a change in pull request #12516: Housekeeping for www/security.py
Posted by GitBox <gi...@apache.org>.
XD-DENG commented on a change in pull request #12516:
URL: https://github.com/apache/airflow/pull/12516#discussion_r527969425
##########
File path: airflow/www/security.py
##########
@@ -520,7 +520,6 @@ def update_admin_perm_view(self):
:return: None.
"""
- all_dag_view = self.find_view_menu(permissions.RESOURCE_DAG)
dag_pvs = (
self.get_session.query(sqla_models.ViewMenu)
.filter(sqla_models.ViewMenu.name.like(f"{permissions.RESOURCE_DAG_PREFIX}%"))
Review comment:
A bit more clarification for this change:
If the ViewMenu name is like `RESOURCE_DAG_PREFIX` ("DAG:"), we can already be very sure that the resulting `pv_ids` doesn't include the id of `RESOURCE_DAG ` ("DAGs").
Hence in the following SQL query, we don't need to have the 2nd condition in the `and_()`
Let me know if this doesn't make sense to you. Thanks.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] kaxil commented on a change in pull request #12516: Housekeeping for www/security.py
Posted by GitBox <gi...@apache.org>.
kaxil commented on a change in pull request #12516:
URL: https://github.com/apache/airflow/pull/12516#discussion_r528044405
##########
File path: airflow/www/security.py
##########
@@ -520,7 +520,6 @@ def update_admin_perm_view(self):
:return: None.
"""
- all_dag_view = self.find_view_menu(permissions.RESOURCE_DAG)
dag_pvs = (
self.get_session.query(sqla_models.ViewMenu)
.filter(sqla_models.ViewMenu.name.like(f"{permissions.RESOURCE_DAG_PREFIX}%"))
Review comment:
Can you give an example over here?
cc @jhtimmins
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] github-actions[bot] commented on pull request #12516: Housekeeping for www/security.py
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #12516:
URL: https://github.com/apache/airflow/pull/12516#issuecomment-732161021
The PR should be OK to be merged with just subset of tests as it does not modify Core of Airflow. The committers might merge it or can add a label 'full tests needed' and re-run it to run all tests if they see it is needed!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] kaxil commented on a change in pull request #12516: Housekeeping for www/security.py
Posted by GitBox <gi...@apache.org>.
kaxil commented on a change in pull request #12516:
URL: https://github.com/apache/airflow/pull/12516#discussion_r528044405
##########
File path: airflow/www/security.py
##########
@@ -520,7 +520,6 @@ def update_admin_perm_view(self):
:return: None.
"""
- all_dag_view = self.find_view_menu(permissions.RESOURCE_DAG)
dag_pvs = (
self.get_session.query(sqla_models.ViewMenu)
.filter(sqla_models.ViewMenu.name.like(f"{permissions.RESOURCE_DAG_PREFIX}%"))
Review comment:
Can you give an example over here
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] XD-DENG merged pull request #12516: Housekeeping for www/security.py
Posted by GitBox <gi...@apache.org>.
XD-DENG merged pull request #12516:
URL: https://github.com/apache/airflow/pull/12516
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] kaxil commented on a change in pull request #12516: Housekeeping for www/security.py
Posted by GitBox <gi...@apache.org>.
kaxil commented on a change in pull request #12516:
URL: https://github.com/apache/airflow/pull/12516#discussion_r528700626
##########
File path: airflow/www/security.py
##########
@@ -520,7 +520,6 @@ def update_admin_perm_view(self):
:return: None.
