Create a jira for the viewer bug( https://issues.apache.org/jira/browse/AIRFLOW-3745).
On Mon, Jan 21, 2019 at 9:12 AM Deng Xiaodong <xd.den...@gmail.com> wrote: > Hi Kaxil, > > > After double-checking, I believe the Viewer access/permission issue is not > a bug actually. Seems it's because the DAG-level access control feature > is cherry-picked into 1.10.2rc3. > > > But my understanding is this feature is still under development? @feng-tao > kindly advise. > > > On the other hand, if we really plan to include DAG-level access control > feature in 1.10.2, we should make sure the doc is consistent (for example, > PR https://github.com/apache/airflow/pull/4426 should be included). > > > > XD > > On Mon, Jan 21, 2019 at 15:23 Naik Kaxil <k.n...@reply.com> wrote: > >> Hi XD, >> >> I could not replicate that in non-rbac UI but could replicate it on RBAC >> one. >> >> Please check this screenshot https://imgur.com/a/TgiQItO for non-RBAC >> (Flask-Admin UI) >> >> All the below issues don't seem to be a blocker for this release, however >> I am open to views from all. >> >> (1) Errors not shown on RBAC UI >> (2) Viewer role issue on RBAC UI >> (3) K8s executor one is also just a matter of having short names for >> dag_id & task_id. >> >> Regards, >> Kaxil >> >> On 21/01/2019, 09:19, "Naik Kaxil" <k.n...@reply.com> wrote: >> >> Hi XD, >> >> I will test this and let you know. >> >> One more bug cropped up >> https://issues.apache.org/jira/browse/AIRFLOW-3737 . @fokko or someone >> with more K8s experience can have a look at it, please? >> >> Regards, >> Kaxil >> >> On 21/01/2019, 09:05, "Deng Xiaodong" <xd.den...@gmail.com> wrote: >> >> Hi Kaxil, >> >> I found another potential bug which is applicable for both RBAC >> and >> non-RBAC UI: >> >> Let’s say we’re trying to import a module which doesn’t exist at >> all, or >> have any syntax error in the DAG, the DAG will not be parsed. In >> addition, >> In earlier version, there will be a warning message appearing at >> the header >> part of the UI, describing what exact error there is. >> >> But this seems not working in 1.10.2rc3. I have tested with both >> UI. >> >> Please help confirm if you can reproduce this issue. >> >> Thanks. >> >> XD >> >> On Mon, Jan 21, 2019 at 13:29 Kaxil Naik <kaxiln...@gmail.com> >> wrote: >> >> > Hi Feng Tao, >> > >> > As mentioned in my previous email to XD, as this is not a >> BLOCKER and the >> > fix exist as mentioned by Seelman, can you change your *vote >> back to +1 *. >> > And we can fix that in the upcoming release with other fixes >> which should >> > be quick and aim to release that in a month as well? >> > >> > RBAC is still not the default UI in this release, we have got >> all the >> > features in, and using the fix @seelman mentioned, people can >> already start >> > using it without any BIG issues. >> > >> > Regards, >> > Kaxil >> > >> > On Mon, Jan 21, 2019, 07:55 Tao Feng <fengta...@gmail.com >> wrote: >> > >> >> Thanks XD and Stefan. I see the issue now. I agree that this >> should be a >> >> bug which should be fixed. Please remove my +1 vote for >> release if >> >> possible. >> >> >> >> On Sun, Jan 20, 2019 at 11:12 PM Deng Xiaodong < >> xd.den...