apache-airflow-providers-fab 1.0.2.dev0__py3-none-any.whl → 1.0.2.dev2__py3-none-any.whl

airflow/providers/fab/auth_manager/api/auth/backend/basic_auth.py

@@ -15,6 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 """Basic authentication backend."""
+
 from __future__ import annotations
 
 from functools import wraps

airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py

@@ -41,10 +41,9 @@ from airflow.www.extensions.init_auth_manager import get_auth_manager
 
 if TYPE_CHECKING:
     from airflow.api_connexion.types import APIResponse, UpdateMask
-    from airflow.www.security_manager import AirflowSecurityManagerV2
 
 
-def _check_action_and_resource(sm: AirflowSecurityManagerV2, perms: list[tuple[str, str]]) -> None:
+def _check_action_and_resource(sm: FabAirflowSecurityManagerOverride, perms: list[tuple[str, str]]) -> None:
     """
     Check if the action or resource exists and otherwise raise 400.
 
@@ -57,7 +56,7 @@ def _check_action_and_resource(sm: AirflowSecurityManagerV2, perms: list[tuple[s
             raise BadRequest(detail=f"The specified resource: {resource!r} was not found")
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_READ, permissions.RESOURCE_ROLE)
+@requires_access_custom_view("GET", permissions.RESOURCE_ROLE)
 def get_role(*, role_name: str) -> APIResponse:
     """Get role."""
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
@@ -67,7 +66,7 @@ def get_role(*, role_name: str) -> APIResponse:
     return role_schema.dump(role)
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_READ, permissions.RESOURCE_ROLE)
+@requires_access_custom_view("GET", permissions.RESOURCE_ROLE)
 @format_parameters({"limit": check_limit})
 def get_roles(*, order_by: str = "name", limit: int, offset: int | None = None) -> APIResponse:
     """Get roles."""
@@ -95,7 +94,7 @@ def get_roles(*, order_by: str = "name", limit: int, offset: int | None = None)
     return role_collection_schema.dump(RoleCollection(roles=roles, total_entries=total_entries))
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_READ, permissions.RESOURCE_ACTION)
+@requires_access_custom_view("GET", permissions.RESOURCE_ACTION)
 @format_parameters({"limit": check_limit})
 def get_permissions(*, limit: int, offset: int | None = None) -> APIResponse:
     """Get permissions."""
@@ -107,7 +106,7 @@ def get_permissions(*, limit: int, offset: int | None = None) -> APIResponse:
     return action_collection_schema.dump(ActionCollection(actions=actions, total_entries=total_entries))
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_DELETE, permissions.RESOURCE_ROLE)
+@requires_access_custom_view("DELETE", permissions.RESOURCE_ROLE)
 def delete_role(*, role_name: str) -> APIResponse:
     """Delete a role."""
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
@@ -119,7 +118,7 @@ def delete_role(*, role_name: str) -> APIResponse:
     return NoContent, HTTPStatus.NO_CONTENT
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_EDIT, permissions.RESOURCE_ROLE)
+@requires_access_custom_view("PUT", permissions.RESOURCE_ROLE)
 def patch_role(*, role_name: str, update_mask: UpdateMask = None) -> APIResponse:
     """Update a role."""
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
@@ -152,7 +151,7 @@ def patch_role(*, role_name: str, update_mask: UpdateMask = None) -> APIResponse
     return role_schema.dump(role)
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_CREATE, permissions.RESOURCE_ROLE)
+@requires_access_custom_view("POST", permissions.RESOURCE_ROLE)
 def post_role() -> APIResponse:
     """Create a new role."""
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)

airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py

@@ -44,7 +44,7 @@ if TYPE_CHECKING:
     from airflow.providers.fab.auth_manager.models import Role
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_READ, permissions.RESOURCE_USER)
+@requires_access_custom_view("GET", permissions.RESOURCE_USER)
 def get_user(*, username: str) -> APIResponse:
     """Get a user."""
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
@@ -54,7 +54,7 @@ def get_user(*, username: str) -> APIResponse:
     return user_collection_item_schema.dump(user)
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_READ, permissions.RESOURCE_USER)
+@requires_access_custom_view("GET", permissions.RESOURCE_USER)
 @format_parameters({"limit": check_limit})
 def get_users(*, limit: int, order_by: str = "id", offset: str | None = None) -> APIResponse:
     """Get users."""
@@ -86,7 +86,7 @@ def get_users(*, limit: int, order_by: str = "id", offset: str | None = None) ->
     return user_collection_schema.dump(UserCollection(users=users, total_entries=total_entries))
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_CREATE, permissions.RESOURCE_USER)
+@requires_access_custom_view("POST", permissions.RESOURCE_USER)
 def post_user() -> APIResponse:
     """Create a new user."""
     try:
@@ -129,7 +129,7 @@ def post_user() -> APIResponse:
     return user_schema.dump(user)
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_EDIT, permissions.RESOURCE_USER)
+@requires_access_custom_view("PUT", permissions.RESOURCE_USER)
 def patch_user(*, username: str, update_mask: UpdateMask = None) -> APIResponse:
     """Update a user."""
     try:
@@ -198,7 +198,7 @@ def patch_user(*, username: str, update_mask: UpdateMask = None) -> APIResponse:
     return user_schema.dump(user)
 
 
-@requires_access_custom_view(permissions.ACTION_CAN_DELETE, permissions.RESOURCE_USER)
+@requires_access_custom_view("DELETE", permissions.RESOURCE_USER)
 def delete_user(*, username: str) -> APIResponse:
     """Delete a user."""
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)

airflow/providers/fab/auth_manager/cli_commands/role_command.py

@@ -16,6 +16,7 @@
 # specific language governing permissions and limitations
 # under the License.
 """Roles sub-commands."""
+
 from __future__ import annotations
 
 import itertools

airflow/providers/fab/auth_manager/cli_commands/sync_perm_command.py

@@ -16,6 +16,7 @@
 # specific language governing permissions and limitations
 # under the License.
 """Sync permission command."""
+
 from __future__ import annotations
 
 from airflow.utils import cli as cli_utils

airflow/providers/fab/auth_manager/cli_commands/user_command.py

@@ -15,6 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 """User sub-commands."""
+
 from __future__ import annotations
 
 import functools

airflow/providers/fab/auth_manager/decorators/auth.py

@@ -93,11 +93,14 @@ def _has_access_fab(permissions: Sequence[tuple[str, str]] | None = None) -> Cal
 
             if len(unique_dag_ids) > 1:
                 log.warning(
-                    f"There are different dag_ids passed in the request: {unique_dag_ids}. Returning 403."
+                    "There are different dag_ids passed in the request: %s. Returning 403.", unique_dag_ids
                 )
                 log.warning(
-                    f"kwargs: {dag_id_kwargs}, args: {dag_id_args}, "
-                    f"form: {dag_id_form}, json: {dag_id_json}"
+                    "kwargs: %s, args: %s, form: %s, json: %s",
+                    dag_id_kwargs,
+                    dag_id_args,
+                    dag_id_form,
+                    dag_id_json,
                 )
                 return (
                     render_template(

airflow/providers/fab/auth_manager/fab_auth_manager.py

@@ -54,8 +54,6 @@ from airflow.providers.fab.auth_manager.cli_commands.definition import (
 from airflow.providers.fab.auth_manager.models import Permission, Role, User
 from airflow.security import permissions
 from airflow.security.permissions import (
-    ACTION_CAN_ACCESS_MENU,
-    ACTION_CAN_READ,
     RESOURCE_AUDIT_LOG,
     RESOURCE_CLUSTER_ACTIVITY,
     RESOURCE_CONFIG,
@@ -263,16 +261,19 @@ class FabAuthManager(BaseAuthManager):
         return self._is_authorized(method=method, resource_type=RESOURCE_VARIABLE, user=user)
 
