aporwal17 opened a new issue, #41684: URL: https://github.com/apache/airflow/issues/41684
### Apache Airflow Provider(s) fab ### Versions of Apache Airflow Providers ```apache-airflow-providers-celery==3.7.3 apache-airflow-providers-common-compat==1.1.0 apache-airflow-providers-common-io==1.4.0 apache-airflow-providers-common-sql==1.15.0 apache-airflow-providers-fab==1.2.2 apache-airflow-providers-ftp==3.10.1 apache-airflow-providers-http==4.12.0 apache-airflow-providers-imap==3.6.1 apache-airflow-providers-smtp==1.7.1 apache-airflow-providers-sqlite==3.8.2``` ### Apache Airflow version 2.10.0 ### Operating System PRETTY_NAME="Ubuntu 22.04.4 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.4 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/"; SUPPORT_URL="https://help.ubuntu.com/"; BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"; PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"; UBUNTU_CODENAME=jammy ### Deployment Virtualenv installation ### Deployment details _No response_ ### What happened The Airflow DAG level permission module is having an issue when we specify permission inside the individual DAG. ```Traceback (most recent call last): File "/data/airflow/bin/airflow", line 8, in <module> sys.exit(main()) File "/data/airflow/lib/python3.10/site-packages/airflow/__main__.py", line 62, in main args.func(args) File "/data/airflow/lib/python3.10/site-packages/airflow/cli/cli_config.py", line 49, in command return func(*args, **kwargs) File "/data/airflow/lib/python3.10/site-packages/airflow/utils/cli.py", line 115, in wrapper return f(*args, **kwargs) File "/data/airflow/lib/python3.10/site-packages/airflow/utils/providers_configuration_loader.py", line 55, in wrapped_function return func(*args, **kwargs) File "/data/airflow/lib/python3.10/site-packages/airflow/providers/fab/auth_manager/cli_commands/sync_perm_command.py", line 39, in sync_perm appbuilder.sm.create_dag_specific_permissions() File "/data/airflow/lib/python3.10/site-packages/airflow/providers/fab/auth_manager/security_manager/override.py", line 1076, in create_dag_specific_permissions self.sync_perm_for_dag(dag_resource_name, dag.access_control) File "/data/airflow/lib/python3.10/site-packages/airflow/providers/fab/auth_manager/security_manager/override.py", line 1119, in sync_perm_for_dag self._sync_dag_view_permissions(dag_resource_name, access_control) File "/data/airflow/lib/python3.10/site-packages/airflow/providers/fab/auth_manager/security_manager/override.py", line 1174, in _sync_dag_view_permissions raise AirflowException( airflow.exceptions.AirflowException: The access_control map for DAG 'DAG:example_dag_1' includes the following invalid permissions: {'DAGs'}; The set of valid permissions is: {'can_edit', 'can_read', 'can_delete'}``` /data/airflow/lib/python3.10/site-packages/airflow/providers/fab/auth_manager/security_manager/override.py ```invalid_action_names = action_names - self.DAG_ACTIONS if invalid_action_names: raise AirflowException( f"The access_control map for DAG '{dag_resource_name}' includes " f"the following invalid permissions: {invalid_action_names}; " f"The set of valid permissions is: {self.DAG_ACTIONS}" ) ``` it is returning invalid_action_names all the time because of unexpected json. `{'DAGs': {'can_edit', 'can_read', 'can_delete'}}` it should have only `{'can_edit', 'can_read', 'can_delete'}` ### What you think should happen instead ``` if isinstance(perms, (set, list)): # Support for old-style access_control where only the actions are specified updated_access_control[role][permissions.RESOURCE_DAG] = set(perms) else: updated_access_control[role] = perms ``` This code is having issue. ### How to reproduce 1. Just installed 2.10.0 version. 2. Create one empty role named - readonly 3. Create one DAG with below access control ``` from airflow import DAG from airflow.operators.dummy_operator import DummyOperator from datetime import datetime default_args = { 'owner': 'airflow', 'start_date': datetime(2024, 8, 1), } dag = DAG( 'example_dag_1', default_args=default_args, schedule_interval='@daily', access_control={ 'readonly': {'can_read', 'can_edit', 'can_delete'} }, ) t1 = DummyOperator( task_id='dummy_task', dag=dag ) ``` ### Anything else _No response_ ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
