apache-airflow-providers-fab 1.0.0rc1__tar.gz → 1.0.2__tar.gz

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: apache-airflow-providers-fab
-Version: 1.0.0rc1
+Version: 1.0.2
 Summary: Provider package apache-airflow-providers-fab for Apache Airflow
 Keywords: airflow-provider,fab,airflow,integration
 Author-email: Apache Software Foundation <dev@airflow.apache.org>
@@ -19,15 +19,16 @@ Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
 Classifier: Topic :: System :: Monitoring
-Requires-Dist: apache-airflow>=2.9.0.dev0
-Requires-Dist: flask-appbuilder==4.3.10
+Requires-Dist: apache-airflow>=2.9.0
+Requires-Dist: flask-appbuilder==4.4.1
 Requires-Dist: flask-login>=0.6.2
 Requires-Dist: flask>=2.2,<2.3
 Requires-Dist: google-re2>=1.0
 Project-URL: Bug Tracker, https://github.com/apache/airflow/issues
-Project-URL: Changelog, https://airflow.apache.org/docs/apache-airflow-providers-fab/1.0.0/changelog.html
-Project-URL: Documentation, https://airflow.apache.org/docs/apache-airflow-providers-fab/1.0.0
+Project-URL: Changelog, https://airflow.apache.org/docs/apache-airflow-providers-fab/1.0.2/changelog.html
+Project-URL: Documentation, https://airflow.apache.org/docs/apache-airflow-providers-fab/1.0.2
 Project-URL: Slack Chat, https://s.apache.org/airflow-slack
 Project-URL: Source Code, https://github.com/apache/airflow
 Project-URL: Twitter, https://twitter.com/ApacheAirflow
@@ -77,7 +78,7 @@ Project-URL: YouTube, https://www.youtube.com/channel/UCSXwxpWZQ7XZ1WL3wqevChA/
 
 Package ``apache-airflow-providers-fab``
 
-Release: ``1.0.0.rc1``
+Release: ``1.0.2``
 
 
 `Flask App Builder <https://flask-appbuilder.readthedocs.io/>`__
@@ -90,7 +91,7 @@ This is a provider package for ``fab`` provider. All classes for this provider p
 are in ``airflow.providers.fab`` python package.
 
 You can find package information and changelog for the provider
-in the `documentation <https://airflow.apache.org/docs/apache-airflow-providers-fab/1.0.0/>`_.
+in the `documentation <https://airflow.apache.org/docs/apache-airflow-providers-fab/1.0.2/>`_.
 
 Installation
 ------------
@@ -99,7 +100,7 @@ You can install this package on top of an existing Airflow 2 installation (see `
 for the minimum Airflow version supported) via
 ``pip install apache-airflow-providers-fab``
 
-The package supports the following python versions: 3.8,3.9,3.10,3.11
+The package supports the following python versions: 3.8,3.9,3.10,3.11,3.12
 
 Requirements
 ------------
@@ -109,10 +110,10 @@ PIP package           Version required
 ====================  ==================
 ``apache-airflow``    ``>=2.9.0``
 ``flask``             ``>=2.2,<2.3``
-``flask-appbuilder``  ``==4.3.10``
+``flask-appbuilder``  ``==4.4.1``
 ``flask-login``       ``>=0.6.2``
 ``google-re2``        ``>=1.0``
 ====================  ==================
 
 The changelog for the provider package can be found in the
-`changelog <https://airflow.apache.org/docs/apache-airflow-providers-fab/1.0.0/changelog.html>`_.
+`changelog <https://airflow.apache.org/docs/apache-airflow-providers-fab/1.0.2/changelog.html>`_.

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/README.rst

@@ -42,7 +42,7 @@
 
 Package ``apache-airflow-providers-fab``
 
-Release: ``1.0.0.rc1``
+Release: ``1.0.2``
 
 
 `Flask App Builder <https://flask-appbuilder.readthedocs.io/>`__
@@ -55,7 +55,7 @@ This is a provider package for ``fab`` provider. All classes for this provider p
 are in ``airflow.providers.fab`` python package.
 