@gmail.com> >> >> wrote: >> >> >> >> > Hi Feng Tao, >> >> > >> >> > I tried again by deleting the DB and initdb again, the issue >> is still >> >> > there. >> >> > >> >> > Please note the issue is not “see all the roles”. The issue >> is after >> >> > logging in as a Viewer role, I can’t access the pages >> including Tree >> >> View, >> >> > Graph View, Task Duration, Gantt, Code View, etc. >> >> > >> >> > >> >> > XD >> >> > >> >> > On Mon, Jan 21, 2019 at 12:03 Tao Feng <fengta...@gmail.com> >> wrote: >> >> > >> >> > > Hi Xiaodong, >> >> > > >> >> > > I just tried with a viewer role which can't reproduce your >> issue. I >> >> could >> >> > > see all the roles without any issues. Have you reset your >> db with this >> >> > rc? >> >> > > >> >> > > On Sun, Jan 20, 2019 at 9:50 PM Deng Xiaodong < >> xd.den...@gmail.com> >> >> > wrote: >> >> > > >> >> > > > Hi Kaxil, >> >> > > > >> >> > > > A potential bug found in 1.10.2rc3. >> >> > > > >> >> > > > >> >> > > > # Potential Bug: >> >> > > > >> >> > > > Viewer Role can't access pages to which it has >> permissions >> >> > > > >> >> > > > # How to Reproduce: >> >> > > > >> >> > > > - Under RBAC UI, create a user with "Viewer" role. Then >> use this >> >> > > > account to log in. >> >> > > > - You will be able to access the main page. However, you >> will not be >> >> > > > able to access any page of a specific DAG, including >> Tree, Graph >> >> View, >> >> > > > Gantt, Code View, Landing Time, etc. Literally all the >> pages of a >> >> > > > specific DAG. However, in the Role specs, View role has >> permissions >> >> to >> >> > > > all these pages. >> >> > > > >> >> > > > - After clicking, users are redirected to the main page >> directly, >> >> > > > without any explicit warning/error message like "Access >> Denied". >> >> > > > >> >> > > > # Remarks: >> >> > > > >> >> > > > - I have compared the default permissions which are >> granted to >> >> Viewer >> >> > > > role between 1.10.0 and 1.10.2rc3. They are all the same. >> >> > > > - In 1.10.0, Viewer role can access all these pages >> without any >> >> issue. >> >> > > > - Seems this issue only exists for Viewer role. >> >> > > > >> >> > > > >> >> > > > Please let me know if you can reproduce this issue. >> >> > > > >> >> > > > Please consider this as my -1 (non-binding) as well. >> >> > > > >> >> > > > Thanks! >> >> > > > >> >> > > > >> >> > > > XD >> >> > > > >> >> > > > >> >> > > > On Sat, Jan 19, 2019 at 22:06 Kaxil Naik < >> kaxiln...@gmail.com> >> >> wrote: >> >> > > > >> >> > > > > Hey all, >> >> > > > > >> >> > > > > I have cut Airflow 1.10.2 RC3. This email is calling a >> vote on the >> >> > > > release, >> >> > > > > which will last for 72 hours. Consider this my >> (binding) +1. >> >> > > > > >> >> > > > > Airflow 1.10.2 RC3 is available at: >> >> > > > > >> https://dist.apache.org/repos/dist/dev/airflow/1.10.2rc3/ >> >> > > > > >> >> > > > > *apache-airflow-1.10.2rc3-source.tar.gz* is a source >> release that >> >> > comes >> >> > > > > with INSTALL instructions. >> >> > > > > *apache-airflow-1.10.2rc3-bin.tar.gz* is the binary >> Python "sdist" >> >> > > > release. >> >> > > > > >> >> > > > > Public keys are available at: >> >> > > > > >> https://dist.apache.org/repos/dist/release/airflow/KEYS >> >> > > > > >> >> > > > > Only votes from PMC members are binding, but members >> of the >> >> community >> >> > > are >> >> > > > > encouraged to test the release and vote with >> "(non-binding)". >> >> > > > > >> >> > > > > Please note that the version number excludes the `rcX` >> string, so >> >> > it's >> >> > > > now >> >> > > > > simply 