     def is_authorized_view(self, *, access_view: AccessView, user: BaseUser | None = None) -> bool:
+        # "Docs" are only links in the menu, there is no page associated
+        method: ResourceMethod = "MENU" if access_view == AccessView.DOCS else "GET"
         return self._is_authorized(
-            method="GET", resource_type=_MAP_ACCESS_VIEW_TO_FAB_RESOURCE_TYPE[access_view], user=user
+            method=method, resource_type=_MAP_ACCESS_VIEW_TO_FAB_RESOURCE_TYPE[access_view], user=user
         )
 
     def is_authorized_custom_view(
-        self, *, fab_action_name: str, fab_resource_name: str, user: BaseUser | None = None
+        self, *, method: ResourceMethod, resource_name: str, user: BaseUser | None = None
     ):
         if not user:
             user = self.get_user()
-        return (fab_action_name, fab_resource_name) in self._get_user_permissions(user)
+        fab_action_name = get_fab_action_from_method_map()[method]
+        return (fab_action_name, resource_name) in self._get_user_permissions(user)
 
     @provide_session
     def get_permitted_dag_ids(
@@ -350,7 +351,7 @@ class FabAuthManager(BaseAuthManager):
         if not self.security_manager.auth_view:
             raise AirflowException("`auth_view` not defined in the security manager.")
         if "next_url" in kwargs and kwargs["next_url"]:
-            return url_for(f"{self.security_manager.auth_view.endpoint}.login", next_url=kwargs["next_url"])
+            return url_for(f"{self.security_manager.auth_view.endpoint}.login", next=kwargs["next_url"])
         else:
             return url_for(f"{self.security_manager.auth_view.endpoint}.login")
 
@@ -463,18 +464,11 @@ class FabAuthManager(BaseAuthManager):
         """
         Return the user permissions.
 
-        ACTION_CAN_READ and ACTION_CAN_ACCESS_MENU are merged into because they are very similar.
-        We can assume that if a user has permissions to read variables, they also have permissions to access
-        the menu "Variables".
-
         :param user: the user to get permissions for
 
         :meta private:
         """
-        perms = getattr(user, "perms") or []
-        return [
-            (ACTION_CAN_READ if perm[0] == ACTION_CAN_ACCESS_MENU else perm[0], perm[1]) for perm in perms
-        ]
+        return getattr(user, "perms") or []
 
     def _get_root_dag_id(self, dag_id: str) -> str:
         """

airflow/providers/fab/auth_manager/security_manager/override.py

@@ -340,6 +340,43 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         # Setup Flask-Jwt-Extended
         self.create_jwt_manager()
 
+    def _get_authentik_jwks(self, jwks_url) -> dict:
+        import requests
+
+        resp = requests.get(jwks_url)
+        if resp.status_code == 200:
+            return resp.json()
+        return {}
+
+    def _validate_jwt(self, id_token, jwks):
+        from authlib.jose import JsonWebKey, jwt as authlib_jwt
+
+        keyset = JsonWebKey.import_key_set(jwks)
+        claims = authlib_jwt.decode(id_token, keyset)
+        claims.validate()
+        log.info("JWT token is validated")
+        return claims
+
+    def _get_authentik_token_info(self, id_token):
+        me = jwt.decode(id_token, options={"verify_signature": False})
+
+        verify_signature = self.oauth_remotes["authentik"].client_kwargs.get("verify_signature", True)
+        if verify_signature:
+            # Validate the token using authentik certificate
+            jwks_uri = self.oauth_remotes["authentik"].server_metadata.get("jwks_uri")
+            if jwks_uri:
+                jwks = self._get_authentik_jwks(jwks_uri)
+                if jwks:
+                    return self._validate_jwt(id_token, jwks)
+            else:
+                log.error("jwks_uri not specified in OAuth Providers, could not verify token signature")
+        else:
+            # Return the token info without validating
+            log.warning("JWT token is not validated!")
+            return me
+
+        raise AirflowException("OAuth signature verify failed")
+
     def register_views(self):
         """Register FAB auth manager related views."""
         if not self.appbuilder.get_app.config.get("FAB_ADD_SECURITY_VIEWS", True):
@@ -513,9 +550,10 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
     def load_user_jwt(self, _jwt_header, jwt_data):
         identity = jwt_data["sub"]
         user = self.load_user(identity)
-        # Set flask g.user to JWT user, we can't do it on before request
-        g.user = user
-        return user
+        if user.is_active:
+            # Set flask g.user to JWT user, we can't do it on before request
+            g.user = user
+            return user
 
