airflow.providers.fab.auth_manager.fab_auth_manager

Module Contents

Classes

FabAuthManager

Flask-AppBuilder auth manager.

Functions

get_parser()

Generate documentation; used by Sphinx argparse.

class airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager(context=None)[source]

Bases: airflow.auth.managers.base_auth_manager.BaseAuthManager[airflow.providers.fab.auth_manager.models.User]

Flask-AppBuilder auth manager.

This auth manager is responsible for providing a backward compatible user management experience to users.

appbuilder: airflow.providers.fab.www.extensions.init_appbuilder.AirflowAppBuilder | None[source]
init()[source]

Run operations when Airflow is initializing.

static get_cli_commands()[source]

Vends CLI commands to be included in Airflow CLI.

get_fastapi_app()[source]

Specify a sub FastAPI application specific to the auth manager.

This sub application, if specified, is mounted in the main FastAPI application.

get_api_endpoints()[source]

Return API endpoint(s) definition for the auth manager.

get_user_display_name()[source]

Return the user’s display name associated to the user in session.

get_user()[source]

Return the user associated to the user in session.

Attempt to find the current user in g.user, as defined by the kerberos authentication backend. If no such user is found, return the current_user local proxy object, linked to the user session.

deserialize_user(token)[source]

Create a user object from dict.

serialize_user(user)[source]

Create a dict from a user object.

is_logged_in()[source]

Return whether the user is logged in.

is_authorized_configuration(*, method, details=None, user=None)[source]

Return whether the user is authorized to perform a given action on configuration.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • details (airflow.auth.managers.models.resource_details.ConfigurationDetails | None) – optional details about the configuration

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_connection(*, method, details=None, user=None)[source]

Return whether the user is authorized to perform a given action on a connection.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • details (airflow.auth.managers.models.resource_details.ConnectionDetails | None) – optional details about the connection

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_dag(*, method, access_entity=None, details=None, user=None)[source]

Return whether the user is authorized to access the dag.

There are multiple scenarios:

1. dag_access is not provided which means the user wants to access the DAG itself and not a sub entity (e.g. DAG runs). 2. dag_access is provided which means the user wants to access a sub entity of the DAG (e.g. DAG runs).

  1. If method is GET, then check the user has READ permissions on the DAG and the sub entity.

  2. Else, check the user has EDIT permissions on the DAG and method on the sub entity. However,

    if no specific DAG is targeted, just check the sub entity.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod) – The method to authorize.

  • access_entity (airflow.auth.managers.models.resource_details.DagAccessEntity | None) – The dag access entity.

  • details (airflow.auth.managers.models.resource_details.DagDetails | None) – The dag details.

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – The user.

is_authorized_asset(*, method, details=None, user=None)[source]

Return whether the user is authorized to perform a given action on an asset.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • details (airflow.providers.common.compat.assets.AssetDetails | None) – optional details about the asset

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_pool(*, method, details=None, user=None)[source]

Return whether the user is authorized to perform a given action on a pool.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • details (airflow.auth.managers.models.resource_details.PoolDetails | None) – optional details about the pool

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_variable(*, method, details=None, user=None)[source]

Return whether the user is authorized to perform a given action on a variable.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • details (airflow.auth.managers.models.resource_details.VariableDetails | None) – optional details about the variable

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_view(*, access_view, user=None)[source]

Return whether the user is authorized to access a read-only state of the installation.

Parameters
  • access_view (airflow.auth.managers.models.resource_details.AccessView) – the specific read-only view/state the authorization request is about.

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_custom_view(*, method, resource_name, user=None)[source]

Return whether the user is authorized to perform a given action on a custom view.

A custom view can be a view defined as part of the auth manager. This view is then only available when the auth manager is used as part of the environment. It can also be a view defined as part of a plugin defined by a user.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod | str) – the method to perform. The method can also be a string if the action has been defined in a plugin. In that case, the action can be anything (e.g. can_do). See https://github.com/apache/airflow/issues/39144

  • resource_name (str) – the name of the resource

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

get_permitted_dag_ids(*, methods=None, user=None, session=NEW_SESSION)[source]

Get readable or writable DAGs for user.

By default, reads all the DAGs and check individually if the user has permissions to access the DAG. Can lead to some poor performance. It is recommended to override this method in the auth manager implementation to provide a more efficient implementation.

Parameters
security_manager()[source]

Return the security manager specific to FAB.

get_url_login(**kwargs)[source]

Return the login page url.

get_url_logout()[source]

Return the logout page url.

get_url_user_profile()[source]

Return the url to a page displaying info about the current user.

register_views()[source]

Register views specific to the auth manager.

airflow.providers.fab.auth_manager.fab_auth_manager.get_parser()[source]

Generate documentation; used by Sphinx argparse.

Was this entry helpful?