"""
- all_dag_view = self.find_view_menu(permissions.RESOURCE_DAG)
dag_pvs = (
self.get_session.query(sqla_models.ViewMenu)
.filter(sqla_models.ViewMenu.name.like(f"{permissions.RESOURCE_DAG_PREFIX}%"))
Review comment:
Nice, thanks for the explanation. It makes sense to me
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] github-actions[bot] removed a comment on pull request #12516: Housekeeping for www/security.py
Posted by GitBox <gi...@apache.org>.
github-actions[bot] removed a comment on pull request #12516:
URL: https://github.com/apache/airflow/pull/12516#issuecomment-731415020
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] github-actions[bot] commented on pull request #12516: Housekeeping for www/security.py
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #12516:
URL: https://github.com/apache/airflow/pull/12516#issuecomment-731414636
[The Workflow run](https://github.com/apache/airflow/actions/runs/375180530) is cancelling this PR. It has some failed jobs matching ^Pylint$,^Static checks,^Build docs$,^Spell check docs$,^Backport packages$,^Provider packages,^Checks: Helm tests$,^Test OpenAPI*.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] github-actions[bot] commented on pull request #12516: Housekeeping for www/security.py
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #12516:
URL: https://github.com/apache/airflow/pull/12516#issuecomment-731413344
[The Workflow run](https://github.com/apache/airflow/actions/runs/375175218) is cancelling this PR. It has some failed jobs matching ^Pylint$,^Static checks,^Build docs$,^Spell check docs$,^Backport packages$,^Provider packages,^Checks: Helm tests$,^Test OpenAPI*.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] XD-DENG commented on a change in pull request #12516: Housekeeping for www/security.py
Posted by GitBox <gi...@apache.org>.
XD-DENG commented on a change in pull request #12516:
URL: https://github.com/apache/airflow/pull/12516#discussion_r527969425
##########
File path: airflow/www/security.py
##########
@@ -520,7 +520,6 @@ def update_admin_perm_view(self):
:return: None.
"""
- all_dag_view = self.find_view_menu(permissions.RESOURCE_DAG)
dag_pvs = (
self.get_session.query(sqla_models.ViewMenu)
.filter(sqla_models.ViewMenu.name.like(f"{permissions.RESOURCE_DAG_PREFIX}%"))
Review comment:
if the ViewMenu name is like `RESOURCE_DAG_PREFIX` ("DAG:"), we can already be very sure that the resulting `pv_ids` doesn't include the id of `RESOURCE_DAG ` ("DAGs").
Hence in the following SQL query, we don't need to have the 2nd condition in the `and_()`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] XD-DENG commented on a change in pull request #12516: Housekeeping for www/security.py
Posted by GitBox <gi...@apache.org>.
XD-DENG commented on a change in pull request #12516:
URL: https://github.com/apache/airflow/pull/12516#discussion_r528113942
##########
File path: airflow/www/security.py
##########
@@ -520,7 +520,6 @@ def update_admin_perm_view(self):
:return: None.
"""
- all_dag_view = self.find_view_menu(permissions.RESOURCE_DAG)
dag_pvs = (
self.get_session.query(sqla_models.ViewMenu)
.filter(sqla_models.ViewMenu.name.like(f"{permissions.RESOURCE_DAG_PREFIX}%"))
Review comment:
There are 3 types of ViewMenus in this context:
- type-1: non-DAG views
- type-2: the single view corresponding to "All DAGs". This is marked as ["DAGs"](https://github.com/apache/airflow/blob/master/airflow/security/permissions.py#L23)(`permissions.RESOURCE_DAG`). Users who has permission to this VM has access to All DAGs.
- type-3: DAG views, whose name starts with ["DAG:"](https://github.com/apache/airflow/blob/master/airflow/security/permissions.py#L24)) (`permissions.RESOURCE_DAG_PREFIX`, , for example, "DAG:example_bash_operator", "DAG:example_python_operator", etc.
As indicated in the docstring ("_Admin should have all the permission-views, except the dag views. because Admin already has Dags permission. because Admin already has Dags permission_"), for `Admin`, we only need to assign type-1 + type-2 (type-2 already covers all type-3 View Menus).
Given the different string structure of `permissions.RESOURCE_DAG` and `permissions.RESOURCE_DAG_PREFIX` ("`DAGs`" and "`DAG:`"), if we get all entries of type-3, then filter them out (`.filter(~...)`), we naturally get type-1 + type-2. That's why I find the whole method can be simplified.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org