Airflow Summit 2025 is coming October 07-09. Register now for early bird ticket!

airflow.providers.keycloak.auth_manager.keycloak_auth_manager

Classes

KeycloakAuthManager

Keycloak auth manager.

Module Contents

class airflow.providers.keycloak.auth_manager.keycloak_auth_manager.KeycloakAuthManager(context=None)[source]

Bases: airflow.api_fastapi.auth.managers.base_auth_manager.BaseAuthManager[airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser]

Keycloak auth manager.

Leverages Keycloak to perform authentication and authorization in Airflow.

deserialize_user(token)[source]

Create a user object from dict.

serialize_user(user)[source]

Create a subject and extra claims dict from a user object.

get_url_login(**kwargs)[source]

Return the login page url.

is_authorized_configuration(*, method, user, details=None)[source]

Return whether the user is authorized to perform a given action on configuration.

Parameters:

  • method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action

  • details (airflow.api_fastapi.auth.managers.models.resource_details.ConfigurationDetails | None) – optional details about the configuration

is_authorized_connection(*, method, user, details=None)[source]

Return whether the user is authorized to perform a given action on a connection.

Parameters:

  • method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action

  • details (airflow.api_fastapi.auth.managers.models.resource_details.ConnectionDetails | None) – optional details about the connection

is_authorized_dag(*, method, user, access_entity=None, details=None)[source]

Return whether the user is authorized to perform a given action on a DAG.

Parameters:

  • method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • user (airflow.api_fastapi.auth.managers.base_auth_manager.T) – the user to performing the action

  • access_entity (airflow.api_fastapi.auth.managers.models.resource_details.DagAccessEntity | None) – the kind of DAG information the authorization request is about. If not provided, the authorization request is about the DAG itself

  • details (airflow.api_fastapi.auth.managers.models.resource_details.DagDetails | None) – optional details about the DAG

is_authorized_backfill(*, method, user, details=None)[source]

Return whether the user is authorized to perform a given action on a backfill.

Parameters:

  • method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action

  • details (airflow.api_fastapi.auth.managers.models.resource_details.BackfillDetails | None) – optional details about the backfill

is_authorized_asset(*, method, user, details=None)[source]

Return whether the user is authorized to perform a given action on an asset.

Parameters:

  • method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action

  • details (airflow.api_fastapi.auth.managers.models.resource_details.AssetDetails | None) – optional details about the asset

is_authorized_asset_alias(*, method, user, details=None)[source]

Return whether the user is authorized to perform a given action on an asset alias.

Parameters:

  • method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to perform the action on

  • details (airflow.api_fastapi.auth.managers.models.resource_details.AssetAliasDetails | None) – optional details about the asset alias

is_authorized_variable(*, method, user, details=None)[source]

Return whether the user is authorized to perform a given action on a variable.

Parameters:

  • method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action

  • details (airflow.api_fastapi.auth.managers.models.resource_details.VariableDetails | None) – optional details about the variable

is_authorized_pool(*, method, user, details=None)[source]

Return whether the user is authorized to perform a given action on a pool.

Parameters:

  • method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action

  • details (airflow.api_fastapi.auth.managers.models.resource_details.PoolDetails | None) – optional details about the pool

is_authorized_view(*, access_view, user)[source]

Return whether the user is authorized to access a read-only state of the installation.

Parameters:
is_authorized_custom_view(*, method, resource_name, user)[source]

Return whether the user is authorized to perform a given action on a custom view.

A custom view can be a view defined as part of the auth manager. This view is then only available when the auth manager is used as part of the environment. It can also be a view defined as part of a plugin defined by a user.

Parameters:
filter_authorized_menu_items(menu_items, *, user)[source]

Filter menu items based on user permissions.

Parameters:
get_fastapi_app()[source]

Specify a sub FastAPI application specific to the auth manager.

This sub application, if specified, is mounted in the main FastAPI application.

Was this entry helpful?