Missing Show/Edit/Delete under Security -> Users in 2.1.0 #16202
Assignees
Labels
affected_version:2.1
Issues Reported for 2.1
area:webserver
Webserver related Issues
kind:bug
This is a clearly a bug
priority:high
High priority bug that should be patched quickly but does not require immediate new release
Milestone
Comments
|
@zachliu Could you provide more details on how you're running Airflow? I see others have this issue, but I haven't been able to replicate it yet. |
bbovenzi
added
area:UI
|
@bbovenzi For production, we have Airflow running as three ECS services: webserver, scheduler, worker. |
|
@bbovenzi I am having this exact issue as well. We are running in a in house kubernetes cluster. Let me know if you need other info other than this. dockerhub image tag: tried both 2.1.0 and 2.1.0-python3.8 |
|
I wonder if this is caused by something about the permissions refactor and lacking the permission for non DbUser models. One for you @jhtimmins I think. |
|
I'm having the same issue with UserLDAPModelView (LDAP auth) the Admin role has permission for editing |
|
Same issue here. It only happens when using Google Oauth. If the user is created manually using the UI this problem doesn't happen. Browsers: Chrome and Firefox |
|
Having the same issue - if a new database is created for v2.1 permissions are fine however after upgrade from 1.10.15 there are missing |
|
Thanks for reporting y'all, I'll take a look |
|
Same issue. Airflow on AKS with AD (LDAP) integration. Buttons are disappeared in 2.1.0. |
|
I just raised the exact same issue, I'll delete my issue but I'll leave the details here: Apache Airflow version: 2.1. Environment: Ubuntu 20.04
What happened: After performing the upgrade from 2.0.2 to 2.10 using the guide available in the documentation, Airflow upgraded successfully, a few things that aren't working as expected are Dag Dependency page and Admin List users function. What you expected to happen: Expected the Admin page to allow me to edit and add new users How to reproduce it: Its reproduced by opening these pages every time. After the upgrade I lost the UI button for creating and editing users.
How often does this problem occur? Once? Every time etc? Any relevant logs to include? Put them here in side a detail tag: Upgrade Check Log/home/ubuntu/env_airflow/lib/python3.8/site-packages/airflow/configuration.py:34 |
|
Also reported over at FAB: dpgaspar/Flask-AppBuilder#1667 |
kaxil
added
the
priority:high
|
@SamiRehmanNostra @zachliu @KIRY4 @pcristinel @akotuc Can you test my downgrading FAB version? You might have to either use older version of pip (20.2.4) or use |
kaxil
added a commit
to astronomer/airflow
that referenced
this issue
Jul 12, 2021
FAB 3.3 has some issues with permissions as mentioned in apache#16202 and dpgaspar/Flask-AppBuilder#1667 There is no reason we should require >= 3.3 (This was added in apache#15792) Allow more versions as discussed in apache#16630 (comment)
|
If downgrading FAB does not help, it is an Airflow Issue rather than FAB issue |
|
OK based on dpgaspar/Flask-AppBuilder#1667 (comment) it looks like an Airflow issue rather than a FAB issue -- some change broke it in 2.1.0 |
|
@jhtimmins Could this be related to your permissions renaming? (I'm not sure how much of that made it in to 2.1.0 vs main for 2.2.0) |
|
I am having the same issue, we have just upgraded from airflow v1.10.15 to airflow v2.1.2, everything has been fine except, as an admin the add/create user + button is no longer available, Below is what I have found the clean airflow v2.1.2 image creates those 6 limited to 10 for comparison I then tried airflow sync-perm |
|
Thanks for the update. I'll have a fix for this in 2.1.3 going out early next week.
