Anonymous users are no longer able to add DAG run notes, even with the ADMIN role

[tullis]

Apache Airflow version

2.7.3

What happened

We have Airflow configured with AUTH_ROLE_PUBLIC = 'Admin' since our access control is currently provided by an external mechanism. Users therefore do not log into the web interface at the moment and we have no users configured in fab.

Since deploying version 2.7.3 we have noticed a regression in that the anonymous user is unable to add DAG notes.
This used to work up to and including version 2.6.3.

Clicking on Save Note generates the following error in the UI.

The following error is logged:

sqlalchemy.exc.DataError: (psycopg2.errors.InvalidTextRepresentation) invalid input syntax for type integer: "None"
LINE 1: ...p_index, content, created_at, updated_at) VALUES ('None', 'm...
                                                              ^
[SQL: INSERT INTO task_instance_note (user_id, task_id, dag_id, run_id, map_index, content, created_at, updated_at) VALUES (%(user_id)s, %(task
[parameters: {'user_id': 'None', 'task_id': 'move_data_to_archive', 'dag_id': 'pageview_hourly', 'run_id': 'scheduled__2023-12-01T06:00:00+00:0

It doesn't like the fact that our user_id value is None, rather than an integer value.

What you think should happen instead

It should add the note to the database, as it did up to version 2.6.3. Attributed to an unauthenticated user.

How to reproduce

• Configure the Airflow 2.7.3 webserver with AUTH_ROLE_PUBLIC = 'Admin'.
• Ensure that you are logged out
• Attempt to add a note to a DAG run task

Operating System

Debian GNU/Linux 10

Versions of Apache Airflow Providers

apache-airflow-providers-apache-hdfs==4.2.0
apache-airflow-providers-apache-hive==6.2.0
apache-airflow-providers-apache-spark==4.4.0
apache-airflow-providers-common-sql==1.8.0
apache-airflow-providers-ftp==3.6.1
apache-airflow-providers-http==4.7.0
apache-airflow-providers-imap==3.4.0
apache-airflow-providers-sqlite==3.5.0

Deployment

Other

Deployment details

We deploy airflow in a conda environment to certain hosts and use SSH based authentication to restrict access to it.
This allows us to make use of the feature that unauthenticated users may perform administrative tasks.

Anything else

The problem was originally reported in this upstream bug tracker: https://phabricator.wikimedia.org/T352534

Are you willing to submit PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct

[boring-cyborg]

Thanks for opening your first issue here! Be sure to follow the issue template! If you are willing to raise PR to address this issue please do so, no need to wait for approval.

[pavelpi]

We are experiencing the same on 2.7.3 when the automatically logged in user cannot see DAG code or task logs. Looking at http responses, the server reports 401.
It used to work on 2.6.2.
If the user logs in into Admin role, all seems to work fine.

[Taragolis]

I guess it the same as

• Webserver returns 500 for POST requests to api/dag/*/dagrun from anonymous user  #36110