Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AwsAuthManager seems to be incompatible with Airflow 2.8 #40684

Closed
1 task done
potiuk opened this issue Jul 10, 2024 · 3 comments · Fixed by #40690
Closed
1 task done

AwsAuthManager seems to be incompatible with Airflow 2.8 #40684

potiuk opened this issue Jul 10, 2024 · 3 comments · Fixed by #40690
Labels
area:auth kind:bug This is a clearly a bug kind:meta High-level information important to the community provider:amazon-aws AWS/Amazon - related issues

Comments

@potiuk
Copy link
Member

potiuk commented Jul 10, 2024
edited
Loading

Body

As of recently the compatibility tests for Airlfow 2.8.2 started to fail for AwsAuthManager and it looks like the Auth Manager is not compatible with 2.8 BaseAuthManager.

Example failure: https://github.com/apache/airflow/actions/runs/9863515547/job/27237103252?pr=40677

It seems that in Airflow 2.8 in som cases the BaseAuthManager calls is_authorized_custom_view method with fab_action_name keyword param and AWSAuthManager expects method to be used there.

I am not sure if it qualifies to RC2 for the Amazon provider (cc: @vincbeck @eladkal).

There are two solutions how to solve it:

  • make AWSAuthManager 2.9+ only (we will have to exclude the tests for 2.8 and add some code that detects airflow version and provide meaningful error message)
  • fix AWSAuthManager to also accept fab_action_name as keyword paremetr (could be done via **kwargs for example)

The stack trace:

________________ TestAwsAuthManager.test_aws_auth_manager_index ________________

self = <tests.providers.amazon.aws.auth_manager.test_aws_auth_manager.TestAwsAuthManager object at 0x7fe8b006bee0>
mock_is_authorized = <MagicMock name='is_authorized' id='140636724843328'>
mock_get_batch_is_authorized_results = <MagicMock name='get_batch_is_authorized_results' id='140636724678816'>
mock_get_batch_is_authorized_single_result = <MagicMock name='get_batch_is_authorized_single_result' id='140636724854688'>
client_admin = <Flask 'airflow.www.app'>

    @pytest.mark.db_test
    @patch.object(AwsAuthManagerAmazonVerifiedPermissionsFacade, "get_batch_is_authorized_single_result")
    @patch.object(AwsAuthManagerAmazonVerifiedPermissionsFacade, "get_batch_is_authorized_results")
    @patch.object(AwsAuthManagerAmazonVerifiedPermissionsFacade, "is_authorized")
    def test_aws_auth_manager_index(
        self,
        mock_is_authorized,
        mock_get_batch_is_authorized_results,
        mock_get_batch_is_authorized_single_result,
        client_admin,
    ):
        """
        Load the index page using AWS auth manager. Mock all interactions with Amazon Verified Permissions.
        """
        mock_is_authorized.return_value = True
        mock_get_batch_is_authorized_results.return_value = []
        mock_get_batch_is_authorized_single_result.return_value = {"decision": "ALLOW"}
        with client_admin.test_client() as client:
>           response = client.get("/login_callback", follow_redirects=True)