…Sent from my iPhone
On Jul 25, 2021, at 8:31 PM, Pin Jin ***@***.***> wrote:
I am having the same issue, we have just upgraded from airflow v1.10.15 to airflow v2.1.2, everything has been fine except, as an admin the add/create user + button is no longer available, Below is what I have found the clean airflow v2.1.2 image creates those 6 ab_permissions whereas in our environment, we have alot of ab_permissions
id | name
----+-------------
1 | can_edit
2 | can_read
3 | can_create
4 | can_delete
5 | menu_access
6 | can_get
(6 rows)
limited to 10 for comparison
airflow=> select * from ab_permission limit 10;
id | name
----+--------------
4 | can_list
5 | can_edit
6 | can_download
7 | can_add
8 | can_delete
9 | can_show
10 | userinfoedit
11 | menu_access
12 | copyrole
14 | can_get
(10 rows)
I then tried airflow sync-perm
***@***.***:/opt/airflow$ airflow sync-perm
[2021-07-26 02:49:07,338] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists My Profile.userinfoedit Admin
[2021-07-26 02:49:07,844] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists View Menus.can_create Admin
[2021-07-26 02:49:07,850] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists View Menus.can_edit Admin
[2021-07-26 02:49:07,927] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists View Menus.can_delete Admin
[2021-07-26 02:49:08,939] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_elasticsearch Admin
[2021-07-26 02:49:09,026] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_pickle_info Admin
[2021-07-26 02:49:09,032] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_task Admin
[2021-07-26 02:49:09,038] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_refresh Admin
[2021-07-26 02:49:09,123] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_blocked Admin
[2021-07-26 02:49:09,129] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_run Admin
[2021-07-26 02:49:09,136] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_dag_stats Admin
[2021-07-26 02:49:09,142] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_dag_details Admin
[2021-07-26 02:49:09,222] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_tries Admin
[2021-07-26 02:49:09,228] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_get_logs_with_metadata Admin
[2021-07-26 02:49:09,234] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_landing_times Admin
[2021-07-26 02:49:09,240] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_trigger Admin
[2021-07-26 02:49:09,245] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_dagrun_failed Admin
[2021-07-26 02:49:09,328] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_graph Admin
[2021-07-26 02:49:09,334] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_last_dagruns Admin
[2021-07-26 02:49:09,340] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_paused Admin
[2021-07-26 02:49:09,346] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_index Admin
[2021-07-26 02:49:09,425] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_failed Admin
[2021-07-26 02:49:09,432] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_dagrun_success Admin
[2021-07-26 02:49:09,438] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_task_instances Admin
[2021-07-26 02:49:09,443] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_tree Admin
[2021-07-26 02:49:09,525] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_task_stats Admin
[2021-07-26 02:49:09,531] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_gantt Admin
[2021-07-26 02:49:09,537] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_success Admin
[2021-07-26 02:49:09,543] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_xcom Admin
[2021-07-26 02:49:09,549] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_log Admin
[2021-07-26 02:49:09,628] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_delete Admin
[2021-07-26 02:49:09,635] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_extra_links Admin
[2021-07-26 02:49:09,640] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_dagrun_clear Admin
[2021-07-26 02:49:09,646] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_duration Admin
[2021-07-26 02:49:09,727] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_clear Admin
[2021-07-26 02:49:09,736] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_rendered Admin
[2021-07-26 02:49:09,744] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_code Admin
[2021-07-26 02:49:09,930] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists DAG Runs.clear Admin
/home/airflow/.local/lib/python3.6/site-packages/airflow/plugins_manager.py:239 DeprecationWarning: This decorator is deprecated.
In previous versions, all subclasses of BaseOperator must use apply_default decorator for the`default_args` feature to work properly.
In current version, it is optional. The decorator is applied automatically using the metaclass.
