-
Notifications
You must be signed in to change notification settings - Fork 14.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix issues related to access_control={} #34114
Fix issues related to access_control={} #34114
Conversation
bdf12aa
to
4ec62d1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
cc @ephraimbuddy - this fixes bugs present in 2.7.1rc2. I think that we should either remove the flawed changes from #33632 or add this fix into the release. Thoughts? |
Apart from not working as intended, does #33632 cause a regression? |
I think it partially fixes problems present in 2.6.2+ and the cases mentioned by @SamWheating are just specific cases where permission sync would give wrong output. I do not think it requires cancellation of vote - it could be released in 2.7.2 IMHO (but I think we should release 2.7.2 pretty fix. |
No regressions, it just doesn't behave as the documentation describes, which could be misleading. I'm also fine with just leaving the fix until 2.7.2. |
* allow empty access control on dags * Add test which demonstrates loss of information during ser/de * Keep empty value when serializing access_control dict (cherry picked from commit a61b5e8)
Follow-up to #33632, which only tested the relevant code in isolation (my bad)
While verifying this behaviour in order to test the new release, I noticed a few things -
sync_perm --include-dags
CLI command was ignoring DAGs with empty (but not None)access_control
None
during DAG initialization.access_control={}
withaccess_control=None
, which appears to be intentional behaviour originating from this function:airflow/airflow/serialization/serialized_objects.py
Lines 610 to 630 in 30ddfc5
With this in mind, is there a preferred way to explicitly enable the serialization/deserialization of empty dicts in the
_access_control
field? For now I've just overridden the method in the SerializedDAG class, but this feels a bit messy.Also added a test to replicate this issue.