airflow.providers.amazon.aws.auth_manager.aws_auth_manager

Module Contents

Classes

AwsAuthManager

AWS auth manager.

Functions

get_parser()

Generate documentation; used by Sphinx argparse.

class airflow.providers.amazon.aws.auth_manager.aws_auth_manager.AwsAuthManager(appbuilder)[source]

Bases: airflow.auth.managers.base_auth_manager.BaseAuthManager

AWS auth manager.

Leverages AWS services such as Amazon Identity Center and Amazon Verified Permissions to perform authentication and authorization in Airflow.

Parameters

appbuilder (airflow.www.extensions.init_appbuilder.AirflowAppBuilder) – the flask app builder

avp_facade()[source]
get_user()[source]

Return the user associated to the user in session.

is_logged_in()[source]

Return whether the user is logged in.

is_authorized_configuration(*, method, details=None, user=None)[source]

Return whether the user is authorized to perform a given action on configuration.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • details (airflow.auth.managers.models.resource_details.ConfigurationDetails | None) – optional details about the configuration

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_connection(*, method, details=None, user=None)[source]

Return whether the user is authorized to perform a given action on a connection.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • details (airflow.auth.managers.models.resource_details.ConnectionDetails | None) – optional details about the connection

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_dag(*, method, access_entity=None, details=None, user=None)[source]

Return whether the user is authorized to perform a given action on a DAG.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • access_entity (airflow.auth.managers.models.resource_details.DagAccessEntity | None) – the kind of DAG information the authorization request is about. If not provided, the authorization request is about the DAG itself

  • details (airflow.auth.managers.models.resource_details.DagDetails | None) – optional details about the DAG

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_dataset(*, method, details=None, user=None)[source]

Return whether the user is authorized to perform a given action on a dataset.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • details (airflow.auth.managers.models.resource_details.DatasetDetails | None) – optional details about the dataset

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_pool(*, method, details=None, user=None)[source]

Return whether the user is authorized to perform a given action on a pool.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • details (airflow.auth.managers.models.resource_details.PoolDetails | None) – optional details about the pool

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_variable(*, method, details=None, user=None)[source]

Return whether the user is authorized to perform a given action on a variable.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

  • details (airflow.auth.managers.models.resource_details.VariableDetails | None) – optional details about the variable

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_view(*, access_view, user=None)[source]

Return whether the user is authorized to access a read-only state of the installation.

Parameters
  • access_view (airflow.auth.managers.models.resource_details.AccessView) – the specific read-only view/state the authorization request is about.

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_custom_view(*, method, resource_name, user=None)[source]

Return whether the user is authorized to perform a given action on a custom view.

A custom view can be a view defined as part of the auth manager. This view is then only available when the auth manager is used as part of the environment. It can also be a view defined as part of a plugin defined by a user.

Parameters
  • method (airflow.auth.managers.base_auth_manager.ResourceMethod | str) – the method to perform. The method can also be a string if the action has been defined in a plugin. In that case, the action can be anything (e.g. can_do). See https://github.com/apache/airflow/issues/39144

  • resource_name (str) – the name of the resource

  • user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

batch_is_authorized_connection(requests)[source]

Batch version of is_authorized_connection.

Parameters

requests (Sequence[airflow.auth.managers.models.batch_apis.IsAuthorizedConnectionRequest]) – a list of requests containing the parameters for is_authorized_connection

batch_is_authorized_dag(requests)[source]

Batch version of is_authorized_dag.

Parameters

requests (Sequence[airflow.auth.managers.models.batch_apis.IsAuthorizedDagRequest]) – a list of requests containing the parameters for is_authorized_dag

batch_is_authorized_pool(requests)[source]

Batch version of is_authorized_pool.

Parameters

requests (Sequence[airflow.auth.managers.models.batch_apis.IsAuthorizedPoolRequest]) – a list of requests containing the parameters for is_authorized_pool

batch_is_authorized_variable(requests)[source]

Batch version of is_authorized_variable.

Parameters

requests (Sequence[airflow.auth.managers.models.batch_apis.IsAuthorizedVariableRequest]) – a list of requests containing the parameters for is_authorized_variable

filter_permitted_dag_ids(*, dag_ids, methods=None, user=None)[source]

Filter readable or writable DAGs for user.

Parameters
  • dag_ids (set[str]) – the list of DAG ids

  • methods (Container[airflow.auth.managers.base_auth_manager.ResourceMethod] | None) – whether filter readable or writable

  • user – the current user

filter_permitted_menu_items(menu_items)[source]

Filter menu items based on user permissions.

Parameters

menu_items (list[flask_appbuilder.menu.MenuItem]) – list of all menu items

get_url_login(**kwargs)[source]

Return the login page url.

get_url_logout()[source]

Return the logout page url.

security_manager()[source]

Return the security manager.

By default, Airflow comes with the default security manager airflow.www.security_manager.AirflowSecurityManagerV2. The auth manager might need to extend this default security manager for its own purposes.

By default, return the default AirflowSecurityManagerV2.

static get_cli_commands()[source]

Vends CLI commands to be included in Airflow CLI.

register_views()[source]

Register views specific to the auth manager.

airflow.providers.amazon.aws.auth_manager.aws_auth_manager.get_parser()[source]

Generate documentation; used by Sphinx argparse.

Was this entry helpful?