airflow.providers.amazon.aws.auth_manager.aws_auth_manager¶

Classes¶

AwsAuthManager

AWS auth manager.

Functions¶

get_parser()

Generate documentation; used by Sphinx argparse.

Module Contents¶

class airflow.providers.amazon.aws.auth_manager.aws_auth_manager.AwsAuthManager(context=None)[source]¶

Bases: airflow.api_fastapi.auth.managers.base_auth_manager.BaseAuthManager[airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser]

AWS auth manager.

Leverages AWS services such as Amazon Identity Center and Amazon Verified Permissions to perform authentication and authorization in Airflow.

init()[source]¶

Run operations when Airflow is initializing.

By default, do nothing.

property avp_facade[source]¶

property apiserver_endpoint: str[source]¶

deserialize_user(token)[source]¶

Create a user object from dict.

serialize_user(user)[source]¶

Create a subject and extra claims dict from a user object.

is_authorized_configuration(*, method, user, details=None)[source]¶

Return whether the user is authorized to perform a given action on configuration.

Parameters:

method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action
details (airflow.api_fastapi.auth.managers.models.resource_details.ConfigurationDetails | None) – optional details about the configuration

is_authorized_connection(*, method, user, details=None)[source]¶

Return whether the user is authorized to perform a given action on a connection.

Parameters:

method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action
details (airflow.api_fastapi.auth.managers.models.resource_details.ConnectionDetails | None) – optional details about the connection

is_authorized_dag(*, method, user, access_entity=None, details=None)[source]¶

Return whether the user is authorized to perform a given action on a DAG.

Parameters:

method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action
access_entity (airflow.api_fastapi.auth.managers.models.resource_details.DagAccessEntity | None) – the kind of DAG information the authorization request is about. If not provided, the authorization request is about the DAG itself
details (airflow.api_fastapi.auth.managers.models.resource_details.DagDetails | None) – optional details about the DAG

is_authorized_backfill(*, method, user, details=None)[source]¶

Return whether the user is authorized to perform a given action on a backfill.

Parameters:

method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action
details (airflow.api_fastapi.auth.managers.models.resource_details.BackfillDetails | None) – optional details about the backfill

is_authorized_asset(*, method, user, details=None)[source]¶

Return whether the user is authorized to perform a given action on an asset.

Parameters:

method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action
details (airflow.api_fastapi.auth.managers.models.resource_details.AssetDetails | None) – optional details about the asset

is_authorized_asset_alias(*, method, user, details=None)[source]¶

Return whether the user is authorized to perform a given action on an asset alias.

Parameters:

method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to perform the action on
details (airflow.api_fastapi.auth.managers.models.resource_details.AssetAliasDetails | None) – optional details about the asset alias

is_authorized_pool(*, method, user, details=None)[source]¶

Return whether the user is authorized to perform a given action on a pool.

Parameters:

method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action
details (airflow.api_fastapi.auth.managers.models.resource_details.PoolDetails | None) – optional details about the pool

is_authorized_variable(*, method, user, details=None)[source]¶

Return whether the user is authorized to perform a given action on a variable.

Parameters:

method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action
details (airflow.api_fastapi.auth.managers.models.resource_details.VariableDetails | None) – optional details about the variable

is_authorized_view(*, access_view, user)[source]¶

Return whether the user is authorized to access a read-only state of the installation.

Parameters:

access_view (airflow.api_fastapi.auth.managers.models.resource_details.AccessView) – the specific read-only view/state the authorization request is about.
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

is_authorized_custom_view(*, method, resource_name, user)[source]¶

Return whether the user is authorized to perform a given action on a custom view.

A custom view can be a view defined as part of the auth manager. This view is then only available when the auth manager is used as part of the environment. It can also be a view defined as part of a plugin defined by a user.

Parameters:

method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod | str) – the method to perform. The method can also be a string if the action has been defined in a plugin. In that case, the action can be anything (e.g. can_do). See https://github.com/apache/airflow/issues/39144
resource_name (str) – the name of the resource
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

filter_authorized_menu_items(menu_items, *, user)[source]¶

Filter menu items based on user permissions.

Parameters:

menu_items (list[airflow.api_fastapi.common.types.MenuItem]) – list of all menu items
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user

batch_is_authorized_dag(requests, *, user)[source]¶

Batch version of is_authorized_dag.

By default, calls individually the is_authorized_dag API on each item in the list of requests. Can lead to some poor performance. It is recommended to override this method in the auth manager implementation to provide a more efficient implementation.

Parameters:

requests (collections.abc.Sequence[airflow.api_fastapi.auth.managers.models.batch_apis.IsAuthorizedDagRequest]) – a list of requests containing the parameters for is_authorized_dag
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

filter_authorized_dag_ids(*, dag_ids, user, method='GET')[source]¶

Filter DAGs the user has access to.

Parameters:

dag_ids (set[str]) – the list of DAG ids
user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user
method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to filter on

get_url_login(**kwargs)[source]¶

Return the login page url.

static get_cli_commands()[source]¶

Vends CLI commands to be included in Airflow CLI.

get_fastapi_app()[source]¶

Specify a sub FastAPI application specific to the auth manager.

This sub application, if specified, is mounted in the main FastAPI application.

airflow.providers.amazon.aws.auth_manager.aws_auth_manager.get_parser()[source]¶

Generate documentation; used by Sphinx argparse.