apache-airflow-providers-fab 1.3.0rc1__py3-none-any.whl → 1.4.0rc1__py3-none-any.whl

airflow/providers/fab/__init__.py

@@ -29,7 +29,7 @@ from airflow import __version__ as airflow_version
 
 __all__ = ["__version__"]
 
-__version__ = "1.3.0"
+__version__ = "1.4.0"
 
 if packaging.version.parse(packaging.version.parse(airflow_version).base_version) < packaging.version.parse(
     "2.9.0"

airflow/providers/fab/alembic.ini

@@ -0,0 +1,133 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# A generic, single database configuration.
+
+[alembic]
+# path to migration scripts
+# Use forward slashes (/) also on windows to provide an os agnostic path
+script_location = %(here)s/migrations
+
+# template used to generate migration file names; The default value is %%(rev)s_%%(slug)s
+# Uncomment the line below if you want the files to be prepended with date and time
+# see https://alembic.sqlalchemy.org/en/latest/tutorial.html#editing-the-ini-file
+# for all available tokens
+# file_template = %%(year)d_%%(month).2d_%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s
+
+# sys.path path, will be prepended to sys.path if present.
+# defaults to the current working directory.
+prepend_sys_path = .
+
+# timezone to use when rendering the date within the migration file
+# as well as the filename.
+# If specified, requires the python>=3.9 or backports.zoneinfo library.
+# Any required deps can installed by adding `alembic[tz]` to the pip requirements
+# string value is passed to ZoneInfo()
+# leave blank for localtime
+# timezone =
+
+# max length of characters to apply to the "slug" field
+# truncate_slug_length = 40
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+# set to 'true' to allow .pyc and .pyo files without
+# a source .py file to be detected as revisions in the
+# versions/ directory
+# sourceless = false
+
+# version location specification; This defaults
+# to alembic/versions.  When using multiple version
+# directories, initial revisions must be specified with --version-path.
+# The path separator used here should be the separator specified by "version_path_separator" below.
+# version_locations = %(here)s/bar:%(here)s/bat:alembic/versions
+
+# version path separator; As mentioned above, this is the character used to split
+# version_locations. The default within new alembic.ini files is "os", which uses os.pathsep.
+# If this key is omitted entirely, it falls back to the legacy behavior of splitting on spaces and/or commas.
+# Valid values for version_path_separator are:
+#
+# version_path_separator = :
+# version_path_separator = ;
+# version_path_separator = space
+version_path_separator = os  # Use os.pathsep. Default configuration used for new projects.
+
+# set to 'true' to search source files recursively
+# in each "version_locations" directory
+# new in Alembic version 1.10
+# recursive_version_locations = false
+
+# the output encoding used when revision files
+# are written from script.py.mako
+# output_encoding = utf-8
+
+sqlalchemy.url = scheme://localhost/airflow
+
+
+[post_write_hooks]
+# post_write_hooks defines scripts or Python functions that are run
+# on newly generated revision scripts.  See the documentation for further
+# detail and examples
+
+# format using "black" - use the console_scripts runner, against the "black" entrypoint
+# hooks = black
+# black.type = console_scripts
+# black.entrypoint = black
+# black.options = -l 79 REVISION_SCRIPT_FILENAME
+
+# lint with attempts to fix using "ruff" - use the exec runner, execute a binary
+# hooks = ruff
+# ruff.type = exec
+# ruff.executable = %(here)s/.venv/bin/ruff
+# ruff.options = --fix REVISION_SCRIPT_FILENAME
+
+# Logging configuration
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S

airflow/providers/fab/auth_manager/api/auth/backend/basic_auth.py

@@ -21,7 +21,7 @@ from __future__ import annotations
 from functools import wraps
 from typing import TYPE_CHECKING, Any, Callable, TypeVar, cast
 
-from flask import Response, request
+from flask import Response, current_app, request
 from flask_appbuilder.const import AUTH_LDAP
 from flask_login import login_user
 
@@ -62,7 +62,9 @@ def requires_authentication(function: T):
 