 You can find package information and changelog for the provider
-in the `documentation <https://airflow.apache.org/docs/apache-airflow-providers-fab/1.0.0/>`_.
+in the `documentation <https://airflow.apache.org/docs/apache-airflow-providers-fab/1.0.2/>`_.
 
 Installation
 ------------
@@ -64,7 +64,7 @@ You can install this package on top of an existing Airflow 2 installation (see `
 for the minimum Airflow version supported) via
 ``pip install apache-airflow-providers-fab``
 
-The package supports the following python versions: 3.8,3.9,3.10,3.11
+The package supports the following python versions: 3.8,3.9,3.10,3.11,3.12
 
 Requirements
 ------------
@@ -74,10 +74,10 @@ PIP package           Version required
 ====================  ==================
 ``apache-airflow``    ``>=2.9.0``
 ``flask``             ``>=2.2,<2.3``
-``flask-appbuilder``  ``==4.3.10``
+``flask-appbuilder``  ``==4.4.1``
 ``flask-login``       ``>=0.6.2``
 ``google-re2``        ``>=1.0``
 ====================  ==================
 
 The changelog for the provider package can be found in the
-`changelog <https://airflow.apache.org/docs/apache-airflow-providers-fab/1.0.0/changelog.html>`_.
+`changelog <https://airflow.apache.org/docs/apache-airflow-providers-fab/1.0.2/changelog.html>`_.

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/airflow/providers/fab/__init__.py

@@ -27,7 +27,7 @@ import packaging.version
 
 __all__ = ["__version__"]
 
-__version__ = "1.0.0"
+__version__ = "1.0.2"
 
 try:
     from airflow import __version__ as airflow_version

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/airflow/providers/fab/auth_manager/api/auth/backend/basic_auth.py

@@ -15,6 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 """Basic authentication backend."""
+
 from __future__ import annotations
 
 from functools import wraps

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py

@@ -41,10 +41,9 @@ from airflow.www.extensions.init_auth_manager import get_auth_manager
 
 if TYPE_CHECKING:
     from airflow.api_connexion.types import APIResponse, UpdateMask
-    from airflow.www.security_manager import AirflowSecurityManagerV2
 
 
-def _check_action_and_resource(sm: AirflowSecurityManagerV2, perms: list[tuple[str, str]]) -> None:
+def _check_action_and_resource(sm: FabAirflowSecurityManagerOverride, perms: list[tuple[str, str]]) -> None:
     """
     Check if the action or resource exists and otherwise raise 400.
 
@@ -57,7 +56,7 @@ def _check_action_and_resource(sm: AirflowSecurityManagerV2, perms: list[tuple[s
             raise BadRequest(detail=f"The specified resource: {resource!r} was not found")
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_READ, permissions.RESOURCE_ROLE)
+@requires_access_custom_view("GET", permissions.RESOURCE_ROLE)
 def get_role(*, role_name: str) -> APIResponse:
     """Get role."""
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
@@ -67,7 +66,7 @@ def get_role(*, role_name: str) -> APIResponse:
     return role_schema.dump(role)
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_READ, permissions.RESOURCE_ROLE)
+@requires_access_custom_view("GET", permissions.RESOURCE_ROLE)
 @format_parameters({"limit": check_limit})
 def get_roles(*, order_by: str = "name", limit: int, offset: int | None = None) -> APIResponse:
     """Get roles."""
@@ -95,7 +94,7 @@ def get_roles(*, order_by: str = "name", limit: int, offset: int | None = None)
     return role_collection_schema.dump(RoleCollection(roles=roles, total_entries=total_entries))
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_READ, permissions.RESOURCE_ACTION)
+@requires_access_custom_view("GET", permissions.RESOURCE_ACTION)
 @format_parameters({"limit": check_limit})
 def get_permissions(*, limit: int, offset: int | None = None) -> APIResponse:
     """Get permissions."""
@@ -107,7 +106,7 @@ def get_permissions(*, limit: int, offset: int | None = None) -> APIResponse:
     return action_collection_schema.dump(ActionCollection(actions=actions, total_entries=total_entries))
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_DELETE, permissions.RESOURCE_ROLE)
+@requires_access_custom_view("DELETE", permissions.RESOURCE_ROLE)
 def delete_role(*, role_name: str) -> APIResponse:
     """Delete a role."""
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
@@ -119,7 +118,7 @@ def delete_role(*, role_name: str) -> APIResponse:
     return NoContent, HTTPStatus.NO_CONTENT
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_EDIT, permissions.RESOURCE_ROLE)
+@requires_access_custom_view("PUT", permissions.RESOURCE_ROLE)
 def patch_role(*, role_name: str, update_mask: UpdateMask = None) -> APIResponse:
     """Update a role."""
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
@@ -152,7 +151,7 @@ def patch_role(*, role_name: str, update_mask: UpdateMask = None) -> APIResponse
     return role_schema.dump(role)
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_CREATE, permissions.RESOURCE_ROLE)
+@requires_access_custom_view("POST", permissions.RESOURCE_ROLE)
 def post_role() -> APIResponse:
     """Create a new role."""
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py

