• Home
• airflow.providers.fab
• airflow.providers.fab.auth_manager
• airflow.providers.fab.auth_manager.fab_auth_manager

airflow.providers.fab.auth_manager.fab_auth_manager

Classes

FabAuthManager

Flask-AppBuilder auth manager.

Functions

get_parser()

Generate documentation; used by Sphinx argparse.

Module Contents

class airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager(context=None)

Bases: airflow.api_fastapi.auth.managers.base_auth_manager.BaseAuthManager[airflow.providers.fab.auth_manager.models.User]

Flask-AppBuilder auth manager.

This auth manager is responsible for providing a backward compatible user management experience to users.

appbuilder: airflow.providers.fab.www.extensions.init_appbuilder.AirflowAppBuilder | None = None

init()

Run operations when Airflow is initializing.

property apiserver_endpoint: str

static get_cli_commands()

Vends CLI commands to be included in Airflow CLI.

get_fastapi_app()

Get the FastAPI app.

get_api_endpoints()

get_user()

Return the user associated to the user in session.

Attempt to find the current user in g.user, as defined by the kerberos authentication backend. If no such user is found, return the current_user local proxy object, linked to the user session.

deserialize_user(token)

Create a user object from dict.

serialize_user(user)

Create a dict from a user object.

is_logged_in()

Return whether the user is logged in.

is_authorized_configuration(*, method, user, details=None)

Return whether the user is authorized to perform a given action on configuration.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.fab.auth_manager.models.User) – the user to performing the action

• details (airflow.api_fastapi.auth.managers.models.resource_details.ConfigurationDetails | None) – optional details about the configuration

is_authorized_connection(*, method, user, details=None)

Return whether the user is authorized to perform a given action on a connection.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.fab.auth_manager.models.User) – the user to performing the action

• details (airflow.api_fastapi.auth.managers.models.resource_details.ConnectionDetails | None) – optional details about the connection

is_authorized_dag(*, method, user, access_entity=None, details=None)

Return whether the user is authorized to access the dag.

There are multiple scenarios:

1. dag_access is not provided which means the user wants to access the DAG itself and not a sub entity (e.g. DAG runs). 2. dag_access is provided which means the user wants to access a sub entity of the DAG (e.g. DAG runs).

1. If method is GET, then check the user has READ permissions on the DAG and the sub entity.

2. Else, check the user has EDIT permissions on the DAG and method on the sub entity. However,

   if no specific DAG is targeted, just check the sub entity.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – The method to authorize.

• user (airflow.providers.fab.auth_manager.models.User) – The user performing the action.

• access_entity (airflow.api_fastapi.auth.managers.models.resource_details.DagAccessEntity | None) – The dag access entity.

• details (airflow.api_fastapi.auth.managers.models.resource_details.DagDetails | None) – The dag details.

is_authorized_asset(*, method, user, details=None)

Return whether the user is authorized to perform a given action on an asset.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.fab.auth_manager.models.User) – the user to performing the action

• details (airflow.providers.common.compat.assets.AssetDetails | None) – optional details about the asset

is_authorized_asset_alias(*, method, user, details=None)

Return whether the user is authorized to perform a given action on an asset alias.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.fab.auth_manager.models.User) – the user to perform the action on

• details (airflow.providers.common.compat.assets.AssetAliasDetails | None) – optional details about the asset alias

is_authorized_pool(*, method, user, details=None)

Return whether the user is authorized to perform a given action on a pool.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.fab.auth_manager.models.User) – the user to performing the action

• details (airflow.api_fastapi.auth.managers.models.resource_details.PoolDetails | None) – optional details about the pool

is_authorized_variable(*, method, user, details=None)

Return whether the user is authorized to perform a given action on a variable.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.fab.auth_manager.models.User) – the user to performing the action

• details (airflow.api_fastapi.auth.managers.models.resource_details.VariableDetails | None) – optional details about the variable

is_authorized_view(*, access_view, user)

Return whether the user is authorized to access a read-only state of the installation.

Parameters:

• access_view (airflow.api_fastapi.auth.managers.models.resource_details.AccessView) – the specific read-only view/state the authorization request is about.

• user (airflow.providers.fab.auth_manager.models.User) – the user to performing the action

is_authorized_custom_view(*, method, resource_name, user)

Return whether the user is authorized to perform a given action on a custom view.

A custom view can be a view defined as part of the auth manager. This view is then only available when the auth manager is used as part of the environment. It can also be a view defined as part of a plugin defined by a user.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod | str) – the method to perform. The method can also be a string if the action has been defined in a plugin. In that case, the action can be anything (e.g. can_do). See https://github.com/apache/airflow/issues/39144

• resource_name (str) – the name of the resource

• user (airflow.providers.fab.auth_manager.models.User) – the user to performing the action

get_permitted_dag_ids(*, user, method='GET', session=NEW_SESSION)

Get readable or writable DAGs for user.

By default, reads all the DAGs and check individually if the user has permissions to access the DAG. Can lead to some poor performance. It is recommended to override this method in the auth manager implementation to provide a more efficient implementation.

Parameters:

• user (airflow.providers.fab.auth_manager.models.User) – the user

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to filter on

• session (sqlalchemy.orm.Session) – the session

property security_manager: airflow.providers.fab.auth_manager.security_manager.override.FabAirflowSecurityManagerOverride

Return the security manager specific to FAB.

get_url_login(**kwargs)

Return the login page url.

get_url_logout()

Return the logout page url.

logout()

Logout the user.

register_views()

get_menu_items(*, user)

Provide additional links to be added to the menu.

Parameters:

user (airflow.providers.fab.auth_manager.models.User) – the user

airflow.providers.fab.auth_manager.fab_auth_manager.get_parser()

Generate documentation; used by Sphinx argparse.

Previous Next

Was this entry helpful?