     @wraps(function)
     def decorated(*args, **kwargs):
-        if auth_current_user() is not None:
+        if auth_current_user() is not None or current_app.appbuilder.get_app.config.get(
+            "AUTH_ROLE_PUBLIC", None
+        ):
             return function(*args, **kwargs)
         else:
             return Response("Unauthorized", 401, {"WWW-Authenticate": "Basic"})

airflow/providers/fab/auth_manager/api/auth/backend/kerberos_auth.py

@@ -18,27 +18,129 @@
 from __future__ import annotations
 
 import logging
-from functools import partial
-from typing import Any, cast
+import os
+from functools import wraps
+from typing import TYPE_CHECKING, Any, Callable, NamedTuple, TypeVar, cast
 
+import kerberos
+from flask import Response, current_app, g, make_response, request
 from requests_kerberos import HTTPKerberosAuth
 
-from airflow.api.auth.backend.kerberos_auth import (
-    init_app as base_init_app,
-    requires_authentication as base_requires_authentication,
-)
+from airflow.configuration import conf
 from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride
+from airflow.utils.net import getfqdn
 from airflow.www.extensions.init_auth_manager import get_auth_manager
 
+if TYPE_CHECKING:
+    from airflow.auth.managers.models.base_user import BaseUser
+
 log = logging.getLogger(__name__)
 
 CLIENT_AUTH: tuple[str, str] | Any | None = HTTPKerberosAuth(service="airflow")
 
 
+class KerberosService:
+    """Class to keep information about the Kerberos Service initialized."""
+
+    def __init__(self):
+        self.service_name = None
+
+
+class _KerberosAuth(NamedTuple):
+    return_code: int | None
+    user: str = ""
+    token: str | None = None
+
+
+# Stores currently initialized Kerberos Service
+_KERBEROS_SERVICE = KerberosService()
+
+
+def init_app(app):
+    """Initialize application with kerberos."""
+    hostname = app.config.get("SERVER_NAME")
+    if not hostname:
+        hostname = getfqdn()
+    log.info("Kerberos: hostname %s", hostname)
+
+    service = "airflow"
+
+    _KERBEROS_SERVICE.service_name = f"{service}@{hostname}"
+
+    if "KRB5_KTNAME" not in os.environ:
+        os.environ["KRB5_KTNAME"] = conf.get("kerberos", "keytab")
+
+    try:
+        log.info("Kerberos init: %s %s", service, hostname)
+        principal = kerberos.getServerPrincipalDetails(service, hostname)
+    except kerberos.KrbError as err:
+        log.warning("Kerberos: %s", err)
+    else:
+        log.info("Kerberos API: server is %s", principal)
+
+
+def _unauthorized():
+    """Indicate that authorization is required."""
+    return Response("Unauthorized", 401, {"WWW-Authenticate": "Negotiate"})
+
+
+def _forbidden():
+    return Response("Forbidden", 403)
+
+
+def _gssapi_authenticate(token) -> _KerberosAuth | None:
+    state = None
+    try:
+        return_code, state = kerberos.authGSSServerInit(_KERBEROS_SERVICE.service_name)
+        if return_code != kerberos.AUTH_GSS_COMPLETE:
+            return _KerberosAuth(return_code=None)
+
+        if (return_code := kerberos.authGSSServerStep(state, token)) == kerberos.AUTH_GSS_COMPLETE:
+            return _KerberosAuth(
+                return_code=return_code,
+                user=kerberos.authGSSServerUserName(state),
+                token=kerberos.authGSSServerResponse(state),
+            )
+        elif return_code == kerberos.AUTH_GSS_CONTINUE:
+            return _KerberosAuth(return_code=return_code)
+        return _KerberosAuth(return_code=return_code)
+    except kerberos.GSSError:
+        return _KerberosAuth(return_code=None)
+    finally:
+        if state:
+            kerberos.authGSSServerClean(state)
+
+
+T = TypeVar("T", bound=Callable)
+
+
 def find_user(username=None, email=None):
     security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
     return security_manager.find_user(username=username, email=email)
 
