CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-apache-airflow-providers-fab

Flask App Builder (FAB) authentication and authorization provider for Apache Airflow

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

Apache Airflow Providers FAB

Flask App Builder (FAB) authentication and authorization provider for Apache Airflow. This package provides comprehensive user management, role-based access control, and multiple authentication backends for enterprise Airflow deployments.

Package Information

  • Package Name: apache-airflow-providers-fab
  • Language: Python
  • Installation: pip install apache-airflow-providers-fab

Core Imports

from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager

For models:

from airflow.providers.fab.auth_manager.models import User, Role, Permission, Action, Resource

For authentication backends:

from airflow.providers.fab.auth_manager.api.auth.backend import basic_auth, kerberos_auth, session

Basic Usage

from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
from airflow.providers.fab.auth_manager.models import User, Role

# The FabAuthManager is typically configured through Airflow's configuration
# and used internally by Airflow's authentication system
auth_manager = FabAuthManager()

# Check if user is authorized for a specific action
if auth_manager.is_logged_in():
    user = auth_manager.get_user()
    print(f"Current user: {user.get_full_name()}")

Architecture

The FAB provider implements Airflow's authentication framework through several key components:

  • FabAuthManager: Main auth manager integrating FAB with Airflow's security model
  • Models: SQLAlchemy models for users, roles, permissions, and resources
  • Authentication Backends: Multiple auth methods (basic, Kerberos, session)
  • CLI Commands: Command-line tools for user and role management
  • API Endpoints: REST API for programmatic user and role management
  • Security Manager: Custom security manager bridging FAB and Airflow security

Capabilities

Auth Manager

Core authentication manager providing user session management, authorization checks, and integration with Airflow's security framework.

class FabAuthManager(BaseAuthManager):
    def get_user(self) -> User: ...
    def is_logged_in(self) -> bool: ...
    def is_authorized_dag(self, *, method: ResourceMethod, access_entity: DagAccessEntity | None = None, details: DagDetails | None = None, user: BaseUser | None = None) -> bool: ...
    def is_authorized_view(self, *, access_view: AccessView, user: BaseUser | None = None) -> bool: ...
    def get_permitted_dag_ids(self, *, methods: Container[ResourceMethod] | None = None, user: BaseUser | None = None, session: Session = NEW_SESSION) -> set[str]: ...

Auth Manager

User and Role Models

SQLAlchemy models for user management, role assignment, and permission tracking.

class User(Model, BaseUser):
    id: int
    username: str
    email: str
    first_name: str
    last_name: str
    active: bool
    roles: list[Role]
    
    def get_full_name(self) -> str: ...
    def get_id(self) -> int: ...

class Role(Model):
    id: int
    name: str
    permissions: list[Permission]
    
class Permission(Model):
    id: int
    action: Action
    resource: Resource

Models

CLI Commands

Command-line interface for user management, role administration, permission synchronization, and database operations.

def users_create(username: str, email: str, firstname: str, lastname: str, role: str, password: str | None = None, use_random_password: bool = False) -> None: ...
def roles_create(roles: list[str]) -> None: ...
def sync_perm(include_dags: bool = False) -> None: ...

CLI Commands

Authentication Backends

Multiple authentication methods supporting basic auth, Kerberos, and session-based authentication.

# Basic Auth Backend
def auth_current_user() -> User | None: ...
def requires_authentication(function: T) -> T: ...

# Kerberos Auth Backend  
class KerberosService: ...
def find_user(username: str | None = None, email: str | None = None) -> User | None: ...

# Session Auth Backend
def requires_authentication(function: T) -> T: ...

Authentication Backends

API Endpoints

REST API endpoints for programmatic user and role management through HTTP requests.

# User endpoint operations
def get_users() -> dict: ...
def get_user(user_id: int) -> dict: ...
def patch_user(user_id: int, data: dict) -> dict: ...

# Role and permission endpoint operations  
def get_roles() -> dict: ...
def get_role(role_id: int) -> dict: ...
def get_permissions() -> dict: ...

API Endpoints

Types

from typing import TypeVar, Callable, Sequence, Container
from airflow.auth.managers.models.base_user import BaseUser
from airflow.auth.managers.base_auth_manager import ResourceMethod
from airflow.auth.managers.models.resource_details import (
    DagDetails,
    DagAccessEntity,
    AccessView,
    ConnectionDetails,
    VariableDetails,
    PoolDetails,
    ConfigurationDetails
)
from sqlalchemy.orm import Session
from airflow.utils.session import NEW_SESSION

T = TypeVar("T", bound=Callable)

Install with Tessl CLI

npx tessl i tessl/pypi-apache-airflow-providers-fab
Workspace
tessl
Visibility
Public
Created
Last updated
Describes
pypipkg:pypi/apache-airflow-providers-fab@1.5.x
Publish Source
CLI
Badge
tessl/pypi-apache-airflow-providers-fab badge