Re: [DISCUSS] Deprecate cli options in Airflow Configurations and airflow.api.client

Tue, 20 Feb 2024 11:10:40 -0800 

+1, stable API should be favoured

On Tue 20 Feb 2024 at 16:10, Jarek Potiuk <ja...@potiuk.com> wrote:

> Oh God . What an archeology. Yeah I think we had a limite when we discussed
> it then (looking at the discussion) we did not have a solid replacement yet
> (and the discussion was about deprecating it in 1.10). Since then we marked
> it as experimental and left it in 2.0.
> But since then - we have -  and it's well established and proven (REST
> API + Python Client) which very much serves the same purpose that the
> "remote" experimental CLI should serve (and I think that was the main
> problem that it did not exist back then).
>
> I'd say it calls for removal and significant note ("If you were still using
> it, please use the REST API and Python Client instead").
>
> On Tue, Feb 20, 2024 at 11:19 AM Andrey Anshin <andrey.ans...@taragol.is>
> wrote:
>
> > BTW, I've found that this this top already discussed in the past, like
> more
> > that 3 years ago
> >
> > Github Issue https://github.com/apache/airflow/issues/10552 (accidently
> > found when set sorting on issues as Least recently updated)
> > Dev List:
> https://lists.apache.org/thread/jdz9l7bsnsw5c3t27dxfrx5pd4wvjlxt
> >
> >
> >
> > On Tue, 20 Feb 2024 at 00:14, Andrey Anshin <andrey.ans...@taragol.is>
> > wrote:
> >
> > > Just for clarification, the proposal is about depreciation or even
> > removal
> > > of something obsolete. If we could do some improvement at the same
> moment
> > > it would be nice, if not also nice, that mean no additional work
> > >
> > >
> > >
> > >
> > >
> > > On Mon, 19 Feb 2024 at 22:55, Scheffler Jens (XC-AS/EAE-ADA-T)
> > > <jens.scheff...@de.bosch.com.invalid> wrote:
> > >
> > >> I do not habe a strong opinion on the topic but I am mostly with
> Jarek.
> > >>
> > >> The API must be multi tenant and mask all internal DB access - where
> we
> > >> are close-by with AIP-44 and the other efforts of multi tenancy
> > (missing a
> > >> list of all planned efforts, would be cool to have a mata AIP keeping
> > the
> > >> completed and planned individual efforts)
> > >>
> > >> But in contrast I see the CLI only partly being a tool on tenant but
> > most
> > >> parts on the internal perimeter admin side. Might be a bit „gray
> zone“.
> > If
> > >> we habe overlap to REST API (do we have a list of rhings like trigger
> > sag
> > >> or so?) we should remove and consolidate redundancy to API logic. But
> > there
> > >> is for sure some „black magic“ which must not be migrated and needs
> > native
> > >> DB access. E.g. resetting DB or triggering DB migration. For REST API
> as
> > >> well as internal API you need a web endpoint incl. minimal
> > authentication.
> > >> Some base admin tooling is needed for bootstrap and base admin. Like
> > >> creating the first admin user is impossible if no user.
> > >>
> > >> So before a lengthy discussion I‘d propose to document details and
> make
> > >> an AIP to discuss, that might be easier then a reply-to-all thred to
> > define
> > >> the scope of cleanup. Also and especially for API cöient we need to
> > check
> > >> for impact if breaking changes appear.
> > >>
> > >> Jens
> > >>
> > >> Sent from Outlook for iOS<https://aka.ms/o0ukef>
> > >> ________________________________
> > >> From: Andrey Anshin <andrey.ans...@taragol.is>
> > >> Sent: Monday, February 19, 2024 3:54 PM
> > >> To: dev@airflow.apache.org <dev@airflow.apache.org>
> > >> Subject: Re: [DISCUSS] Deprecate cli options in Airflow Configurations
> > >> and airflow.api.client
> > >>
> > >> >Actually - it's not at all part of  AIP-44 :). Airflow CLI was
> > >> (consciously and deliberately) not part of it.
> > >>
> > >> Then better to check whether or not it accidentally uses it, add to my
> > >> checklist
> > >>
> > >> > So I would be very much for removing that whole part - even in
> Airflow
> > >> 2.9.
> > >>
