af already supports AF_READ_ONLY=TRUE, which is useful, but right now that safety switch only lives in the environment.
It would be helpful to support the same idea in ~/.af/config.yaml, especially at the instance level. So, the user can keep a production instance read-only by default, while still being able to write to staging or sandbox without juggling shell wrappers or remembering to export and unset env vars.
Something like this would cover it:
export AIRFLOW_USERNAME=username
export AIRFLOW_PASSWORD=password
instances:
- name: stg
url: https://airflow-stg.example.com
- name: prod
url: https://airflow-prod.example.com
read_only: true
current-instance: stg
Expected behaviour:
- If the active instance has
read_only: true, write operations are blocked.
- Read operations still work normally.
AF_READ_ONLY keeps working and overrides config.
This would make the CLI safer and easier to use in mixed environments where some instances should never allow writes by default.
If this sounds good, I’d be happy to open a PR with the config change, docs, and tests.
afalready supportsAF_READ_ONLY=TRUE, which is useful, but right now that safety switch only lives in the environment.It would be helpful to support the same idea in
~/.af/config.yaml, especially at the instance level. So, the user can keep a production instance read-only by default, while still being able to write to staging or sandbox without juggling shell wrappers or remembering to export and unset env vars.Something like this would cover it:
Expected behaviour:
read_only: true, write operations are blocked.AF_READ_ONLYkeeps working and overrides config.This would make the CLI safer and easier to use in mixed environments where some instances should never allow writes by default.
If this sounds good, I’d be happy to open a PR with the config change, docs, and tests.