@@ -44,7 +44,7 @@ if TYPE_CHECKING:
     from airflow.providers.fab.auth_manager.models import Role
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_READ, permissions.RESOURCE_USER)
+@requires_access_custom_view("GET", permissions.RESOURCE_USER)
 def get_user(*, username: str) -> APIResponse:
     """Get a user."""
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
@@ -54,7 +54,7 @@ def get_user(*, username: str) -> APIResponse:
     return user_collection_item_schema.dump(user)
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_READ, permissions.RESOURCE_USER)
+@requires_access_custom_view("GET", permissions.RESOURCE_USER)
 @format_parameters({"limit": check_limit})
 def get_users(*, limit: int, order_by: str = "id", offset: str | None = None) -> APIResponse:
     """Get users."""
@@ -86,7 +86,7 @@ def get_users(*, limit: int, order_by: str = "id", offset: str | None = None) ->
     return user_collection_schema.dump(UserCollection(users=users, total_entries=total_entries))
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_CREATE, permissions.RESOURCE_USER)
+@requires_access_custom_view("POST", permissions.RESOURCE_USER)
 def post_user() -> APIResponse:
     """Create a new user."""
     try:
@@ -129,7 +129,7 @@ def post_user() -> APIResponse:
     return user_schema.dump(user)
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_EDIT, permissions.RESOURCE_USER)
+@requires_access_custom_view("PUT", permissions.RESOURCE_USER)
 def patch_user(*, username: str, update_mask: UpdateMask = None) -> APIResponse:
     """Update a user."""
     try:
@@ -198,7 +198,7 @@ def patch_user(*, username: str, update_mask: UpdateMask = None) -> APIResponse:
     return user_schema.dump(user)
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_DELETE, permissions.RESOURCE_USER)
+@requires_access_custom_view("DELETE", permissions.RESOURCE_USER)
 def delete_user(*, username: str) -> APIResponse:
     """Delete a user."""
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/airflow/providers/fab/auth_manager/cli_commands/definition.py

@@ -136,6 +136,27 @@ USERS_COMMANDS = (
             "          --email admin@example.org"
         ),
     ),
+    ActionCommand(
+        name="reset-password",
+        help="Reset a user's password",
+        func=lazy_load_command(
+            "airflow.providers.fab.auth_manager.cli_commands.user_command.user_reset_password"
+        ),
+        args=(
+            ARG_USERNAME_OPTIONAL,
+            ARG_EMAIL_OPTIONAL,
+            ARG_PASSWORD,
+            ARG_USE_RANDOM_PASSWORD,
+            ARG_VERBOSE,
+        ),
+        epilog=(
+            "examples:\n"
+            'To reset an user with username equals to "admin", run:\n'
+            "\n"
+            "    $ airflow users reset-password \\\n"
+            "          --username admin"
+        ),
+    ),
     ActionCommand(
         name="delete",
         help="Delete a user",

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/airflow/providers/fab/auth_manager/cli_commands/role_command.py

@@ -16,11 +16,13 @@
 # specific language governing permissions and limitations
 # under the License.
 """Roles sub-commands."""
+
 from __future__ import annotations
 
 import itertools
 import json
 import os
+from argparse import Namespace
 from collections import defaultdict
 from typing import TYPE_CHECKING
 
