airflow.providers.keycloak.auth_manager.keycloak_auth_manager¶
Attributes¶
Classes¶
| Keycloak auth manager. | 
Functions¶
| Generate documentation; used by Sphinx argparse. | 
Module Contents¶
- airflow.providers.keycloak.auth_manager.keycloak_auth_manager.RESOURCE_ID_ATTRIBUTE_NAME = 'resource_id'[source]¶
- airflow.providers.keycloak.auth_manager.keycloak_auth_manager.get_parser()[source]¶
- Generate documentation; used by Sphinx argparse. 
- class airflow.providers.keycloak.auth_manager.keycloak_auth_manager.KeycloakAuthManager(context=None)[source]¶
- Bases: - airflow.api_fastapi.auth.managers.base_auth_manager.BaseAuthManager[- airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser]- Keycloak auth manager. - Leverages Keycloak to perform authentication and authorization in Airflow. - get_url_refresh()[source]¶
- Return the URL to refresh the authentication token. - This is used to refresh the authentication token when it expires. The default implementation returns None, which means that the auth manager does not support refresh token. 
 - is_authorized_configuration(*, method, user, details=None)[source]¶
- Return whether the user is authorized to perform a given action on configuration. - Parameters:
- method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform 
- user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action 
- details (airflow.api_fastapi.auth.managers.models.resource_details.ConfigurationDetails | None) – optional details about the configuration 
 
 
 - is_authorized_connection(*, method, user, details=None)[source]¶
- Return whether the user is authorized to perform a given action on a connection. - Parameters:
- method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform 
- user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action 
- details (airflow.api_fastapi.auth.managers.models.resource_details.ConnectionDetails | None) – optional details about the connection 
 
 
 - is_authorized_dag(*, method, user, access_entity=None, details=None)[source]¶
- Return whether the user is authorized to perform a given action on a DAG. - Parameters:
- method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform 
- user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action 
- access_entity (airflow.api_fastapi.auth.managers.models.resource_details.DagAccessEntity | None) – the kind of DAG information the authorization request is about. If not provided, the authorization request is about the DAG itself 
- details (airflow.api_fastapi.auth.managers.models.resource_details.DagDetails | None) – optional details about the DAG 
 
 
 - is_authorized_backfill(*, method, user, details=None)[source]¶
- Return whether the user is authorized to perform a given action on a backfill. - Parameters:
- method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform 
- user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action 
- details (airflow.api_fastapi.auth.managers.models.resource_details.BackfillDetails | None) – optional details about the backfill 
 
 
 - is_authorized_asset(*, method, user, details=None)[source]¶
- Return whether the user is authorized to perform a given action on an asset. - Parameters:
- method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform 
- user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action 
- details (airflow.api_fastapi.auth.managers.models.resource_details.AssetDetails | None) – optional details about the asset 
 
 
 - is_authorized_asset_alias(*, method, user, details=None)[source]¶
- Return whether the user is authorized to perform a given action on an asset alias. - Parameters:
- method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform 
- user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to perform the action on 
- details (airflow.api_fastapi.auth.managers.models.resource_details.AssetAliasDetails | None) – optional details about the asset alias 
 
 
 - is_authorized_variable(*, method, user, details=None)[source]¶
- Return whether the user is authorized to perform a given action on a variable. - Parameters:
- method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform 
- user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action 
- details (airflow.api_fastapi.auth.managers.models.resource_details.VariableDetails | None) – optional details about the variable 
 
 
 - is_authorized_pool(*, method, user, details=None)[source]¶
- Return whether the user is authorized to perform a given action on a pool. - Parameters:
- method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform 
- user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action 
- details (airflow.api_fastapi.auth.managers.models.resource_details.PoolDetails | None) – optional details about the pool 
 
 
 - is_authorized_view(*, access_view, user)[source]¶
- Return whether the user is authorized to access a read-only state of the installation. - Parameters:
- access_view (airflow.api_fastapi.auth.managers.models.resource_details.AccessView) – the specific read-only view/state the authorization request is about. 
- user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action 
 
 
 - is_authorized_custom_view(*, method, resource_name, user)[source]¶
- Return whether the user is authorized to perform a given action on a custom view. - A custom view can be a view defined as part of the auth manager. This view is then only available when the auth manager is used as part of the environment. It can also be a view defined as part of a plugin defined by a user. - Parameters:
- method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod | str) – the method to perform. The method can also be a string if the action has been defined in a plugin. In that case, the action can be anything (e.g. can_do). See https://github.com/apache/airflow/issues/39144 
- resource_name (str) – the name of the resource 
- user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user to performing the action 
 
 
 - Filter menu items based on user permissions. - Parameters:
- menu_items (list[airflow.api_fastapi.common.types.MenuItem]) – list of all menu items 
- user (airflow.providers.keycloak.auth_manager.user.KeycloakAuthManagerUser) – the user