tests/providers/amazon/aws/auth_manager/test_aws_auth_manager.py:801: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
/usr/local/lib/python3.8/site-packages/werkzeug/test.py:1141: in get
    return self.open(*args, **kw)
/usr/local/lib/python3.8/site-packages/flask/testing.py:238: in open
    response = super().open(
/usr/local/lib/python3.8/site-packages/werkzeug/test.py:1129: in open
    response = self.resolve_redirect(response, buffered=buffered)
/usr/local/lib/python3.8/site-packages/werkzeug/test.py:1030: in resolve_redirect
    return self.open(builder, buffered=buffered)
/usr/local/lib/python3.8/site-packages/flask/testing.py:238: in open
    response = super().open(
/usr/local/lib/python3.8/site-packages/werkzeug/test.py:1095: in open
    response = self.run_wsgi_app(request.environ, buffered=buffered)
/usr/local/lib/python3.8/site-packages/werkzeug/test.py:962: in run_wsgi_app
    rv = run_wsgi_app(self.application, environ, buffered=buffered)
/usr/local/lib/python3.8/site-packages/werkzeug/test.py:1243: in run_wsgi_app
    app_rv = app(environ, start_response)
/usr/local/lib/python3.8/site-packages/flask/app.py:2552: in __call__
    return self.wsgi_app(environ, start_response)
/usr/local/lib/python3.8/site-packages/flask/app.py:2532: in wsgi_app
    response = self.handle_exception(e)
/usr/local/lib/python3.8/site-packages/flask/app.py:2529: in wsgi_app
    response = self.full_dispatch_request()
/usr/local/lib/python3.8/site-packages/flask/app.py:1825: in full_dispatch_request
    rv = self.handle_user_exception(e)
/usr/local/lib/python3.8/site-packages/flask/app.py:1823: in full_dispatch_request
    rv = self.dispatch_request()
/usr/local/lib/python3.8/site-packages/flask/app.py:1799: in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
/usr/local/lib/python3.8/site-packages/airflow/www/auth.py:139: in decorated
    return _has_access(
/usr/local/lib/python3.8/site-packages/airflow/www/auth.py:163: in _has_access
    return func(*args, **kwargs)
/usr/local/lib/python3.8/site-packages/airflow/www/views.py:1031: in index
    return self.render_template(
/usr/local/lib/python3.8/site-packages/airflow/www/views.py:714: in render_template
    return super().render_template(
/usr/local/lib/python3.8/site-packages/flask_appbuilder/baseviews.py:342: in render_template
    return render_template(
/usr/local/lib/python3.8/site-packages/flask/templating.py:147: in render_template
    return _render(app, template, context)
/usr/local/lib/python3.8/site-packages/flask/templating.py:130: in _render
    rv = template.render(context)
/usr/local/lib/python3.8/site-packages/jinja2/environment.py:1301: in render
    self.environment.handle_exception()
/usr/local/lib/python3.8/site-packages/jinja2/environment.py:936: in handle_exception
    raise rewrite_traceback_stack(source=source)
/usr/local/lib/python3.8/site-packages/airflow/www/templates/airflow/dags.html:44: in top-level template code
    {% elif curr_ordering_direction == 'asc' and request.args.get('sorting_key') == attribute_name %}
/usr/local/lib/python3.8/site-packages/airflow/www/templates/airflow/main.html:21: in top-level template code
    {% from 'airflow/_messages.html' import show_message %}
/usr/local/lib/python3.8/site-packages/flask_appbuilder/templates/appbuilder/baselayout.html:2: in top-level template code
    {% import 'appbuilder/baselib.html' as baselib %}
/usr/local/lib/python3.8/site-packages/flask_appbuilder/templates/appbuilder/init.html:42: in top-level template code
    {% block body %}
/usr/local/lib/python3.8/site-packages/flask_appbuilder/templates/appbuilder/baselayout.html:8: in block 'body'
    {% block navbar %}
/usr/local/lib/python3.8/site-packages/flask_appbuilder/templates/appbuilder/baselayout.html:10: in block 'navbar'
    {% include 'appbuilder/navbar.html' %}
/usr/local/lib/python3.8/site-packages/airflow/www/templates/appbuilder/navbar.html:50: in top-level template code
    {% include 'appbuilder/navbar_menu.html' %}
/usr/local/lib/python3.8/site-packages/airflow/www/templates/appbuilder/navbar_menu.html:25: in top-level template code
    {% if item1 | is_menu_visible %}
/usr/local/lib/python3.8/site-packages/flask_appbuilder/filters.py:134: in is_menu_visible
    return self.security_manager.has_access("menu_access", item.name)
/usr/local/lib/python3.8/site-packages/airflow/www/security_manager.py:138: in has_access
    return is_authorized_method(action_name, resource_pk, user)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

action = 'menu_access', resource_pk = None
user = <airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser object at 0x7fe88a0f3fa0>

>   return lambda action, resource_pk, user: get_auth_manager().is_authorized_custom_view(
        fab_action_name=action,
        fab_resource_name=fab_resource_name,
        user=user,
    )
E   TypeError: is_authorized_custom_view() got an unexpected keyword argument 'fab_action_name'

/usr/local/lib/python3.8/site-packages/airflow/www/security_manager.py:335: TypeError
------ generated xml file: /files/test_result-providers_amazon-sqlite.xml ------

Committer

  • I acknowledge that I am a maintainer/committer of the Apache Airflow project.
@potiuk potiuk added the kind:meta High-level information important to the community label Jul 10, 2024
@potiuk potiuk mentioned this issue Jul 10, 2024
Closed
52 tasks
@dosubot dosubot bot added area:auth kind:bug This is a clearly a bug provider:amazon-aws AWS/Amazon - related issues labels Jul 10, 2024
@potiuk potiuk mentioned this issue Jul 10, 2024
Merged
@vincbeck
Copy link
Contributor

Looking into it

@vincbeck
Copy link
Contributor

make AWSAuthManager 2.9+ only (we will have to exclude the tests for 2.8 and add some code that detects airflow version and provide meaningful error message)

I think this is the easiest because the other solution implies modifying the signature of is_authorized_custom_view which will then no longer match the specification of BaseAuthManager. We would need to add **kwargs at the end of parameters but also make method optional

@vincbeck vincbeck mentioned this issue Jul 10, 2024
Merged
@vincbeck
Copy link
Contributor

#40690

@eladkal eladkal mentioned this issue Jul 12, 2024
Closed
27 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:auth kind:bug This is a clearly a bug kind:meta High-level information important to the community provider:amazon-aws AWS/Amazon - related issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make AwsAuthManager compatible with only Airflow >= 2.9 aws-mwaa/upstream-to-airflow
2 participants
@potiuk @vincbeck