Fix: Clean up FAB permissions when deleting DAGs #54528
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HsiuChuanHsu
requested review from
ephraimbuddy,
jason810496,
pierrejeambrun and
rawwar
as code owners
HsiuChuanHsu
force-pushed
the
bug/remove-deleted-dag-correctly
branch
from
4da40eb to
cda491d
Compare
Member
|
Can you please add some unit tests? |
HsiuChuanHsu
force-pushed
the
bug/remove-deleted-dag-correctly
branch
from
cda491d to
ccbc790
Compare
Contributor
Author
|
@potiuk, tests are added! |
HsiuChuanHsu
force-pushed
the
bug/remove-deleted-dag-correctly
branch
from
ccbc790 to
a533d68
Compare
Member
pierrejeambrun
left a comment
pierrejeambrun
left a comment
There was a problem hiding this comment.
Looking good, just a suggestion because I don't think this code should live in core.
cc: @vincbeck
HsiuChuanHsu
force-pushed
the
bug/remove-deleted-dag-correctly
branch
from
a533d68 to
51bbff5
Compare
HsiuChuanHsu
force-pushed
the
bug/remove-deleted-dag-correctly
branch
from
51bbff5 to
2e6c791
Compare
vincbeck
reviewed
Aug 25, 2025
Contributor
vincbeck
left a comment
vincbeck
left a comment
There was a problem hiding this comment.
I am not against this change but here are some thoughts:
- Do we really want that? Example: As an admin, I give read permissions for the Dag
secretto X users. This Dag gets deleted and re-created, all permissions will be lost and I (the admin) needs to assign again permissions to my users. - Since this is very auth manager specific, and actually very Fab Auth manager specific. Should we not, instead, provide a CLI like
airflow fab-auth-manager permissions-cleanupwhich would delete all orphaned permissions. That way we do not need to wire the mechanism in Airflow with something likeif hasattr(...), and it would be up to the admin to run this command when they think it is needed
Contributor
Author
|
Thanks for the feedbak! I like the idea of using CLI command for it. 💪 @potiuk What are your thoughts on this? Any downsides I'm not seeing? |
Member
The asseesment of @vincbeck and @pierrejeambrun are more than enough :) . I like it's off-loaded to Fab Auth Manager, this is FAB specific and having separate cleanup command looks like a good idea. |
uranusjr
reviewed
Aug 27, 2025
uranusjr
reviewed
Aug 27, 2025
Contributor
Author
Thanks for the feedback! Working on it. |
HsiuChuanHsu
force-pushed
the
bug/remove-deleted-dag-correctly
branch
4 times, most recently
from
f94a416 to
e939a76
Compare
vincbeck
reviewed
Sep 2, 2025
Contributor
vincbeck
left a comment
vincbeck
left a comment
There was a problem hiding this comment.
Few comments but overall I really like it better that way! Thanks for the changes!
providers/fab/src/airflow/providers/fab/auth_manager/dag_permissions.py
Outdated
Show resolved
Hide resolved
providers/fab/src/airflow/providers/fab/auth_manager/dag_permissions.py
Outdated
Show resolved
Hide resolved
Member
pierrejeambrun
left a comment
pierrejeambrun
left a comment
There was a problem hiding this comment.
Looks good overall, a few suggestions.
providers/fab/src/airflow/providers/fab/auth_manager/cli_commands/permissions_command.py
Outdated
Show resolved
Hide resolved
providers/fab/src/airflow/providers/fab/auth_manager/cli_commands/permissions_command.py
Outdated
Show resolved
Hide resolved
providers/fab/src/airflow/providers/fab/auth_manager/cli_commands/permissions_command.py
Outdated
Show resolved
Hide resolved
providers/fab/tests/unit/fab/auth_manager/cli_commands/test_permissions_command.py
Show resolved
Hide resolved
providers/fab/tests/unit/fab/auth_manager/test_dag_permissions.py
Outdated
Show resolved
Hide resolved
Contributor
Author
|
Still working on the testing part, turned the PR into a draft. |
HsiuChuanHsu
force-pushed
the
bug/remove-deleted-dag-correctly
branch
from
e939a76 to
0159fd3
Compare
This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations
- Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability
…al database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
HsiuChuanHsu
force-pushed
the
bug/remove-deleted-dag-correctly
branch
from
ae03312 to
44bd723
Compare
Contributor
Author
|
Thanks for all the suggestion! This PR is ready for another review. |
Contributor
Author
|
Thanks for the review! 🤩 |
mangal-vairalkar
pushed a commit
to mangal-vairalkar/airflow
that referenced
this pull request
Sep 7, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
RoyLee1224
pushed a commit
to RoyLee1224/airflow
that referenced
this pull request
Sep 8, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
78 tasks
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Sep 30, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 1, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 2, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 3, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 4, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 5, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 5, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 7, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 8, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 9, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 10, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 11, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 12, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 14, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 15, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 17, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 19, 2025
* Fix: Clean up FAB permissions when deleting DAGs (apache#50905) This commit adds cleanup logic to the delete_dag function to: - Remove DAG-specific resources from ab_view_menu table - Clean up associated permissions and role associations * test: Add comprehensive tests for DAG permission cleanup Test Coverage: - Non-FAB auth manager scenarios (graceful skip) - FAB provider unavailable scenarios (import error handling) - Full cleanup process with mocked FAB models - Integration with delete_dag function - Edge cases (non-existent DAGs) * fix: clean up DAG permissions when deleting DAGs - : Simplified core logic using auth manager delegation - : Added cleanup_dag_permissions method - : New specialized module for FAB permission cleanup - Enhanced test coverage for multiple auth manager scenarios * feat(fab-auth-manager): replace automatic DAG permission cleanup with CLI command Replace automatic cleanup of DAG permissions during DAG deletion with a new CLI command approach as requested in code review. This gives operators explicit control over when and how DAG permissions are cleaned up. * feat(fab): Update DAG permissions cleanup to SQLAlchemy 2.0 and improve tests - Replace deprecated session.query() with session.scalars(select()) and session.execute(delete()) - Update permissions_command.py to use SQLAlchemy 2.0 syntax for better future compatibility - Rewrite test_permissions_command.py to use integration tests instead of fragile mocks * feat(fab): add missing test_dag_permissions.py Add unit tests for dag_permissions module to satisfy project structure requirements * refactor(fab): Consolidate DAG permissions code and modernize patterns - Replace hardcoded resource strings with constants in permissions_command.py - Use RESOURCE_DAG_PREFIX and RESOURCE_DETAILS_MAP for DAG Run - Remove deprecated Task Instance resource handling - Change to session handling with @provide_session decorator - Replace manual boolean parsing with airflow.utils.strings.to_boolean - Consolidate dag_permissions.py functionality into permissions_command.py - Consolidate test files for better maintainability * test: enhance FAB permissions tests with function verification and real database operations 1. Function call verification (TestPermissionsCommand) - Replace stdout-only testing with precise function call verification - Add mock assertions for cleanup_dag_permissions with exact parameters 2. Real database operations (TestDagPermissions): - Replace mock-heavy approach with actual database interactions - Use real Resource, Action, and Permission entities with constraint handling
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
When a DAG is deleted, the corresponding Flask-AppBuilder (FAB) permissions remain in the database tables (
ab_view_menu,ab_permission_view,ab_permission_view_role). This causesHow this happend?
The
delete_dag()function indelete_dag.pysuccessfully removes DAG-related records from core Airflow tables but does not clean up the Flask-AppBuilder permission system.Solution
FAB Provider
dag_permissions.py: New module that handles FAB permission cleanup ( code referenced fromairflow/devel-common/src/tests_common/test_utils/db.py
Lines 358 to 393 in e00777a
fab_auth_manager.py: Addedcleanup_dag_permissions()methodTests: New tests for the permission cleanup logicCore Airflow (delete_dag.py)
auth_manager.cleanup_dag_permissions()Replace automatic DAG permission cleanup with CLI command
Changes:
delete_dag()functionairflow fab-auth-manager permissions-cleanupCLI commandCLI command supports
--dag-idoption--dry-runflag--yesflag--verboseflagExamples:
airflow fab-auth-manager permissions-cleanupairflow fab-auth-manager permissions-cleanup --dry-runairflow fab-auth-manager permissions-cleanup --dag-id my_dagairflow fab-auth-manager permissions-cleanup --yescloses: #50905
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named
{pr_number}.significant.rstor{issue_number}.significant.rst, in airflow-core/newsfragments.