[GitHub] [airflow] Acehaidrey commented on a change in pull request #18916: Add role export/import to cli tools

[GitBox]

Acehaidrey commented on a change in pull request #18916:
URL: https://github.com/apache/airflow/pull/18916#discussion_r733285912



##########
File path: airflow/cli/commands/role_command.py
##########
@@ -42,3 +44,43 @@ def roles_create(args):
     for role_name in args.role:
         appbuilder.sm.add_role(role_name)
     print(f"Added {len(args.role)} role(s)")
+
+
+@suppress_logs_and_warning
+def roles_export(args):
+    """
+    Exports all the rules from the data base to a file.
+    """
+    from airflow.www.security import EXISTING_ROLES
+    appbuilder = cached_app().appbuilder
+    roles = appbuilder.sm.get_all_roles()
+    exporting_roles = [role.name for role in roles if role.name not in 
EXISTING_ROLES]
+    with open(os.path.expanduser(args.export), 'w') as file:
+        file.write(json.dumps(exporting_roles, sort_keys=True, indent=4))
+        print(f"{len(exporting_roles)} roles successfully exported to 
{file.name}")
+
+
+@cli_utils.action_logging
+@suppress_logs_and_warning
+def roles_import(args):
+    """
+    Import all the roles into the db from the given json file.
+    """
+    json_file = getattr(args, 'import')
+    if not os.path.exists(json_file):
+        print(f"File '{json_file}' does not exist")
+        exit(1)
+
+    role_list = None
+    try:
+        with open(json_file, 'r') as file:
+            role_list = json.loads(file.read())
+    except ValueError as e:
+        print(f"File '{json_file}' is not a valid JSON file. Error: {e}")
+        exit(1)
+    appbuilder = cached_app().appbuilder
+    existing_roles = [role.name for role in appbuilder.sm.get_all_roles()]
+    roles_to_import = [role for role in role_list if role not in 
existing_roles]
+    for role_name in roles_to_import:
+        appbuilder.sm.add_role(role_name)

Review comment:
       Hey Tzu-ping, yes I think that would be a great addition.
   To be honest, the reason is that we are on an older version of airflow (1.9 
internally) and don't have some of the additional functionality built here now 
(there was some general performance issues on our end). I actually would like 
to make it also export the permissions, but need some time to explore this 
outside of this pr. 
   I see now there is `get_db_role_permissions` and think this may help in this 
regard.
   
   Thanks for calling that out btw




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org