airflow.providers.fab.auth_manager.fab_auth_manager¶
Module Contents¶
Classes¶
Flask-AppBuilder auth manager. |
- class airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager(appbuilder)[source]¶
Bases:
airflow.auth.managers.base_auth_manager.BaseAuthManagerFlask-AppBuilder auth manager.
This auth manager is responsible for providing a backward compatible user management experience to users.
- is_authorized_configuration(*, method, details=None, user=None)[source]¶
Return whether the user is authorized to perform a given action on configuration.
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.ConfigurationDetails | None) – optional details about the configuration
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- is_authorized_connection(*, method, details=None, user=None)[source]¶
Return whether the user is authorized to perform a given action on a connection.
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.ConnectionDetails | None) – optional details about the connection
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- is_authorized_dag(*, method, access_entity=None, details=None, user=None)[source]¶
Return whether the user is authorized to access the dag.
There are multiple scenarios:
1.
dag_accessis not provided which means the user wants to access the DAG itself and not a sub entity (e.g. DAG runs). 2.dag_accessis provided which means the user wants to access a sub entity of the DAG (e.g. DAG runs).If
methodis GET, then check the user has READ permissions on the DAG and the sub entity.- Else, check the user has EDIT permissions on the DAG and
methodon the sub entity. However, if no specific DAG is targeted, just check the sub entity.
- Else, check the user has EDIT permissions on the DAG and
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod) – The method to authorize.
access_entity (airflow.auth.managers.models.resource_details.DagAccessEntity | None) – The dag access entity.
details (airflow.auth.managers.models.resource_details.DagDetails | None) – The dag details.
user (airflow.auth.managers.models.base_user.BaseUser | None) – The user.
- is_authorized_dataset(*, method, details=None, user=None)[source]¶
Return whether the user is authorized to perform a given action on a dataset.
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.DatasetDetails | None) – optional details about the dataset
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- is_authorized_pool(*, method, details=None, user=None)[source]¶
Return whether the user is authorized to perform a given action on a pool.
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.PoolDetails | None) – optional details about the pool
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- is_authorized_variable(*, method, details=None, user=None)[source]¶
Return whether the user is authorized to perform a given action on a variable.
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.VariableDetails | None) – optional details about the variable
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- is_authorized_view(*, access_view, user=None)[source]¶
Return whether the user is authorized to access a read-only state of the installation.
- Parameters
access_view (airflow.auth.managers.models.resource_details.AccessView) – the specific read-only view/state the authorization request is about.
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- is_authorized_custom_view(*, fab_action_name, fab_resource_name, user=None)[source]¶
Return whether the user is authorized to perform a given action on a custom view.
A custom view is a view defined as part of the auth manager. This view is then only available when the auth manager is used as part of the environment.
By default, it throws an exception because auth managers do not define custom views by default. If an auth manager defines some custom views, it needs to override this method.
- Parameters
fab_action_name (str) – the name of the FAB action defined in the view in
base_permissionsfab_resource_name (str) – the name of the FAB resource defined in the view in
class_permission_nameuser (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- get_permitted_dag_ids(*, methods=None, user=None, session=NEW_SESSION)[source]¶
Get readable or writable DAGs for user.
By default, reads all the DAGs and check individually if the user has permissions to access the DAG. Can lead to some poor performance. It is recommended to override this method in the auth manager implementation to provide a more efficient implementation.