     @property
     def auth_type(self):
@@ -647,6 +685,10 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         """The JMESPATH role to use for user registration."""
         return self.appbuilder.get_app.config["AUTH_USER_REGISTRATION_ROLE_JMESPATH"]
 
+    @property
+    def auth_remote_user_env_var(self) -> str:
+        return self.appbuilder.get_app.config["AUTH_REMOTE_USER_ENV_VAR"]
+
     @property
     def api_login_allow_multiple_providers(self):
         return self.appbuilder.get_app.config["AUTH_API_LOGIN_ALLOW_MULTIPLE_PROVIDERS"]
@@ -727,8 +769,8 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         # If the user does not exist, make a random password and make it
         if not user_exists:
             print(f"FlaskAppBuilder Authentication Manager: Creating {user_name} user")
-            role = self.find_role("Admin")
-            assert role is not None
+            if (role := self.find_role("Admin")) is None:
+                raise AirflowException("Unable to find role 'Admin'")
             # password does not contain visually similar characters: ijlIJL1oO0
             password = "".join(random.choices("abcdefghkmnpqrstuvwxyzABCDEFGHKMNPQRSTUVWXYZ23456789", k=16))
             with open(password_path, "w") as file:
@@ -790,6 +832,9 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
             app.config.setdefault("AUTH_LDAP_LASTNAME_FIELD", "sn")
             app.config.setdefault("AUTH_LDAP_EMAIL_FIELD", "mail")
 
+        if self.auth_type == AUTH_REMOTE_USER:
+            app.config.setdefault("AUTH_REMOTE_USER_ENV_VAR", "REMOTE_USER")
+
         # Rate limiting
         app.config.setdefault("AUTH_RATE_LIMITED", True)
         app.config.setdefault("AUTH_RATE_LIMIT", "5 per 40 second")
@@ -804,7 +849,12 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         if self.auth_type == AUTH_OID:
             from flask_openid import OpenID
 
+            log.warning(
+                "AUTH_OID is deprecated and will be removed in version 5. "
+                "Migrate to other authentication methods."
+            )
             self.oid = OpenID(app)
+
         if self.auth_type == AUTH_OAUTH:
             from authlib.integrations.flask_client import OAuth
 
@@ -1249,8 +1299,8 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         sesh = self.appbuilder.get_session
         perms = sesh.query(Permission).filter(
             or_(
-                Permission.action == None,  # noqa
-                Permission.resource == None,  # noqa
+                Permission.action == None,  # noqa: E711
+                Permission.resource == None,  # noqa: E711
             )
         )
         # Since FAB doesn't define ON DELETE CASCADE on these tables, we need
@@ -1471,8 +1521,9 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
             return False
 
     def load_user(self, user_id):
-        """Load user by ID."""
-        return self.get_user_by_id(int(user_id))
+        user = self.get_user_by_id(int(user_id))
+        if user.is_active:
+            return user
 
     def get_user_by_id(self, pk):
         return self.get_session.get(self.user_model, pk)
@@ -2208,6 +2259,19 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
                 "last_name": data.get("family_name", ""),
                 "email": data.get("email", ""),
             }
+
+        # for Authentik
+        if provider == "authentik":
+            id_token = resp["id_token"]
+            me = self._get_authentik_token_info(id_token)
+            log.debug("User info from authentik: %s", me)
+            return {
+                "email": me["preferred_username"],
+                "first_name": me.get("given_name", ""),
+                "username": me["nickname"],
+                "role_keys": me.get("groups", []),
+            }
+
         else:
             return {}
 
