Add updated-name wrappers for built-in FAB methods. #16077
Conversation
cb60630 to
6345285
Compare
airflow/www/security.py
Outdated
| :return: Action record, if it exists | ||
| :rtype: Permission | ||
| """ | ||
| return super().find_permission(name) |
There was a problem hiding this comment.
Why is this super() vs self?
There was a problem hiding this comment.
And should we change parameter to action_name? for consistency ?
There was a problem hiding this comment.
Generally, I like to add only as much explanation as is necessary based on context. In this case it seems reasonable to infer that name refers to the name of the action being retrieved.
airflow/www/security.py
Outdated
| @@ -409,6 +474,20 @@ def has_access(self, permission, resource, user=None) -> bool: | ||
|
|
||
| return has_access | ||
|
|
||
| def _has_access(self, user, action, resource) -> bool: |
There was a problem hiding this comment.
I think "action_name" and "resource_name" should be here as well.
airflow/www/security.py
Outdated
| @@ -639,6 +750,16 @@ def sync_perm_for_dag(self, dag_id, access_control=None): | ||
| if access_control: | ||
| self._sync_dag_view_permissions(dag_resource_name, access_control) | ||
|
|
||
| def get_resource_permissions(self, resource): |
There was a problem hiding this comment.
Just double-checking - resource here is different than "resource_name" (looks like - from the type).
There was a problem hiding this comment.
Yeah, resource should apply to the actual object
6b815c9 to
129ebf1
Compare
airflow/www/security.py
Outdated
| Returns a resource record by name, if it exists. | ||
| :param name: Name of resource |
There was a problem hiding this comment.
Sphinx needs one blank line between description and params
| Returns a resource record by name, if it exists. | |
| :param name: Name of resource | |
| Returns a resource record by name, if it exists. | |
| :param name: Name of resource |
airflow/www/security.py
Outdated
| Gets an existing action record. | ||
| :param name: name |
There was a problem hiding this comment.
| Gets an existing action record. | |
| :param name: name | |
| Gets an existing action record. | |
| :param name: name |
airflow/www/security.py
Outdated
| Gets a permission made with the given action->resource pair, if the permission already exists. | ||
| :param action_name: Name of action |
There was a problem hiding this comment.
| Gets a permission made with the given action->resource pair, if the permission already exists. | |
| :param action_name: Name of action | |
| Gets a permission made with the given action->resource pair, if the permission already exists. | |
| :param action_name: Name of action |
airflow/www/security.py
Outdated
| Creates a permission linking an action and resource. | ||
| :param action_name: Name of existing action |
There was a problem hiding this comment.
| Creates a permission linking an action and resource. | |
| :param action_name: Name of existing action | |
| Creates a permission linking an action and resource. | |
| :param action_name: Name of existing action |
airflow/www/security.py
Outdated
| Add an existing permission pair to a role. | ||
| :param role: The role about to get a new permission. |
There was a problem hiding this comment.
| Add an existing permission pair to a role. | |
| :param role: The role about to get a new permission. | |
| Add an existing permission pair to a role. | |
| :param role: The role about to get a new permission. |
airflow/www/security.py
Outdated
| Remove a permission pair from a role. | ||
| :param role: User role containing permissions. |
There was a problem hiding this comment.
| Remove a permission pair from a role. | |
| :param role: User role containing permissions. | |
| Remove a permission pair from a role. | |
| :param role: User role containing permissions. |
airflow/www/security.py
Outdated
| Deletes a permission action. | ||
| :param name: Name of action to delete (e.g. can_read). |
There was a problem hiding this comment.
| Deletes a permission action. | |
| :param name: Name of action to delete (e.g. can_read). | |
| Deletes a permission action. | |
| :param name: Name of action to delete (e.g. can_read). |
airflow/www/security.py
Outdated
| Retrieve permission pairs associated with a specific resource object. | ||
| :param resource: Object representing a single resource. |
There was a problem hiding this comment.
| Retrieve permission pairs associated with a specific resource object. | |
| :param resource: Object representing a single resource. | |
| Retrieve permission pairs associated with a specific resource object. | |
| :param resource: Object representing a single resource. |
airflow/www/security.py
Outdated
| then re-syncs them. | ||
| :return: None |
There was a problem hiding this comment.
| then re-syncs them. | |
| :return: None | |
| then re-syncs them. | |
| :return: None |
129ebf1 to
c05946a
Compare
08e46ad to
1768355
Compare
|
@potiuk can you take another look? I've added typing and either updated or explained the naming choices. |
|
The PR is likely OK to be merged with just subset of tests for default Python and Database versions without running the full matrix of tests, because it does not modify the core of Airflow. If the committers decide that the full tests matrix is needed, they will add the label 'full tests needed'. Then you should rebase to the latest master or amend the last commit of the PR, and push it with --force-with-lease. |
|
Thanks @potiuk. Is the failing MSSQL test related to that other PR about improving MSSQL compatibility? |
|
Yep. We already have a fix for that. We looked for the problem for last few days and it turned out it is caused by ..... Tmpfs backing our docker engine for self-hosted runners (they are optimized for speed). Fix is coming in #16159 |
This is a re-implementation of one piece of #15398, which uses the "resource" and "action" naming scheme.
The original PR has proved difficult to get reviewed and through CI, as it touches a lot of different files that change frequently. This PR introduces wrapper methods around default FAB methods, this time using the updated naming scheme.
The methods are not in use yet; the next PR will update method calls throughout Airflow to use the new methods instead of the default FAB methods.