`airflow.providers.amazon.aws.auth_manager.avp.facade`¶

Module Contents¶

Facade for Amazon Verified Permissions.

class airflow.providers.amazon.aws.auth_manager.avp.facade.AwsAuthManagerAmazonVerifiedPermissionsFacade(context=None)[source]¶

Bases: airflow.utils.log.logging_mixin.LoggingMixin

Facade for Amazon Verified Permissions.

Used as an intermediate layer between AWS auth manager and Amazon Verified Permissions.

avp_policy_store_id()[source]¶: Get the Amazon Verified Permission policy store ID from config.

is_authorized(*, method, entity_type, user, entity_id=None, entity_fetcher=None)[source]¶

Make an authorization decision against Amazon Verified Permissions.

Check whether the user has permissions to access given resource.

Parameters

method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
entity_type (airflow.providers.amazon.aws.auth_manager.avp.entities.AvpEntities) – the entity type the user accesses
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user
entity_id (str | None) – the entity ID the user accesses. If not provided, all entities of the type will be considered.
entity_fetcher (Callable | None) – function that returns list of entities to be passed to Amazon Verified Permissions. Only needed if some resource properties are used in the policies (e.g. DAG folder).