Unathorized (no logged in user) access doesn't work #8815
Description
Apache Airflow version: 1.10.10
Kubernetes version (if you are using kubernetes) (use kubectl version):
Environment:
- Cloud provider or hardware configuration:
- OS (e.g. from /etc/os-release): Debian GNU/Linux 10 (buster)
- Kernel (e.g.
uname -a): Linux 5ab0eeff230a 5.4.0-7626-generic example_dags/cron_replacement.py #30~1588169883~20.04~bbe668a-Ubuntu SMP Wed Apr 29 21:00:02 UTC x86_64 GNU/Linux - Install tools: official Airflow docker image
- Others:
What happened:
I have configured RBAC mode and everything work fine, but I would like to configure unathorized access for users. Otherwise we authorize users via LDAP. I set
# Uncomment to setup Public role name, no authentication needed
AUTH_ROLE_PUBLIC = 'Viewer'
# Will allow user self registration
AUTH_USER_REGISTRATION = True
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Viewer"
If I login with user having role Viewer, I can see dag list and few menu items. But if I am not logged in I see just empty dag list and the same menu items. If I try to click any menu item, I got the exception below
-------------------------------------------------------------------------------
Node: 11af45a15833
-------------------------------------------------------------------------------
Traceback (most recent call last):
File "/home/airflow/.local/lib/python3.6/site-packages/flask/app.py", line 2446, in wsgi_app
response = self.full_dispatch_request()
File "/home/airflow/.local/lib/python3.6/site-packages/flask/app.py", line 1951, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/home/airflow/.local/lib/python3.6/site-packages/flask/app.py", line 1820, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/home/airflow/.local/lib/python3.6/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/home/airflow/.local/lib/python3.6/site-packages/flask/app.py", line 1949, in full_dispatch_request
rv = self.dispatch_request()
File "/home/airflow/.local/lib/python3.6/site-packages/flask/app.py", line 1935, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/home/airflow/.local/lib/python3.6/site-packages/flask_appbuilder/security/decorators.py", line 109, in wraps
return f(self, *args, **kwargs)
File "/home/airflow/.local/lib/python3.6/site-packages/flask_appbuilder/views.py", line 551, in list
widgets = self._list()
File "/home/airflow/.local/lib/python3.6/site-packages/flask_appbuilder/baseviews.py", line 1127, in _list
page_size=page_size,
File "/home/airflow/.local/lib/python3.6/site-packages/flask_appbuilder/baseviews.py", line 1026, in _get_list_widget
page_size=page_size,
File "/home/airflow/.local/lib/python3.6/site-packages/flask_appbuilder/models/sqla/interface.py", line 168, in query
query_count = self._get_base_query(query=query_count, filters=filters)
File "/home/airflow/.local/lib/python3.6/site-packages/flask_appbuilder/models/sqla/interface.py", line 85, in _get_base_query
query = filters.apply_all(query)
File "/home/airflow/.local/lib/python3.6/site-packages/flask_appbuilder/models/filters.py", line 269, in apply_all
query = flt.apply(query, value)
File "/home/airflow/.local/lib/python3.6/site-packages/airflow/www_rbac/views.py", line 2187, in apply
if appbuilder.sm.has_all_dags_access():
File "/home/airflow/.local/lib/python3.6/site-packages/airflow/www_rbac/security.py", line 320, in has_all_dags_access
self._has_role(['Admin', 'Viewer', 'Op', 'User']) or
File "/home/airflow/.local/lib/python3.6/site-packages/airflow/www_rbac/security.py", line 299, in _has_role
[r.name in role_name_or_list for r in self.get_user_roles()])
File "/home/airflow/.local/lib/python3.6/site-packages/airflow/www_rbac/security.py", line 229, in get_user_roles
public_role = appbuilder.config.get('AUTH_ROLE_PUBLIC')
AttributeError: 'NoneType' object has no attribute 'config'
What you expected to happen:
Not logged in users see the same as logged in users with the same role.
How to reproduce it:
just set
# Uncomment to setup Public role name, no authentication needed
AUTH_ROLE_PUBLIC = 'Viewer'
# Will allow user self registration
AUTH_USER_REGISTRATION = True
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Viewer"
and try to open Airflow without logging in
Anything else we need to know: