Uploaded image for project: 'Apache Airflow'
  1. Apache Airflow
  2. AIRFLOW-4888

Add migration system for adding RBAC permissions to existing roles

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.0.0
    • Fix Version/s: None
    • Component/s: core
    • Labels:

      Description

      In our clusters we don't allow any users to be Admin, so we use the Op, User and Viewer roles. It turns out that these roles are missing the can_dagrun_success and can_dagrun_failure permissions.

      Fixing this for new installs is easy, but due to AIRFLOW-3271 (https://github.com/apache/airflow/pull/4118) we won't alter the roles if they already exist, so having some mechanism for adding permissions to roles via migrations might be useful.

      As a palyground I started working on https://gist.github.com/ashb/f43741740fb0eae59948d52634cda575 - I'm not sure if this is too complex or not. (It's also not a complete solution yet)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ash Ash Berlin-Taylor
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: