airflow.providers.fab.auth_manager.fab_auth_manager
¶
Module Contents¶
Classes¶
Flask-AppBuilder auth manager. |
Functions¶
Generate documentation; used by Sphinx argparse. |
- class airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager(appbuilder)[source]¶
Bases:
airflow.auth.managers.base_auth_manager.BaseAuthManager
Flask-AppBuilder auth manager.
This auth manager is responsible for providing a backward compatible user management experience to users.
- get_user()[source]¶
Return the user associated to the user in session.
Attempt to find the current user in g.user, as defined by the kerberos authentication backend. If no such user is found, return the current_user local proxy object, linked to the user session.
- is_authorized_configuration(*, method, details=None, user=None)[source]¶
Return whether the user is authorized to perform a given action on configuration.
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.ConfigurationDetails | None) – optional details about the configuration
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- is_authorized_connection(*, method, details=None, user=None)[source]¶
Return whether the user is authorized to perform a given action on a connection.
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.ConnectionDetails | None) – optional details about the connection
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- is_authorized_dag(*, method, access_entity=None, details=None, user=None)[source]¶
Return whether the user is authorized to access the dag.
There are multiple scenarios:
1.
dag_access
is not provided which means the user wants to access the DAG itself and not a sub entity (e.g. DAG runs). 2.dag_access
is provided which means the user wants to access a sub entity of the DAG (e.g. DAG runs).If
method
is GET, then check the user has READ permissions on the DAG and the sub entity.- Else, check the user has EDIT permissions on the DAG and
method
on the sub entity. However, if no specific DAG is targeted, just check the sub entity.
- Else, check the user has EDIT permissions on the DAG and
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod) – The method to authorize.
access_entity (airflow.auth.managers.models.resource_details.DagAccessEntity | None) – The dag access entity.
details (airflow.auth.managers.models.resource_details.DagDetails | None) – The dag details.
user (airflow.auth.managers.models.base_user.BaseUser | None) – The user.
- is_authorized_asset(*, method, details=None, user=None)[source]¶
Return whether the user is authorized to perform a given action on an asset.
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.providers.common.compat.assets.AssetDetails | None) – optional details about the asset
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- is_authorized_pool(*, method, details=None, user=None)[source]¶
Return whether the user is authorized to perform a given action on a pool.
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.PoolDetails | None) – optional details about the pool
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- is_authorized_variable(*, method, details=None, user=None)[source]¶
Return whether the user is authorized to perform a given action on a variable.
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.VariableDetails | None) – optional details about the variable
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- is_authorized_view(*, access_view, user=None)[source]¶
Return whether the user is authorized to access a read-only state of the installation.
- Parameters
access_view (airflow.auth.managers.models.resource_details.AccessView) – the specific read-only view/state the authorization request is about.
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- is_authorized_custom_view(*, method, resource_name, user=None)[source]¶
Return whether the user is authorized to perform a given action on a custom view.
A custom view can be a view defined as part of the auth manager. This view is then only available when the auth manager is used as part of the environment. It can also be a view defined as part of a plugin defined by a user.
- Parameters
method (airflow.auth.managers.base_auth_manager.ResourceMethod | str) – the method to perform. The method can also be a string if the action has been defined in a plugin. In that case, the action can be anything (e.g. can_do). See https://github.com/apache/airflow/issues/39144
resource_name (str) – the name of the resource
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user
- get_permitted_dag_ids(*, methods=None, user=None, session=NEW_SESSION)[source]¶
Get readable or writable DAGs for user.
By default, reads all the DAGs and check individually if the user has permissions to access the DAG. Can lead to some poor performance. It is recommended to override this method in the auth manager implementation to provide a more efficient implementation.
- Parameters
methods (Container[airflow.auth.managers.base_auth_manager.ResourceMethod] | None) – whether filter readable or writable
user – the current user
session (sqlalchemy.orm.Session) – the session