@@ -2445,8 +2509,9 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         :param ldap: The ldap module reference
         :param con: The ldap connection
         """
-        # always check AUTH_LDAP_BIND_USER is set before calling this method
-        assert self.auth_ldap_bind_user, "AUTH_LDAP_BIND_USER must be set"
+        if not self.auth_ldap_bind_user:
+            # always check AUTH_LDAP_BIND_USER is set before calling this method
+            raise ValueError("AUTH_LDAP_BIND_USER must be set")
 
         try:
             log.debug("LDAP bind indirect TRY with username: %r", self.auth_ldap_bind_user)
@@ -2465,8 +2530,9 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         :param username: username to match with AUTH_LDAP_UID_FIELD
         :return: ldap object array
         """
-        # always check AUTH_LDAP_SEARCH is set before calling this method
-        assert self.auth_ldap_search, "AUTH_LDAP_SEARCH must be set"
+        if not self.auth_ldap_search:
+            # always check AUTH_LDAP_SEARCH is set before calling this method
+            raise ValueError("AUTH_LDAP_SEARCH must be set")
 
         # build the filter string for the LDAP search
         if self.auth_ldap_search_filter:

airflow/providers/fab/get_provider_info.py

@@ -31,9 +31,9 @@ def get_provider_info():
         "source-date-epoch": 1703288133,
         "versions": ["1.0.2", "1.0.1", "1.0.0"],
         "dependencies": [
-            "apache-airflow>=2.9.0.dev0",
+            "apache-airflow>=2.9.0",
             "flask>=2.2,<2.3",
-            "flask-appbuilder==4.3.11",
+            "flask-appbuilder==4.4.1",
             "flask-login>=0.6.2",
             "google-re2>=1.0",
         ],

{apache_airflow_providers_fab-1.0.2.dev0.dist-info → apache_airflow_providers_fab-1.0.2.dev2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: apache-airflow-providers-fab
-Version: 1.0.2.dev0
+Version: 1.0.2.dev2
 Summary: Provider package apache-airflow-providers-fab for Apache Airflow
 Keywords: airflow-provider,fab,airflow,integration
 Author-email: Apache Software Foundation <dev@airflow.apache.org>
@@ -19,9 +19,10 @@ Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
 Classifier: Topic :: System :: Monitoring
 Requires-Dist: apache-airflow>=2.9.0.dev0
-Requires-Dist: flask-appbuilder==4.3.11
+Requires-Dist: flask-appbuilder==4.4.1
 Requires-Dist: flask-login>=0.6.2
 Requires-Dist: flask>=2.2,<2.3
 Requires-Dist: google-re2>=1.0
@@ -77,7 +78,7 @@ Project-URL: YouTube, https://www.youtube.com/channel/UCSXwxpWZQ7XZ1WL3wqevChA/
 
 Package ``apache-airflow-providers-fab``
 
-Release: ``1.0.2.dev0``
+Release: ``1.0.2.dev2``
 
 
 `Flask App Builder <https://flask-appbuilder.readthedocs.io/>`__
@@ -99,7 +100,7 @@ You can install this package on top of an existing Airflow 2 installation (see `
 for the minimum Airflow version supported) via
 ``pip install apache-airflow-providers-fab``
 
-The package supports the following python versions: 3.8,3.9,3.10,3.11
+The package supports the following python versions: 3.8,3.9,3.10,3.11,3.12
 
 Requirements
 ------------
@@ -107,9 +108,9 @@ Requirements
 ====================  ==================
 PIP package           Version required
 ====================  ==================
-``apache-airflow``    ``>=2.9.0.dev0``
+``apache-airflow``    ``>=2.9.0``
 ``flask``             ``>=2.2,<2.3``
-``flask-appbuilder``  ``==4.3.11``
+``flask-appbuilder``  ``==4.4.1``
 ``flask-login``       ``>=0.6.2``
 ``google-re2``        ``>=1.0``
 ====================  ==================

{apache_airflow_providers_fab-1.0.2.dev0.dist-info → apache_airflow_providers_fab-1.0.2.dev2.dist-info}/RECORD