Updating actions and resources for all existing roles
[2021-07-26 02:49:15,437] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists My Profile.userinfoedit Admin
[2021-07-26 02:49:15,541] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists View Menus.can_create Admin
[2021-07-26 02:49:15,547] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists View Menus.can_edit Admin
[2021-07-26 02:49:15,552] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists View Menus.can_delete Admin
[2021-07-26 02:49:15,655] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_elasticsearch Admin
[2021-07-26 02:49:15,727] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_pickle_info Admin
[2021-07-26 02:49:15,733] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_task Admin
[2021-07-26 02:49:15,740] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_refresh Admin
[2021-07-26 02:49:15,747] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_blocked Admin
[2021-07-26 02:49:15,755] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_run Admin
[2021-07-26 02:49:15,824] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_dag_stats Admin
[2021-07-26 02:49:15,832] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_dag_details Admin
[2021-07-26 02:49:16,137] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_tries Admin
[2021-07-26 02:49:16,144] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_get_logs_with_metadata Admin
[2021-07-26 02:49:16,150] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_landing_times Admin
[2021-07-26 02:49:16,156] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_trigger Admin
[2021-07-26 02:49:16,162] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_dagrun_failed Admin
[2021-07-26 02:49:16,168] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_graph Admin
[2021-07-26 02:49:16,174] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_last_dagruns Admin
[2021-07-26 02:49:16,180] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_paused Admin
[2021-07-26 02:49:16,186] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_index Admin
[2021-07-26 02:49:16,191] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_failed Admin
[2021-07-26 02:49:16,197] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_dagrun_success Admin
[2021-07-26 02:49:16,203] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_task_instances Admin
[2021-07-26 02:49:16,208] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_tree Admin
[2021-07-26 02:49:16,214] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_task_stats Admin
[2021-07-26 02:49:16,228] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_gantt Admin
[2021-07-26 02:49:16,233] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_success Admin
[2021-07-26 02:49:16,239] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_xcom Admin
[2021-07-26 02:49:16,244] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_log Admin
[2021-07-26 02:49:16,251] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_delete Admin
[2021-07-26 02:49:16,258] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_extra_links Admin
[2021-07-26 02:49:16,263] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_dagrun_clear Admin
[2021-07-26 02:49:16,269] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_duration Admin
[2021-07-26 02:49:16,274] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_clear Admin
[2021-07-26 02:49:16,285] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_rendered Admin
[2021-07-26 02:49:16,291] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists Airflow.can_code Admin
[2021-07-26 02:49:16,308] {manager.py:565} WARNING - Refused to delete permission view, assoc with role exists DAG Runs.clear Admin
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
kaxil
pushed a commit
that referenced
this issue
Aug 9, 2021
Currently, on user model views except from UserDBModelView, view controls don't show up on /users/list. This fixes that issue by adding the missing views back to all user model views. Additionally, Edit User on the different Show User views all redirect to the logged in user's profile views. This fixes that issue by removing the Edit User view from Show User. closes: #16202
jhtimmins
added a commit
that referenced
this issue
Aug 9, 2021
Currently, on user model views except from UserDBModelView, view controls don't show up on /users/list. This fixes that issue by adding the missing views back to all user model views. Additionally, Edit User on the different Show User views all redirect to the logged in user's profile views. This fixes that issue by removing the Edit User view from Show User. closes: #16202 (cherry picked from commit c1e2af4)
jhtimmins
added a commit
that referenced
this issue
Aug 13, 2021
Currently, on user model views except from UserDBModelView, view controls don't show up on /users/list. This fixes that issue by adding the missing views back to all user model views. Additionally, Edit User on the different Show User views all redirect to the logged in user's profile views. This fixes that issue by removing the Edit User view from Show User. closes: #16202 (cherry picked from commit c1e2af4)
kaxil
pushed a commit
that referenced
this issue
Aug 17, 2021
Currently, on user model views except from UserDBModelView, view controls don't show up on /users/list. This fixes that issue by adding the missing views back to all user model views. Additionally, Edit User on the different Show User views all redirect to the logged in user's profile views. This fixes that issue by removing the Edit User view from Show User. closes: #16202 (cherry picked from commit c1e2af4)
jhtimmins
added a commit
that referenced
this issue
Aug 17, 2021
Currently, on user model views except from UserDBModelView, view controls don't show up on /users/list. This fixes that issue by adding the missing views back to all user model views. Additionally, Edit User on the different Show User views all redirect to the logged in user's profile views. This fixes that issue by removing the Edit User view from Show User. closes: #16202 (cherry picked from commit c1e2af4)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Apache Airflow version: 2.1.0
Browsers: Chrome and Firefox
What happened:
Before upgrading to 2.1.0
After upgrading to 2.1.0
What you expected to happen:
Show/Edit/Delete under Security -> Users are available
How to reproduce it:
Go to Security -> Users (as an admin of course)
The text was updated successfully, but these errors were encountered: