Read only mode#1468
Conversation
auvipy
requested review from
auvipy and
Copilot
and removed request for
Copilot
There was a problem hiding this comment.
Pull request overview
This PR implements a read-only mode for Flower to prevent accidental disruptions in production environments. When enabled via the --read_only CLI option, it hides administrative controls in the UI and returns 403 responses for state-changing API requests.
Key Changes
- Added
--read_onlyconfiguration option with default value of False - Modified 11 API endpoints to check read-only mode and return 403 for control operations
- Updated worker.html template to conditionally hide action buttons when read-only mode is enabled
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 27 comments.
Show a summary per file
| File | Description |
|---|---|
| flower/options.py | Defines the new read_only boolean option |
| flower/api/control.py | Adds read-only guards to worker control endpoints (shutdown, pool operations, queue management, task limits) |
| flower/api/tasks.py | Adds read-only guards to task control endpoints (apply, async-apply, send-task, abort, revoke) |
| flower/views/workers.py | Passes read_only flag to worker template for conditional rendering |
| flower/templates/worker.html | Conditionally hides action buttons and controls based on read-only mode |
| tests/unit/api/test_control.py | Adds test coverage for read-only mode on all control endpoints |
| tests/unit/api/test_tasks.py | Adds test coverage for read-only mode on task apply endpoints |
| docs/config.rst | Documents the new read_only configuration option |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
@auvipy I addressed comments and fixed linters. Sorry about that, it wasn't clear how to run linters in the project. It might be good to have a development document, to describe how to test the app, run tests, run linters and build docs. I had to figure them out by trial and error. |
|
@auvipy when can we expect an update on this PR? |
|
please allow us some time |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
I think the |
This pull request aims to address #1407 and #1321.
Motivation
To prevent accidental disruptions in production environments, this PR adds a Read-Only mode.
Currently, access to the dashboard implies full control over the Celery cluster (stopping workers, rate limiting, etc.). This makes it risky to share the dashboard for simple monitoring purposes. This change adds a configuration option to hide administrative controls and reject state-changing API requests, ensuring the UI is safe for general viewing.
Proposed changes
--read_onlycli option to enable read only mode.Screenshots
(In all screenshots) Buttons to shut down the worker no longer show up.
Pool tab no longer shows actions for changing the pool size.
Queues tab no longer allows to cancel/add consumer
Limits tab no longer allows to apply values
[?] Should I just hide the entire tab?
How to test