> > >> +1 for removal if it won't break our promises
> > >>
> > >>
> > >>
> > >>
> > >> On Mon, 19 Feb 2024 at 16:01, Jarek Potiuk <ja...@potiuk.com> wrote:
> > >>
> > >> > Actually - it's not at all part of  AIP-44 :). Airflow CLI was
> > >> (consciously
> > >> > and deliberately) not part of it.
> > >> >
> > >> > CLI is specifically treated as a "local" tool that is executed
> inside
> > >> the
> > >> > security perimeter where direct database access is needed (i.e. it
> > >> falls in
> > >> > the same category as 'scheduler', 'webserver`, `internal-api`
> > component
> > >> -
> > >> > all of which stil has direct DB access and AIP-44 does not change
> > that.
> > >> > AIP-44 is specifically about Worker, Triggerrer and Dag File
> Processor
> > >> > direct DB access only.
> > >> >
> > >> > I think if we want to allow CLI to be used without direct DB
> access, a
> > >> > better solution would be to make it use the public REST API of ours,
> > not
> > >> > the internal api that is supposed to be used by worker/triggerer/dag
> > >> file
> > >> > processor. There will be different authentication and authorisation
> > >> methods
> > >> > than the ones that airflow CLI would - potentially use. I think if
> we
> > >> want
> > >> > to make airflow CLI use authorised/remote access - that needs a
> > separate
> > >> > AIP - where we define actors that should be able to use the CLI,
> > >> > authorisation mechanisms etc. (could be the same as in the REST API,
> > >> but it
> > >> > needs to be clarified - currently the authorisation of CLI is based
> > >> > exclusively on having access to the system/UNIX user that airflow is
> > run
> > >> > with and where DB configuration to access DB is present).
> > >> >
> > >> > But coming back to the main subject - yes, I think that old API is
> > >> > experimental, and for a long time we have good replacement for it
> > (i.e.
> > >> the
> > >> > official REST API that has been battle-tested and is pretty
> > >> feature-full),
> > >> > so It is a good idea to remove the old API (and CLI configuration
> > >> option).
> > >> > It's not likely widely used, and it's also had experimental status
> > for a
> > >> > very long time (since the beginning of Airflow 2.0) - so similarly
> as
> > >> with
> > >> > the MSSQL support, we are free to decide to remove it and still keep
> > our
> > >> > SemVer promises - it never made it on the Public Interface of
> Airflow
> > >> >
> > >> >
> > >>
> >
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fairflow.apache.org%2Fdocs%2Fapache-airflow%2Fstable%2Fpublic-airflow-interface.html&data=05%7C02%7CJens.Scheffler%40de.bosch.com%7C7183c980c1634387b9c808dc315ab031%7C0ae51e1907c84e4bbb6d648ee58410f4%7C0%7C0%7C638439512771163568%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=hJSW%2FH7qQHQIH0YFHjxAoHWBNSejl2yUBpMx1Q9PQAo%3D&reserved=0
> > >> <
> > >>
> >
> https://airflow.apache.org/docs/apache-airflow/stable/public-airflow-interface.html
> > >> >
> > >> > - and since the very beginning we did not have an intention for it
> to
> > be
> > >> > public API.
> > >> >
> > >> > So I would be very much for removing that whole part - even in
> Airflow
> > >> 2.9.
> > >> >
> > >> > J.
> > >> >
> > >> > On Mon, Feb 19, 2024 at 11:53 AM Andrey Anshin <
> > >> andrey.ans...@taragol.is>
> > >> > wrote:
> > >> >
> > >> > > > the underlying question is what are we going to do with direct
> DB
> > >> > access
> > >> > > from the cli
> > >> > >
> > >> > > Good point!
> > >> > > I guess it should be covered by AIP-44, so if there are no methods
> > >> which
> > >> > > implement these actions by AIP-44 it is better to create it
> instead
> > of
> > >> > just
> > >> > > moving old code.
> > >> > >
> > >> > >
> > >> > >
> > >> > > On Mon, 19 Feb 2024 at 14:35, Bolke de Bruin <bdbr...@gmail.com>
> > >> wrote:
> > >> > >
> > >> > > > with regards to the api client: the intention was indeed to
> remove
> > >> > direct
> > >> > > > access to the DB, which I think is still a valid thing to do. In