@@ -155,30 +157,38 @@ def roles_del_perms(args):
 @suppress_logs_and_warning
 @providers_configuration_loaded
 def roles_export(args):
-    """
-    Export all the roles from the database to a file.
-
-    Note, this function does not export the permissions associated for each role.
-    Strictly, it exports the role names into the passed role json file.
-    """
+    """Export all the roles from the database to a file including permissions."""
     with get_application_builder() as appbuilder:
         roles = appbuilder.sm.get_all_roles()
-        exporting_roles = [role.name for role in roles if role.name not in EXISTING_ROLES]
+        exporting_roles = [role for role in roles if role.name not in EXISTING_ROLES]
     filename = os.path.expanduser(args.file)
-    kwargs = {} if not args.pretty else {"sort_keys": True, "indent": 4}
+
+    permission_map: dict[tuple[str, str], list[str]] = defaultdict(list)
+    for role in exporting_roles:
+        if role.permissions:
+            for permission in role.permissions:
+                permission_map[(role.name, permission.resource.name)].append(permission.action.name)
+        else:
+            permission_map[(role.name, "")].append("")
+    export_data = [
+        {"name": role, "resource": resource, "action": ",".join(sorted(permissions))}
+        for (role, resource), permissions in permission_map.items()
+    ]
+    kwargs = {} if not args.pretty else {"sort_keys": False, "indent": 4}
     with open(filename, "w", encoding="utf-8") as f:
-        json.dump(exporting_roles, f, **kwargs)
-    print(f"{len(exporting_roles)} roles successfully exported to {filename}")
+        json.dump(export_data, f, **kwargs)
+    print(
+        f"{len(exporting_roles)} roles with {len(export_data)} linked permissions successfully exported to {filename}"
+    )
 
 
 @cli_utils.action_cli
 @suppress_logs_and_warning
 def roles_import(args):
     """
-    Import all the roles into the db from the given json file.
+    Import all the roles into the db from the given json file including their permissions.
 
-    Note, this function does not import the permissions for different roles and import them as well.
-    Strictly, it imports the role names in the role json file passed.
+    Note, if a role already exists in the db, it is not overwritten, even when the permissions change.
     """
     json_file = args.file
     try:
@@ -193,7 +203,30 @@ def roles_import(args):
 
     with get_application_builder() as appbuilder:
         existing_roles = [role.name for role in appbuilder.sm.get_all_roles()]
-        roles_to_import = [role for role in role_list if role not in existing_roles]
-        for role_name in roles_to_import:
-            appbuilder.sm.add_role(role_name)
-    print(f"roles '{roles_to_import}' successfully imported")
+        roles_to_import = [role_dict for role_dict in role_list if role_dict["name"] not in existing_roles]
+        for role_dict in roles_to_import:
+            if role_dict["name"] not in appbuilder.sm.get_all_roles():
+                if role_dict["action"] == "" or role_dict["resource"] == "":
+                    appbuilder.sm.add_role(role_dict["name"])
+                else:
+                    appbuilder.sm.add_role(role_dict["name"])
+                    role_args = Namespace(
+                        subcommand="add-perms",
+                        role=[role_dict["name"]],
+                        resource=[role_dict["resource"]],
+                        action=role_dict["action"].split(","),
+                    )
+                __roles_add_or_remove_permissions(role_args)
+
+            if role_dict["name"] in appbuilder.sm.get_all_roles():
+                if role_dict["action"] == "" or role_dict["resource"] == "":
+                    pass
+                else:
+                    role_args = Namespace(
+                        subcommand="add-perms",
+                        role=[role_dict["name"]],
+                        resource=[role_dict["resource"]],
+                        action=role_dict["action"].split(","),
+                    )
+                __roles_add_or_remove_permissions(role_args)
+        print("roles and permissions successfully imported")

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/airflow/providers/fab/auth_manager/cli_commands/sync_perm_command.py

@@ -16,6 +16,7 @@
 # specific language governing permissions and limitations
 # under the License.
 """Sync permission command."""
+
 from __future__ import annotations
 
 from airflow.utils import cli as cli_utils

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/airflow/providers/fab/auth_manager/cli_commands/user_command.py

