Skip to content

Fix FAB role deletion foreign key constraint violation#66686

Merged
vincbeck merged 1 commit into
apache:mainfrom
kimjune01:fix/fab-role-deletion-fk-65375
May 11, 2026
Merged

Fix FAB role deletion foreign key constraint violation#66686
vincbeck merged 1 commit into
apache:mainfrom
kimjune01:fix/fab-role-deletion-fk-65375

Conversation

@kimjune01
Copy link
Copy Markdown

@kimjune01 kimjune01 commented May 11, 2026

Summary

When deleting a FAB role via appbuilder.sm.delete_role(), the deletion fails with a foreign key constraint violation if the role has associated permissions or view menus. The delete operation attempts to remove the role record while the association table rows (ab_permission_view_role) still reference it.

This PR adds explicit cleanup of the many-to-many associations before deleting the role record itself. The fix mirrors the pattern already used in delete_user() within the same codebase.

Fixes #65375.

Test plan

  • New unit test test_security_manager_delete_role_cleans_up_associations verifies that a role with permissions can be deleted without FK constraint errors
  • Existing security manager tests still pass
  • Manual verification: created a role with permissions, called delete_role(), confirmed clean deletion without errors
Was generative AI tooling used to co-author this PR?
  • Yes — Claude Opus 4.7 (1M context)

Generated-by: Claude Opus 4.7 (1M context) following the guidelines

@kimjune01
fix(fab): clean up FK associations before deleting role (apache#65375)
be3e301 
The delete_role method used a raw DELETE on ab_role which fails with
IntegrityError on databases whose FK constraints lack CASCADE (common
in environments migrated from older Airflow versions).

Delete association rows from ab_permission_view_role, ab_user_role, and
ab_group_role before deleting the role itself.
@kimjune01 kimjune01 requested a review from vincbeck as a code owner May 11, 2026 04:04
@boring-cyborg
Copy link
Copy Markdown

boring-cyborg Bot commented May 11, 2026

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide
Here are some useful points:

  • Pay attention to the quality of your code (ruff, mypy and type annotations). Our prek-hooks will help you with that.
  • In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example Dag that shows how users should use it.
  • Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
  • Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
  • Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
  • Be sure to read the Airflow Coding style.
  • Always keep your Pull Requests rebased, otherwise your build might fail due to changes not related to your commits.
    Apache Airflow is a community-driven project and together we are making it better 🚀.
    In case of doubts contact the developers at:
    Mailing List: dev@airflow.apache.org
    Slack: https://s.apache.org/airflow-slack

@vincbeck vincbeck merged commit 23f1772 into apache:main May 11, 2026
90 checks passed
@boring-cyborg
Copy link
Copy Markdown

boring-cyborg Bot commented May 11, 2026

Awesome work, congrats on your first merged pull request! You are invited to check our Issue Tracker for additional contributions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vincbeck vincbeck vincbeck approved these changes

Assignees

No one assigned

Labels

area:providers provider:fab

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Error when deleting role using FAB.

2 participants

@kimjune01 @vincbeck