tessl/pypi-apache-airflow-providers-fab
Flask App Builder (FAB) authentication and authorization provider for Apache Airflow
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-apache-airflow-providers-fab@1.5.00
# Apache Airflow Providers FAB
1
2
Flask App Builder (FAB) authentication and authorization provider for Apache Airflow. This package provides comprehensive user management, role-based access control, and multiple authentication backends for enterprise Airflow deployments.
3
4
## Package Information
5
6
- **Package Name**: apache-airflow-providers-fab
7
- **Language**: Python
8
- **Installation**: `pip install apache-airflow-providers-fab`
9
10
## Core Imports
11
12
```python
13
from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
14
```
15
16
For models:
17
18
```python
19
from airflow.providers.fab.auth_manager.models import User, Role, Permission, Action, Resource
20
```
21
22
For authentication backends:
23
24
```python
25
from airflow.providers.fab.auth_manager.api.auth.backend import basic_auth, kerberos_auth, session
26
```
27
28
## Basic Usage
29
30
```python
31
from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
32
from airflow.providers.fab.auth_manager.models import User, Role
33
34
# The FabAuthManager is typically configured through Airflow's configuration
35
# and used internally by Airflow's authentication system
36
auth_manager = FabAuthManager()
37
38
# Check if user is authorized for a specific action
39
if auth_manager.is_logged_in():
40
user = auth_manager.get_user()
41
print(f"Current user: {user.get_full_name()}")
42
```
43
44
## Architecture
45
46
The FAB provider implements Airflow's authentication framework through several key components:
47
48
- **FabAuthManager**: Main auth manager integrating FAB with Airflow's security model
49
- **Models**: SQLAlchemy models for users, roles, permissions, and resources
50
- **Authentication Backends**: Multiple auth methods (basic, Kerberos, session)
51
- **CLI Commands**: Command-line tools for user and role management
52
- **API Endpoints**: REST API for programmatic user and role management
53
- **Security Manager**: Custom security manager bridging FAB and Airflow security
54
55
## Capabilities
56
57
### Auth Manager
58
59
Core authentication manager providing user session management, authorization checks, and integration with Airflow's security framework.
60
61
```python { .api }
62
class FabAuthManager(BaseAuthManager):
63
def get_user(self) -> User: ...
64
def is_logged_in(self) -> bool: ...
65
def is_authorized_dag(self, *, method: ResourceMethod, access_entity: DagAccessEntity | None = None, details: DagDetails | None = None, user: BaseUser | None = None) -> bool: ...
66
def is_authorized_view(self, *, access_view: AccessView, user: BaseUser | None = None) -> bool: ...
67
def get_permitted_dag_ids(self, *, methods: Container[ResourceMethod] | None = None, user: BaseUser | None = None, session: Session = NEW_SESSION) -> set[str]: ...
68
```
69
70
[Auth Manager](./auth-manager.md)
71
72
### User and Role Models
73
74
SQLAlchemy models for user management, role assignment, and permission tracking.
75
76
```python { .api }
77
class User(Model, BaseUser):
78
id: int
79
username: str
80
email: str
81
first_name: str
82
last_name: str
83
active: bool
84
roles: list[Role]
85
86
def get_full_name(self) -> str: ...
87
def get_id(self) -> int: ...
88
89
class Role(Model):
90
id: int
91
name: str
92
permissions: list[Permission]
93
94
class Permission(Model):
95
id: int
96
action: Action
97
resource: Resource
98
```
99
100
[Models](./models.md)
101
102
### CLI Commands
103
104
Command-line interface for user management, role administration, permission synchronization, and database operations.
105
106
```python { .api }
107
def users_create(username: str, email: str, firstname: str, lastname: str, role: str, password: str | None = None, use_random_password: bool = False) -> None: ...
108
def roles_create(roles: list[str]) -> None: ...
109
def sync_perm(include_dags: bool = False) -> None: ...
110
```
111
112
[CLI Commands](./cli-commands.md)
113
114
### Authentication Backends
115
116
Multiple authentication methods supporting basic auth, Kerberos, and session-based authentication.
117
118
```python { .api }
119
# Basic Auth Backend
120
def auth_current_user() -> User | None: ...
121
def requires_authentication(function: T) -> T: ...
122
123
# Kerberos Auth Backend
124
class KerberosService: ...
125
def find_user(username: str | None = None, email: str | None = None) -> User | None: ...
126
127
# Session Auth Backend
128
def requires_authentication(function: T) -> T: ...
129
```
130
131
[Authentication Backends](./auth-backends.md)
132
133
### API Endpoints
134
135
REST API endpoints for programmatic user and role management through HTTP requests.
136
137
```python { .api }
138
# User endpoint operations
139
def get_users() -> dict: ...
140
def get_user(user_id: int) -> dict: ...
141
def patch_user(user_id: int, data: dict) -> dict: ...
142
143
# Role and permission endpoint operations
144
def get_roles() -> dict: ...
145
def get_role(role_id: int) -> dict: ...
146
def get_permissions() -> dict: ...
147
```
148
149
[API Endpoints](./api-endpoints.md)
150
151
## Types
152
153
```python { .api }
154
from typing import TypeVar, Callable, Sequence, Container
155
from airflow.auth.managers.models.base_user import BaseUser
156
from airflow.auth.managers.base_auth_manager import ResourceMethod
157
from airflow.auth.managers.models.resource_details import (
158
DagDetails,
159
DagAccessEntity,
160
AccessView,
161
ConnectionDetails,
162
VariableDetails,
163
PoolDetails,
164
ConfigurationDetails
165
)
166
from sqlalchemy.orm import Session
167
from airflow.utils.session import NEW_SESSION
168
169
T = TypeVar("T", bound=Callable)
170
```