tessl/pypi-apache-airflow-fab-security
Flask-AppBuilder (FAB) security integration component within Apache Airflow core, providing authentication, authorization, and security management features
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-apache-airflow-fab-security@2.8.00
# Apache Airflow FAB Security
1
2
Flask-AppBuilder (FAB) security integration component within Apache Airflow core, providing authentication, authorization, and security management features. This component implements comprehensive security infrastructure including user management, role-based access control, permission management, and multiple authentication backends.
3
4
## Package Information
5
6
- **Package Name**: apache-airflow (fab_security module)
7
- **Language**: Python
8
- **Installation**: Included as part of Apache Airflow (`pip install apache-airflow`)
9
- **Version**: 2.8.0
10
11
## Core Imports
12
13
```python
14
from airflow.www.fab_security.sqla.manager import SecurityManager
15
from airflow.www.fab_security.sqla.models import User, Role, Permission, Action, Resource
16
```
17
18
Common view imports:
19
20
```python
21
from airflow.www.fab_security.views import (
22
CustomUserDBModelView,
23
CustomRoleModelView,
24
ActionModelView,
25
ResourceModelView
26
)
27
```
28
29
## Basic Usage
30
31
```python
32
from airflow.www.fab_security.sqla.manager import SecurityManager
33
from airflow.www.fab_security.sqla.models import User, Role
34
from flask_appbuilder import AppBuilder
35
36
# Initialize security manager
37
app_builder = AppBuilder(app)
38
security_manager = SecurityManager(app_builder)
39
40
# Create a new user
41
user = security_manager.add_user(
42
username="john_doe",
43
first_name="John",
44
last_name="Doe",
45
email="john@example.com",
46
role=security_manager.find_role("User"),
47
password="secure_password"
48
)
49
50
# Create a role
51
admin_role = security_manager.add_role("CustomAdmin")
52
53
# Create permissions
54
permission = security_manager.create_permission("can_read", "Users")
55
security_manager.add_permission_to_role(admin_role, permission)
56
57
# Authenticate user
58
authenticated_user = security_manager.auth_user_db("john_doe", "secure_password")
59
```
60
61
## Architecture
62
63
The FAB security component follows a layered architecture:
64
65
- **Security Manager**: Central hub for authentication, authorization, and user management
66
- **Models**: SQLAlchemy models representing users, roles, permissions, actions, and resources
67
- **Views**: Flask-AppBuilder views for web interface integration
68
- **Authentication Backends**: Support for DB, LDAP, OAuth, OpenID, and Remote User authentication
69
70
This design enables flexible security configuration while maintaining compatibility with Flask-AppBuilder's security model and Airflow's specific requirements.
71
72
## Capabilities
73
74
### Security Management
75
76
Core security management functionality including user authentication, authorization checks, permission validation, and session management. Provides the foundation for all security operations.
77
78
```python { .api }
79
class BaseSecurityManager:
80
def auth_user_db(self, username: str, password: str) -> User | None: ...
81
def auth_user_ldap(self, username: str, password: str) -> User | None: ...
82
def auth_user_oauth(self, userinfo: dict) -> User | None: ...
83
def auth_user_oid(self, email: str) -> User | None: ...
84
def auth_user_remote_user(self, username: str) -> User | None: ...
85
def reset_password(self, userid: int, password: str) -> bool: ...
86
def update_user_auth_stat(self, user: User, success: bool = True) -> None: ...
87
```
88
89
[Security Management](./security-management.md)
90
91
### User Management
92
93
Comprehensive user lifecycle management including creation, updates, deletion, and user queries. Handles user authentication statistics and profile management.
94
95
```python { .api }
96
def add_user(self, username: str, first_name: str, last_name: str, email: str, role: Role | list[Role], password: str = "") -> User | None: ...
97
def update_user(self, user: User) -> bool: ...
98
def find_user(self, username: str = None, email: str = None) -> User | None: ...
99
def get_user_by_id(self, pk: int) -> User: ...
100
def get_all_users(self) -> list[User]: ...
101
def count_users(self) -> int: ...
102
```
103
104
[User Management](./user-management.md)
105
106
### Role and Permission Management
107
108
Role-based access control with granular permission management. Supports creating roles, assigning permissions, and managing access control for resources and actions.
109
110
```python { .api }
111
def add_role(self, name: str) -> Role | None: ...
112
def find_role(self, name: str) -> Role | None: ...
113
def create_permission(self, action_name: str, resource_name: str) -> Permission | None: ...
114
def add_permission_to_role(self, role: Role, permission: Permission) -> None: ...
115
def remove_permission_from_role(self, role: Role, permission: Permission) -> None: ...
116
```
117
118
[Role and Permission Management](./role-permission-management.md)
119
120
### Data Models
121
122
SQLAlchemy models representing the security schema including users, roles, permissions, actions, resources, and their relationships. Provides the data layer for security operations.
123
124
```python { .api }
125
class User(Model):
126
id: int
127
username: str
128
email: str
129
first_name: str
130
last_name: str
131
password: str
132
active: bool
133
last_login: datetime
134
login_count: int
135
fail_login_count: int
136
roles: list[Role]
137
created_on: datetime
138
changed_on: datetime
139
created_by_fk: int
140
changed_by_fk: int
141
```
142
143
[Data Models](./data-models.md)
144
145
### Web Views
146
147
Flask-AppBuilder view classes for web interface integration, providing customized security views that integrate with Airflow's permission model and web interface.
148
149
```python { .api }
150
class CustomUserDBModelView(MultiResourceUserMixin, UserDBModelView): ...
151
class CustomRoleModelView(RoleModelView): ...
152
class ActionModelView(PermissionModelView): ...
153
class ResourceModelView(ViewMenuModelView): ...
154
```
155
156
[Web Views](./web-views.md)
157
158
### Authentication Backends
159
160
Multiple authentication backend support including database, LDAP, OAuth, OpenID, and remote user authentication with configurable options and provider-specific implementations.
161
162
```python { .api }
163
def auth_user_db(self, username: str, password: str) -> User | None: ...
164
def auth_user_ldap(self, username: str, password: str) -> User | None: ...
165
def auth_user_oauth(self, userinfo: dict) -> User | None: ...
166
def auth_user_oid(self, email: str) -> User | None: ...
167
def auth_user_remote_user(self, username: str) -> User | None: ...
168
```
169
170
[Authentication Backends](./authentication-backends.md)
171
172
## Authentication Methods
173
174
The component supports multiple authentication types:
175
176
```python { .api }
177
from flask_appbuilder.const import (
178
AUTH_DB,
179
AUTH_LDAP,
180
AUTH_OAUTH,
181
AUTH_OID,
182
AUTH_REMOTE_USER
183
)
184
```
185
186
- **AUTH_DB**: Database-based username/password authentication
187
- **AUTH_LDAP**: LDAP/Active Directory integration
188
- **AUTH_OAUTH**: OAuth 2.0 providers (Google, GitHub, Azure, etc.)
189
- **AUTH_OID**: OpenID authentication
190
- **AUTH_REMOTE_USER**: Remote user authentication (e.g., from web server)
191
192
## Configuration Properties
193
194
Key configuration properties for security behavior:
195
196
- `auth_type`: Authentication backend type
197
- `auth_role_admin`: Administrator role name
198
- `auth_role_public`: Public/anonymous role name
199
- `auth_user_registration`: Enable user self-registration
200
- `auth_roles_mapping`: Map external roles to internal roles
201
- `auth_username_ci`: Case-insensitive username matching
202
203
## Error Handling
204
205
The component provides comprehensive error handling with logging and graceful degradation for authentication failures, database errors, and configuration issues.