@@ -15,6 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 """User sub-commands."""
+
 from __future__ import annotations
 
 import functools
@@ -70,16 +71,7 @@ def users_create(args):
         if not role:
             valid_roles = appbuilder.sm.get_all_roles()
             raise SystemExit(f"{args.role} is not a valid role. Valid roles are: {valid_roles}")
-        if args.use_random_password:
-            password = "".join(random.choices(string.printable, k=16))
-        elif args.password:
-            password = args.password
-        else:
-            password = getpass.getpass("Password:")
-            password_confirmation = getpass.getpass("Repeat for confirmation:")
-            if password != password_confirmation:
-                raise SystemExit("Passwords did not match")
-
+        password = _create_password(args)
         if appbuilder.sm.find_user(args.username):
             print(f"{args.username} already exist in the db")
             return
@@ -106,6 +98,32 @@ def _find_user(args):
     return user
 
 
+@cli_utils.action_cli
+@providers_configuration_loaded
+def user_reset_password(args):
+    """Reset user password user from DB."""
+    user = _find_user(args)
+    password = _create_password(args)
+    with get_application_builder() as appbuilder:
+        if appbuilder.sm.reset_password(user.id, password):
+            print(f'User "{user.username}" password reset successfully')
+        else:
+            raise SystemExit("Failed to reset user password")
+
+
+def _create_password(args):
+    if args.use_random_password:
+        password = "".join(random.choices(string.printable, k=16))
+    elif args.password:
+        password = args.password
+    else:
+        password = getpass.getpass("Password:")
+        password_confirmation = getpass.getpass("Repeat for confirmation:")
+        if password != password_confirmation:
+            raise SystemExit("Passwords did not match")
+    return password
+
+
 @cli_utils.action_cli
 @providers_configuration_loaded
 def users_delete(args):

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/airflow/providers/fab/auth_manager/decorators/auth.py

@@ -67,7 +67,7 @@ def _requires_access_fab(permissions: Sequence[tuple[str, str]] | None = None) -
 
 def _has_access_fab(permissions: Sequence[tuple[str, str]] | None = None) -> Callable[[T], T]:
     """
-    Factory for decorator that checks current user's permissions against required permissions.
+    Check current user's permissions against required permissions.
 
     This decorator is only kept for backward compatible reasons. The decorator
     ``airflow.www.auth.has_access``, which redirects to this decorator, is widely used in user plugins.
@@ -93,11 +93,14 @@ def _has_access_fab(permissions: Sequence[tuple[str, str]] | None = None) -> Cal
 
             if len(unique_dag_ids) > 1:
                 log.warning(
-                    f"There are different dag_ids passed in the request: {unique_dag_ids}. Returning 403."
+                    "There are different dag_ids passed in the request: %s. Returning 403.", unique_dag_ids
                 )
                 log.warning(
-                    f"kwargs: {dag_id_kwargs}, args: {dag_id_args}, "
-                    f"form: {dag_id_form}, json: {dag_id_json}"
+                    "kwargs: %s, args: %s, form: %s, json: %s",
+                    dag_id_kwargs,
+                    dag_id_args,
+                    dag_id_form,
+                    dag_id_json,
                 )
                 return (
                     render_template(

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/airflow/providers/fab/auth_manager/fab_auth_manager.py

