`airflow.providers.amazon.aws.auth_manager.avp.facade`¶

Module Contents¶

`IsAuthorizedRequest`	Represent the parameters of `is_authorized` method in AVP facade.
`AwsAuthManagerAmazonVerifiedPermissionsFacade`	Facade for Amazon Verified Permissions.

airflow.providers.amazon.aws.auth_manager.avp.facade.NB_REQUESTS_PER_BATCH = 30[source]¶

class airflow.providers.amazon.aws.auth_manager.avp.facade.IsAuthorizedRequest[source]¶

Bases: TypedDict

Represent the parameters of is_authorized method in AVP facade.

entity_type: airflow.providers.amazon.aws.auth_manager.avp.entities.AvpEntities[source]¶

class airflow.providers.amazon.aws.auth_manager.avp.facade.AwsAuthManagerAmazonVerifiedPermissionsFacade(context=None)[source]¶

Bases: airflow.utils.log.logging_mixin.LoggingMixin

Facade for Amazon Verified Permissions.

Used as an intermediate layer between AWS auth manager and Amazon Verified Permissions.

avp_policy_store_id()[source]¶: Get the Amazon Verified Permission policy store ID from config.

is_authorized(*, method, entity_type, user, entity_id=None, context=None)[source]¶

Make an authorization decision against Amazon Verified Permissions.

Check whether the user has permissions to access given resource.

Parameters

method (airflow.auth.managers.base_auth_manager.ResourceMethod | str) – the method to perform. The method can also be a string if the action has been defined in a plugin. In that case, the action can be anything (e.g. can_do). See https://github.com/apache/airflow/issues/39144
entity_type (airflow.providers.amazon.aws.auth_manager.avp.entities.AvpEntities) – the entity type the user accesses
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser | None) – the user
entity_id (str | None) – the entity ID the user accesses. If not provided, all entities of the type will be considered.
context (dict | None) – optional additional context to pass to Amazon Verified Permissions.

get_batch_is_authorized_results(*, requests, user)[source]¶

Make a batch authorization decision against Amazon Verified Permissions.

Return a list of results for each request.

Parameters

requests (Sequence[IsAuthorizedRequest]) – the list of requests containing the method, the entity_type and the entity ID
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user

batch_is_authorized(*, requests, user)[source]¶

Make a batch authorization decision against Amazon Verified Permissions.

Check whether the user has permissions to access all resources.

Parameters

requests (Sequence[IsAuthorizedRequest]) – the list of requests containing the method, the entity_type and the entity ID
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser | None) – the user

get_batch_is_authorized_single_result(*, batch_is_authorized_results, request, user)[source]¶

Get a specific authorization result from the output of get_batch_is_authorized_results.

Parameters

batch_is_authorized_results (list[dict]) – the response from the batch_is_authorized API
request (IsAuthorizedRequest) – the request information. Used to find the result in the response.
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user

is_policy_store_schema_up_to_date()[source]¶

Return whether the policy store schema equals the latest version of the schema.