> > my
> > >> > > opinion
> > >> > > > the underlying question is what are we going to do with direct
> DB
> > >> > access
> > >> > > > from the cli. Is that something we want to keep or do we want a
> > >> > different
> > >> > > > design? Just dropping the implementation seems a bit 'lazy' to
> me,
> > >> > while
> > >> > > I
> > >> > > > understand that it hasn't been touched in a while.
> > >> > > >
> > >> > > > B.
> > >> > > >
> > >> > > > On Sun, 18 Feb 2024 at 12:17, Andrey Anshin <
> > >> andrey.ans...@taragol.is>
> > >> > > > wrote:
> > >> > > >
> > >> > > > > Greetings guys!
> > >> > > > >
> > >> > > > > I want to start a discussion about deprecation cli
> configuration
> > >> > > options
> > >> > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fairflow.apache.org%2Fdocs%2Fapache-airflow%2Fstable%2Fconfigurations-ref.html%23cli&data=05%7C02%7CJens.Scheffler%40de.bosch.com%7C7183c980c1634387b9c808dc315ab031%7C0ae51e1907c84e4bbb6d648ee58410f4%7C0%7C0%7C638439512771174117%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=dQ3MPz8rgbWo%2FIezHpvAuJ4fxDAe%2FT9hx3WRloR3ZRQ%3D&reserved=0
> > >> <
> > >>
> >
> https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#cli
> > >> >
> > >> > > > > as well as `airflow/api/client` in upcoming minor/feature
> > release
> > >> of
> > >> > > > > Airflow (2.9 or 2.10 depends on).
> > >> > > > >
> > >> > > > > This options control how end users retrieve information from
> the
> > >> > > > Database,
> > >> > > > > there is two kind provided classes
> > >> > > > `airflow.api.client.api_client.Client` -
> > >> > > > > direct access to DB, `airflow.api.client.json_client.Client` -
> > >> access
> > >> > > > > through Experimental API
> > >> > > > >
> > >> > > > > However internal clients cover only this cli commands:
> > >> > > > > - trigger_dag: airflow dags trigger
> > >> > > > > - delete_dag: airflow dags delete
> > >> > > > > - get_pool: airflow pool get
> > >> > > > > - get_pools: airflow pool list and airflow pool export
> > >> > > > > - create_pool: airflow pool set and airflow pool import
> > >> > > > > - pool_delete: airflow pool delete
> > >> > > > > - get_lineage: doesn't use anywhere in CLI and Airflow
> codebase
> > >> > > > >
> > >> > > > > As a result, implementation of CLI spread across different
> > >> modules /
> > >> > > > > subpackages and in some cases could use experimental API.
> Seems
> > >> like
> > >> > it
> > >> > > > is
> > >> > > > > an abandoned implementation which comes from pre Airflow 2 and
> > we
> > >> > have
> > >> > > to
> > >> > > > > support it nowadays.
> > >> > > > >
> > >> > > > > *My proposal*:
> > >> > > > > 1. Copy implementation from
> > >> `airflow.api.client.local_client.Client`
> > >> > > into
> > >> > > > > the  the code from appropriate modules into the
> > >> airflow/cli/commands
> > >> > > > > 2. Set default value for `[cli] api_client` to None. In case
> if
> > >> > values
> > >> > > > set
> > >> > > > > in airflow.cfg (e.g. from the previous version of Airflow),
> > raise
> > >> > > future
> > >> > > > > warning and update it to None if it set to
> > >> > > > > `airflow.api.client.local_client.Client` in other cases do not
> > >> touch
> > >> > > > > 3. Set default value for `[cli] endpoint_url` to None. In case
> > if
> > >> > > values
> > >> > > > > set in airflow.cfg raise future warning, and do not update
> > value.
> > >> > > > > 4. `airflow.api.client.get_current_api_client` should able to
> > >> return
> > >> > > > None,
> > >> > > > > if it return None, then it should use implementation from the
> > >> > > > > airflow/cli/commands, otherwise use deprecated client, with
> > >> raising
> > >> > > > > RemovedInAirflow3Warning
> > >> > > > >
> > >> > > > > WDYT?
> > >> > > > >
> > >> > > >
> > >> > > >
> > >> > > > --
> > >> > > >
> > >> > > > --
> > >> > > > Bolke de Bruin
> > >> > > > bdbr...@gmail.com
> > >> > > >
> > >> > >
> > >> >
> > >>
> > >
> >
>

Reply via email to