@@ -17,7 +17,7 @@
 # under the License.
 from __future__ import annotations
 
-import warnings
+import argparse
 from functools import cached_property
 from pathlib import Path
 from typing import TYPE_CHECKING, Container
@@ -40,10 +40,11 @@ from airflow.auth.managers.models.resource_details import (
 )
 from airflow.auth.managers.utils.fab import get_fab_action_from_method_map, get_method_from_fab_action_map
 from airflow.cli.cli_config import (
+    DefaultHelpParser,
     GroupCommand,
 )
 from airflow.configuration import conf
-from airflow.exceptions import AirflowException, AirflowProviderDeprecationWarning
+from airflow.exceptions import AirflowException
 from airflow.models import DagModel
 from airflow.providers.fab.auth_manager.cli_commands.definition import (
     ROLES_COMMANDS,
@@ -53,8 +54,6 @@ from airflow.providers.fab.auth_manager.cli_commands.definition import (
 from airflow.providers.fab.auth_manager.models import Permission, Role, User
 from airflow.security import permissions
 from airflow.security.permissions import (
-    ACTION_CAN_ACCESS_MENU,
-    ACTION_CAN_READ,
     RESOURCE_AUDIT_LOG,
     RESOURCE_CLUSTER_ACTIVITY,
     RESOURCE_CONFIG,
@@ -83,6 +82,7 @@ from airflow.security.permissions import (
 )
 from airflow.utils.session import NEW_SESSION, provide_session
 from airflow.utils.yaml import safe_load
+from airflow.www.constants import SWAGGER_BUNDLE, SWAGGER_ENABLED
 from airflow.www.extensions.init_views import _CustomErrorRequestBodyValidator, _LazyResolver
 
 if TYPE_CHECKING:
@@ -96,7 +96,6 @@ _MAP_DAG_ACCESS_ENTITY_TO_FAB_RESOURCE_TYPE: dict[DagAccessEntity, tuple[str, ..
     DagAccessEntity.AUDIT_LOG: (RESOURCE_AUDIT_LOG,),
     DagAccessEntity.CODE: (RESOURCE_DAG_CODE,),
     DagAccessEntity.DEPENDENCIES: (RESOURCE_DAG_DEPENDENCIES,),
-    DagAccessEntity.IMPORT_ERRORS: (RESOURCE_IMPORT_ERROR,),
     DagAccessEntity.RUN: (RESOURCE_DAG_RUN,),
     DagAccessEntity.SLA_MISS: (RESOURCE_SLA_MISS,),
     # RESOURCE_TASK_INSTANCE has been originally misused. RESOURCE_TASK_INSTANCE referred to task definition
@@ -115,6 +114,7 @@ _MAP_DAG_ACCESS_ENTITY_TO_FAB_RESOURCE_TYPE: dict[DagAccessEntity, tuple[str, ..
 _MAP_ACCESS_VIEW_TO_FAB_RESOURCE_TYPE = {
     AccessView.CLUSTER_ACTIVITY: RESOURCE_CLUSTER_ACTIVITY,
     AccessView.DOCS: RESOURCE_DOCS,
+    AccessView.IMPORT_ERRORS: RESOURCE_IMPORT_ERROR,
     AccessView.JOBS: RESOURCE_JOB,
     AccessView.PLUGINS: RESOURCE_PLUGIN,
     AccessView.PROVIDERS: RESOURCE_PROVIDER,
@@ -155,9 +155,7 @@ class FabAuthManager(BaseAuthManager):
             specification=specification,
             resolver=_LazyResolver(),
             base_path="/auth/fab/v1",
-            options={
-                "swagger_ui": conf.getboolean("webserver", "enable_swagger_ui", fallback=True),
-            },
+            options={"swagger_ui": SWAGGER_ENABLED, "swagger_path": SWAGGER_BUNDLE.__fspath__()},
             strict_validation=True,
             validate_responses=True,
             validator_map={"body": _CustomErrorRequestBodyValidator},
@@ -263,16 +261,19 @@ class FabAuthManager(BaseAuthManager):
         return self._is_authorized(method=method, resource_type=RESOURCE_VARIABLE, user=user)
 
     def is_authorized_view(self, *, access_view: AccessView, user: BaseUser | None = None) -> bool:
+        # "Docs" are only links in the menu, there is no page associated
+        method: ResourceMethod = "MENU" if access_view == AccessView.DOCS else "GET"
         return self._is_authorized(
-            method="GET", resource_type=_MAP_ACCESS_VIEW_TO_FAB_RESOURCE_TYPE[access_view], user=user
+            method=method, resource_type=_MAP_ACCESS_VIEW_TO_FAB_RESOURCE_TYPE[access_view], user=user
         )
 
     def is_authorized_custom_view(
-        self, *, fab_action_name: str, fab_resource_name: str, user: BaseUser | None = None
+        self, *, method: ResourceMethod, resource_name: str, user: BaseUser | None = None
     ):
         if not user:
             user = self.get_user()
-        return (fab_action_name, fab_resource_name) in self._get_user_permissions(user)
+        fab_action_name = get_fab_action_from_method_map()[method]
+        return (fab_action_name, resource_name) in self._get_user_permissions(user)
 
