or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

api-endpoints.mdauth-backends.mdauth-manager.mdcli-commands.mdindex.mdmodels.md
tile.json

tessl/pypi-apache-airflow-providers-fab

Flask App Builder (FAB) authentication and authorization provider for Apache Airflow

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
pypipkg:pypi/apache-airflow-providers-fab@1.5.x

To install, run

npx @tessl/cli install tessl/pypi-apache-airflow-providers-fab@1.5.0

index.mddocs/

Apache Airflow Providers FAB

Flask App Builder (FAB) authentication and authorization provider for Apache Airflow. This package provides comprehensive user management, role-based access control, and multiple authentication backends for enterprise Airflow deployments.

Package Information

  • Package Name: apache-airflow-providers-fab
  • Language: Python
  • Installation: pip install apache-airflow-providers-fab

Core Imports

from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager

For models:

from airflow.providers.fab.auth_manager.models import User, Role, Permission, Action, Resource

For authentication backends:

from airflow.providers.fab.auth_manager.api.auth.backend import basic_auth, kerberos_auth, session

Basic Usage

from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
from airflow.providers.fab.auth_manager.models import User, Role

# The FabAuthManager is typically configured through Airflow's configuration
# and used internally by Airflow's authentication system
auth_manager = FabAuthManager()

# Check if user is authorized for a specific action
if auth_manager.is_logged_in():
    user = auth_manager.get_user()
    print(f"Current user: {user.get_full_name()}")

Architecture

The FAB provider implements Airflow's authentication framework through several key components:

  • FabAuthManager: Main auth manager integrating FAB with Airflow's security model
  • Models: SQLAlchemy models for users, roles, permissions, and resources
  • Authentication Backends: Multiple auth methods (basic, Kerberos, session)
  • CLI Commands: Command-line tools for user and role management
  • API Endpoints: REST API for programmatic user and role management
  • Security Manager: Custom security manager bridging FAB and Airflow security

Capabilities

Auth Manager

Core authentication manager providing user session management, authorization checks, and integration with Airflow's security framework.

class FabAuthManager(BaseAuthManager):
    def get_user(self) -> User: ...
    def is_logged_in(self) -> bool: ...
    def is_authorized_dag(self, *, method: ResourceMethod, access_entity: DagAccessEntity | None = None, details: DagDetails | None = None, user: BaseUser | None = None) -> bool: ...
    def is_authorized_view(self, *, access_view: AccessView, user: BaseUser | None = None) -> bool: ...
    def get_permitted_dag_ids(self, *, methods: Container[ResourceMethod] | None = None, user: BaseUser | None = None, session: Session = NEW_SESSION) -> set[str]: ...

Auth Manager

User and Role Models

SQLAlchemy models for user management, role assignment, and permission tracking.

class User(Model, BaseUser):
    id: int
    username: str
    email: str
    first_name: str
    last_name: str
    active: bool
    roles: list[Role]
    
    def get_full_name(self) -> str: ...
    def get_id(self) -> int: ...

class Role(Model):
    id: int
    name: str
    permissions: list[Permission]
    
class Permission(Model):
    id: int
    action: Action
    resource: Resource

Models

CLI Commands

Command-line interface for user management, role administration, permission synchronization, and database operations.

def users_create(username: str, email: str, firstname: str, lastname: str, role: str, password: str | None = None, use_random_password: bool = False) -> None: ...
def roles_create(roles: list[str]) -> None: ...
def sync_perm(include_dags: bool = False) -> None: ...

CLI Commands

Authentication Backends

Multiple authentication methods supporting basic auth, Kerberos, and session-based authentication.

# Basic Auth Backend
def auth_current_user() -> User | None: ...
def requires_authentication(function: T) -> T: ...

# Kerberos Auth Backend  
class KerberosService: ...
def find_user(username: str | None = None, email: str | None = None) -> User | None: ...

# Session Auth Backend
def requires_authentication(function: T) -> T: ...

Authentication Backends

API Endpoints

REST API endpoints for programmatic user and role management through HTTP requests.

# User endpoint operations
def get_users() -> dict: ...
def get_user(user_id: int) -> dict: ...
def patch_user(user_id: int, data: dict) -> dict: ...

# Role and permission endpoint operations  
def get_roles() -> dict: ...
def get_role(role_id: int) -> dict: ...
def get_permissions() -> dict: ...

API Endpoints

Types

from typing import TypeVar, Callable, Sequence, Container
from airflow.auth.managers.models.base_user import BaseUser
from airflow.auth.managers.base_auth_manager import ResourceMethod
from airflow.auth.managers.models.resource_details import (
    DagDetails,
    DagAccessEntity,
    AccessView,
    ConnectionDetails,
    VariableDetails,
    PoolDetails,
    ConfigurationDetails
)
from sqlalchemy.orm import Session
from airflow.utils.session import NEW_SESSION

T = TypeVar("T", bound=Callable)