@@ -1,38 +1,38 @@
 airflow/providers/fab/LICENSE,sha256=ywUBpKZc7Jb96rVt5I3IDbg7dIJAbUSHkuoDcF3jbH4,13569
 airflow/providers/fab/__init__.py,sha256=i7O17EJB9DcN_BQKB75NJcb0CEYr7Y3gzfZNm2Fpx9s,1578
-airflow/providers/fab/get_provider_info.py,sha256=f1uGENybt3HgA7jpfy1spq81bHyl_RMn9OsTgSq4DZ0,2950
+airflow/providers/fab/get_provider_info.py,sha256=cojfnZKpmibjoYUrcf_Ab4fMZsm16dscFwS5tqU8fNw,2944
 airflow/providers/fab/auth_manager/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
-airflow/providers/fab/auth_manager/fab_auth_manager.py,sha256=Im0h1nalywrF7Jg6RRWMQsJxuqKkHoNv5cyD4CpfP3g,19751
+airflow/providers/fab/auth_manager/fab_auth_manager.py,sha256=det_jvKb0hozwC7XgLgJXjYbdnW58zrtA1k0RhOUWbA,19545
 airflow/providers/fab/auth_manager/api/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
 airflow/providers/fab/auth_manager/api/auth/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
 airflow/providers/fab/auth_manager/api/auth/backend/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
-airflow/providers/fab/auth_manager/api/auth/backend/basic_auth.py,sha256=G-aYU3WxdcOoaw0LU3wtvy1mBecWOpN51sc1_X6GwL8,2501
+airflow/providers/fab/auth_manager/api/auth/backend/basic_auth.py,sha256=UBGP5UHV6kNsChvL9rkYOQWHszEJtE4AkSFagcRsqrs,2502
 airflow/providers/fab/auth_manager/api/auth/backend/kerberos_auth.py,sha256=SvuJ9jo06ZfB_40FUKaiHb8cw2d3Jpxm-YYSOWEzA7I,1712
 airflow/providers/fab/auth_manager/api_endpoints/__init__.py,sha256=9hdXHABrVpkbpjZgUft39kOFL2xSGeG4GEua0Hmelus,785
-airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py,sha256=Qw63lCekkDGovdIXJGXUnrvrf4ZQGBnIVnO01PhEZaU,7749
-airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py,sha256=Oe7LTF3cqQVvISZeYw66L0DMEP4UOmzIQI_aW-6oVms,8598
+airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py,sha256=9GRizOLGF5Rsic_42H_gom8LkjVTpvJT0oRxO98lwlw,7556
+airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py,sha256=8GfpmpkABVO834Os8rNoH_rqLh4eFz1sfayL1Fwz8FQ,8488
 airflow/providers/fab/auth_manager/cli_commands/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
 airflow/providers/fab/auth_manager/cli_commands/definition.py,sha256=hjcb3IL-G1s120UcdOZcV5ssgC7uuTfTmHECGlmr7bk,9075
-airflow/providers/fab/auth_manager/cli_commands/role_command.py,sha256=ChVDM1KBWZ83lknBj-6L9jtsczZjlOiUOHx1dXW5hzc,9097
-airflow/providers/fab/auth_manager/cli_commands/sync_perm_command.py,sha256=yd1AU86mfj35PiynQdrx1eIxjurRNAk0w6nO-JgfSmw,1662
-airflow/providers/fab/auth_manager/cli_commands/user_command.py,sha256=XjXyPGpULYvmUlzz1xArgrgyyzza1sQ4DfcqkgMK4aU,10206
+airflow/providers/fab/auth_manager/cli_commands/role_command.py,sha256=4w1tHTR5gBbsymeqGIJ4Rs8CmGdw0l49y58pfI0DB_s,9098
+airflow/providers/fab/auth_manager/cli_commands/sync_perm_command.py,sha256=VpW-rWhgHAL_ReU66D_BrsxlXQN4okfxzj6dyE5IfwA,1663
+airflow/providers/fab/auth_manager/cli_commands/user_command.py,sha256=qaYuBbIvF_P0C_SIdQuEFS-hcjRkyn74Gl9Jt0hh2Gs,10207