     @provide_session
     def get_permitted_dag_ids(
@@ -334,20 +335,12 @@ class FabAuthManager(BaseAuthManager):
         from airflow.providers.fab.auth_manager.security_manager.override import (
             FabAirflowSecurityManagerOverride,
         )
-        from airflow.www.security_manager import AirflowSecurityManagerV2
 
         sm_from_config = self.appbuilder.get_app.config.get("SECURITY_MANAGER_CLASS")
         if sm_from_config:
-            if not issubclass(sm_from_config, AirflowSecurityManagerV2):
-                raise Exception(
-                    """Your CUSTOM_SECURITY_MANAGER must extend AirflowSecurityManagerV2,
-                     not FAB's own security manager."""
-                )
             if not issubclass(sm_from_config, FabAirflowSecurityManagerOverride):
-                warnings.warn(
-                    "Please make your custom security manager inherit from "
-                    "FabAirflowSecurityManagerOverride instead of AirflowSecurityManager.",
-                    AirflowProviderDeprecationWarning,
+                raise Exception(
+                    """Your CUSTOM_SECURITY_MANAGER must extend FabAirflowSecurityManagerOverride."""
                 )
             return sm_from_config(self.appbuilder)
 
@@ -453,7 +446,7 @@ class FabAuthManager(BaseAuthManager):
 
     def _resource_name_for_dag(self, dag_id: str) -> str:
         """
-        Returns the FAB resource name for a DAG id.
+        Return the FAB resource name for a DAG id.
 
         :param dag_id: the DAG id
 
@@ -471,18 +464,11 @@ class FabAuthManager(BaseAuthManager):
         """
         Return the user permissions.
 
-        ACTION_CAN_READ and ACTION_CAN_ACCESS_MENU are merged into because they are very similar.
-        We can assume that if a user has permissions to read variables, they also have permissions to access
-        the menu "Variables".
-
         :param user: the user to get permissions for
 
         :meta private:
         """
-        perms = getattr(user, "perms") or []
-        return [
-            (ACTION_CAN_READ if perm[0] == ACTION_CAN_ACCESS_MENU else perm[0], perm[1]) for perm in perms
-        ]
+        return getattr(user, "perms") or []
 
     def _get_root_dag_id(self, dag_id: str) -> str:
         """
@@ -508,5 +494,18 @@ class FabAuthManager(BaseAuthManager):
         # Otherwise, when the name of a view or menu is changed, the framework
         # will add the new Views and Menus names to the backend, but will not
         # delete the old ones.
-        if conf.getboolean("webserver", "UPDATE_FAB_PERMS"):
+        if conf.getboolean(
+            "fab", "UPDATE_FAB_PERMS", fallback=conf.getboolean("webserver", "UPDATE_FAB_PERMS")
+        ):
             self.security_manager.sync_roles()
+
+
+def get_parser() -> argparse.ArgumentParser:
+    """Generate documentation; used by Sphinx argparse."""
+    from airflow.cli.cli_parser import AirflowHelpFormatter, _add_command
+
+    parser = DefaultHelpParser(prog="airflow", formatter_class=AirflowHelpFormatter)
+    subparsers = parser.add_subparsers(dest="subcommand", metavar="GROUP_OR_COMMAND")
+    for group_command in FabAuthManager.get_cli_commands():
+        _add_command(subparsers, group_command)
+    return parser

{apache_airflow_providers_fab-1.0.0rc1 → apache_airflow_providers_fab-1.0.2}/airflow/providers/fab/auth_manager/models/__init__.py

@@ -152,7 +152,7 @@ class User(Model, BaseUser):
         String(512).with_variant(String(512, collation="NOCASE"), "sqlite"), unique=True, nullable=False
     )
     password = Column(String(256))
-    active = Column(Boolean)
+    active = Column(Boolean, default=True)
     email = Column(String(512), unique=True, nullable=False)
     last_login = Column(DateTime)
     login_count = Column(Integer)