Deprecate Tableau personal token authentication #16916
Conversation
There was a problem hiding this comment.
Nice analysis of the issue!
Can we deprecate the usage of personal tokens first rather than remove it completely?
I see no reason to make a breaking change here.
People who suffer from this issue will be able to migrate immediately to another authentication method while users who don't will have time to work on it till the next major release.
BTW IMHO as long as Tableau python package allows authentication with personal tokens (despite their limitation) I don't think we should prevent it. If a user wants to use them despite their limited capabilities why should we prevent it? WDYT?
| WARNING: authenticaton by personal token was deprecated as Tableau automatically | ||
| invalidates opened personal token connection if one or more parallel | ||
| connections with the same token are opened. So, in the environments with | ||
| multiple parallel tasks this authentication method can lead to numerous bugs | ||
| and all the jobs will not run as they intended. Therefore personal token | ||
| auth option is no more available for the end user. |
There was a problem hiding this comment.
The place for this is in the docs:
https://github.com/apache/airflow/blob/main/docs/apache-airflow-providers-tableau/connections/tableau.rst
|
Hi, @eladkal! The thing here is that personal token authentication was not working correctly as intended in the scope of Airflow logic, that's why we decided to remove it. But you are right, such a breaking change is what we can avoid at this stage. Therefore, I can propose to leave the changes I've done apart from removing the method for the authentication in the hook and tests for it. I will put it back and indicate the danger of using a personal token authentication approach in the documentation and the body of the method. Does that make sense? |
So yeah we should deprecate it first to avoid breaking change. I'm not so sure about removing it as the upstream lib has this functionality in placed. It could be that they will fix the bug related to the parallelism if not we can always remove it eventually. |
|
Some static checks are failing. I HEARTILY recommend to install pre-commit (as suggested in the error message). It will then even auto-correct everything for you @samgans |
|
Hello, @potiuk . The thing is that static check asks me to change this: To this: Which is not the thing we should have, I guess. What do you think? UPD: I've rechecked the PEP8 and see that the trailing comma, in this case, is not redundant if we expect this to be extended. I think I will put it here. Thanks. |
samgans
requested review from
ashb,
kaxil,
potiuk,
turbaszek and
XD-DENG
as code owners
|
The PR is likely OK to be merged with just subset of tests for default Python and Database versions without running the full matrix of tests, because it does not modify the core of Airflow. If the committers decide that the full tests matrix is needed, they will add the label 'full tests needed'. Then you should rebase to the latest main or amend the last commit of the PR, and push it with --force-with-lease. |
github-actions
bot
added
the
okay to merge
This PR closes #16669.
Why:
Authentication by personal token was not working properly since the Tableau provider's creation due to how the Tableau server client works (it invalidates previous personal token connection if one or more parallel are opened). Therefore, we decided to deprecate it.
Changes:
_auth_via_tokenmethod from theTableauHookand make the documentation notes about the deprecation.get_allmethod ofTableauHookto raise a verbose error when there is wrong object type was supplied.TableauJobStatusSensorin case of blockingTableauRefreshWorkbookOperatorexecution to remove the creation of duplicated connection (which is done by a sensor) and to improve the conformity of the class to SRP. Also fix some small documentation issues.