 airflow/providers/fab/auth_manager/cli_commands/utils.py,sha256=V--SdqJgAtNkxmqhOq4Jvpiqk5Dec7OCbIAHih6RPYM,1768
 airflow/providers/fab/auth_manager/decorators/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
-airflow/providers/fab/auth_manager/decorators/auth.py,sha256=6IuE4NyiVbRzCpdvriZybymPM6HdpzaSsbHL5ygoLEM,4883
+airflow/providers/fab/auth_manager/decorators/auth.py,sha256=Z4_xiS1N1E0MqDP9OxHx_YJvKe0sH15afP0tn5LP3Ss,4948
 airflow/providers/fab/auth_manager/models/__init__.py,sha256=IEGXoz1HaCHxoH8DzI5DIoYHBKlrN1wjru7Ey_YhtkA,8827
 airflow/providers/fab/auth_manager/models/anonymous_user.py,sha256=ki1jM-SdxSEJzXhrsiulmziWHlKkU2LguQkXMaRmykE,1775
 airflow/providers/fab/auth_manager/openapi/__init__.py,sha256=9hdXHABrVpkbpjZgUft39kOFL2xSGeG4GEua0Hmelus,785
 airflow/providers/fab/auth_manager/openapi/v1.yaml,sha256=xFlQMccLoGarx8SnQvGJ1DRfHo4jQ3p9DzoPqQINcCw,19380
 airflow/providers/fab/auth_manager/security_manager/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
 airflow/providers/fab/auth_manager/security_manager/constants.py,sha256=x1Sjl_Mu3wmaSy3NFZlHxK2z-juzWmMs1SrzJ0aiBBQ,907
-airflow/providers/fab/auth_manager/security_manager/override.py,sha256=w-3FA3LtWX11Ke_E2UFXkQKdbLcGa6C02cc9EkfhYWY,108925
+airflow/providers/fab/auth_manager/security_manager/override.py,sha256=OMJca7teRJ4ria11J-uAIvipKri7gm-YyG1d9i_MyME,111419
 airflow/providers/fab/auth_manager/views/__init__.py,sha256=9hdXHABrVpkbpjZgUft39kOFL2xSGeG4GEua0Hmelus,785
 airflow/providers/fab/auth_manager/views/permissions.py,sha256=k5APUTqqKZqMxCWlKrUEgqdDVrGa9719HJ3UmFpiSLc,2886
 airflow/providers/fab/auth_manager/views/roles_list.py,sha256=o_VqnLbQa4sisKxLwyx6VCl3HmvjKcjkrJG23R81FMQ,1494
 airflow/providers/fab/auth_manager/views/user.py,sha256=XsUXXx4qEbZJYMTmWz3R-lpavsUZXvpwKAASHjxceGc,5917
 airflow/providers/fab/auth_manager/views/user_edit.py,sha256=d8wQ_8Rk8Ce95sCElZIXN7ATwbXrT2Tauqn5uTwuo2E,2140
 airflow/providers/fab/auth_manager/views/user_stats.py,sha256=zP2eX6e40rpEohJcvnvri4Khu3Q4ULLxjz1zOWvOr8A,1300
-apache_airflow_providers_fab-1.0.2.dev0.dist-info/entry_points.txt,sha256=m05kASp7vFi0ZmQ--CFp7GeJpPL7UT2RQF8EEP5XRX8,99
-apache_airflow_providers_fab-1.0.2.dev0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81
-apache_airflow_providers_fab-1.0.2.dev0.dist-info/METADATA,sha256=Sp8vlJyDDAp3i8XIvPHXefPMIbSyvEMptgx0hS5kuG0,4913
-apache_airflow_providers_fab-1.0.2.dev0.dist-info/RECORD,,
+apache_airflow_providers_fab-1.0.2.dev2.dist-info/entry_points.txt,sha256=m05kASp7vFi0ZmQ--CFp7GeJpPL7UT2RQF8EEP5XRX8,99
+apache_airflow_providers_fab-1.0.2.dev2.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81
+apache_airflow_providers_fab-1.0.2.dev2.dist-info/METADATA,sha256=vG2rgmc1Bf1u2knabEyTHwdsjXrRnDG-UH5vMSm0AkY,4962
+apache_airflow_providers_fab-1.0.2.dev2.dist-info/RECORD,,