1.10.2. This will allow us to rename the >> artifact without >> >> > > > modifying >> >> > > > > the artifact checksums when we actually release. >> >> > > > > >> >> > > > > Changes since 1.10.2rc2: >> >> > > > > *Bugs*: >> >> > > > > [AIRFLOW-3732] Fix issue when trying to edit >> connection in RBAC UI >> >> > > > > [AIRFLOW-2866] Fix missing CSRF token head when using >> RBAC UI >> >> (#3804) >> >> > > > > [AIRFLOW-3259] Fix internal server error when >> displaying charts >> >> > (#4114) >> >> > > > > [AIRFLOW-3271] Fix issue with persistence of RBAC >> Permissions >> >> > modified >> >> > > > via >> >> > > > > UI (#4118) >> >> > > > > [AIRFLOW-3141] Handle duration View for missing dag >> (#3984) >> >> > > > > [AIRFLOW-2766] Respect shared datetime across tabs >> >> > > > > [AIRFLOW-1413] Fix FTPSensor failing on error message >> with >> >> unexpected >> >> > > > > (#2450) >> >> > > > > [AIRFLOW-3378] KubernetesPodOperator does not delete >> on timeout >> >> > failure >> >> > > > > (#4218) >> >> > > > > [AIRFLOW-3245] Fix list processing in >> resolve_template_files >> >> (#4086) >> >> > > > > [AIRFLOW-2703] Catch transient DB exceptions from >> scheduler's >> >> > heartbeat >> >> > > > it >> >> > > > > does not crash (#3650) >> >> > > > > [AIRFLOW-1298] Clear UPSTREAM_FAILED using the clean >> cli (#3886) >> >> > > > > >> >> > > > > *Improvements*: >> >> > > > > [AIRFLOW-3302] Small CSS fixes (#4140) >> >> > > > > [Airflow-2766] Respect shared datetime across tabs >> >> > > > > [AIRFLOW-2776] Compress tree view JSON >> >> > > > > [AIRFLOW-2407] Use feature detection for reload() >> (#3298) >> >> > > > > [AIRFLOW-3452] Removed an unused/dangerous >> display-none (#4295) >> >> > > > > [AIRFLOW-3348] Update run statistics on dag refresh >> (#4197) >> >> > > > > [AIRFLOW-3125] Monitor Task Instances creation rates >> (#3966) >> >> > > > > >> >> > > > > >> >> > > > > *New features*: >> >> > > > > [AIRFLOW-2874] Enables FAB's theme support (#3719) >> >> > > > > [AIRFLOW-3336] Add new TriggerRule for 0 upstream >> failures (#4182) >> >> > > > > >> >> > > > > *Doc-only Change*: >> >> > > > > [AIRFLOW-XXX] Fix BashOperator Docstring (#4052) >> >> > > > > [AIRFLOW-3018] Fix Minor issues in Documentation >> >> > > > > [AIRFLOW-XXX] Fix Minor issues with Azure Cosmos >> Operator (#4289) >> >> > > > > [AIRFLOW-3382] Fix incorrect docstring in >> DatastoreHook (#4222) >> >> > > > > [AIRFLOW-XXX] Fix copy&paste mistake (#4212) >> >> > > > > [AIRFLOW-3260] Correct misleading BigQuery error >> (#4098) >> >> > > > > [AIRFLOW-XXX] Fix Typo in SFTPOperator docstring >> (#4016) >> >> > > > > [AIRFLOW-XXX] Fixing the issue in Documentation (#3998) >> >> > > > > [AIRFLOW-XXX] Fix undocumented params in S3_hook >> >> > > > > [AIRFLOW-XXX] Fix SlackWebhookOperator execute method >> comment >> >> (#3963) >> >> > > > > [AIRFLOW-3070] Refine web UI authentication-related >> docs (#3863) >> >> > > > > >> >> > > > > Regards, >> >> > > > > *Kaxil Naik* >> >> > > > > >> >> > > > >> >> > > >> >> > >> >> >> > >> >> >> >> >> Kaxil Naik >> >> Data Reply >> Nova South >> 160 Victoria Street, Westminster >> London SW1E 5LB - UK >> phone: +44 (0)20 7730 6000 >> k.n...@reply.com >> www.reply.com >> >> >> >> >> Kaxil Naik >> >> Data Reply >> Nova South >> 160 Victoria Street, Westminster >> London SW1E 5LB - UK >> phone: +44 (0)20 7730 6000 >> k.n...@reply.com >> www.reply.com >> >