 
-init_app = base_init_app
-requires_authentication = partial(base_requires_authentication, find_user=find_user)
+def requires_authentication(function: T, find_user: Callable[[str], BaseUser] | None = find_user):
+    """Decorate functions that require authentication with Kerberos."""
+
+    @wraps(function)
+    def decorated(*args, **kwargs):
+        if current_app.appbuilder.get_app.config.get("AUTH_ROLE_PUBLIC", None):
+            response = function(*args, **kwargs)
+            return make_response(response)
+
+        header = request.headers.get("Authorization")
+        if header:
+            token = "".join(header.split()[1:])
+            auth = _gssapi_authenticate(token)
+            if auth.return_code == kerberos.AUTH_GSS_COMPLETE:
+                g.user = find_user(auth.user)
+                response = function(*args, **kwargs)
+                response = make_response(response)
+                if auth.token is not None:
+                    response.headers["WWW-Authenticate"] = f"negotiate {auth.token}"
+                return response
+            elif auth.return_code != kerberos.AUTH_GSS_CONTINUE:
+                return _forbidden()
+        return _unauthorized()
+
+    return cast(T, decorated)

airflow/providers/fab/auth_manager/cli_commands/db_command.py

@@ -0,0 +1,52 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+from airflow import settings
+from airflow.cli.commands.db_command import run_db_downgrade_command, run_db_migrate_command
+from airflow.providers.fab.auth_manager.models.db import _REVISION_HEADS_MAP, FABDBManager
+from airflow.utils import cli as cli_utils
+from airflow.utils.providers_configuration_loader import providers_configuration_loaded
+
+
+@providers_configuration_loaded
+def resetdb(args):
+    """Reset the metadata database."""
+    print(f"DB: {settings.engine.url!r}")
+    if not (args.yes or input("This will drop existing tables if they exist. Proceed? (y/n)").upper() == "Y"):
+        raise SystemExit("Cancelled")
+    FABDBManager(settings.Session()).resetdb(skip_init=args.skip_init)
+
+
+@cli_utils.action_cli(check_db=False)
+@providers_configuration_loaded
+def migratedb(args):
+    """Migrates the metadata database."""
+    session = settings.Session()
+    upgrade_command = FABDBManager(session).upgradedb
+    run_db_migrate_command(
+        args, upgrade_command, revision_heads_map=_REVISION_HEADS_MAP, reserialize_dags=False
+    )
+
+
+@cli_utils.action_cli(check_db=False)
+@providers_configuration_loaded
+def downgrade(args):
+    """Downgrades the metadata database."""
+    session = settings.Session()
+    dwongrade_command = FABDBManager(session).downgrade
+    run_db_downgrade_command(args, dwongrade_command, revision_heads_map=_REVISION_HEADS_MAP)

airflow/providers/fab/auth_manager/cli_commands/definition.py

@@ -19,8 +19,17 @@ from __future__ import annotations
 import textwrap
 
 from airflow.cli.cli_config import (
+    ARG_DB_FROM_REVISION,
+    ARG_DB_FROM_VERSION,
+    ARG_DB_REVISION__DOWNGRADE,
+    ARG_DB_REVISION__UPGRADE,
+    ARG_DB_SKIP_INIT,
+    ARG_DB_SQL_ONLY,
+    ARG_DB_VERSION__DOWNGRADE,
+    ARG_DB_VERSION__UPGRADE,
     ARG_OUTPUT,
     ARG_VERBOSE,
+    ARG_YES,
     ActionCommand,
     Arg,
     lazy_load_command,
@@ -243,3 +252,55 @@ SYNC_PERM_COMMAND = ActionCommand(
     func=lazy_load_command("airflow.providers.fab.auth_manager.cli_commands.sync_perm_command.sync_perm"),
     args=(ARG_INCLUDE_DAGS, ARG_VERBOSE),
 )
+
+DB_COMMANDS = (
+    ActionCommand(
+        name="migrate",
+        help="Migrates the FAB metadata database to the latest version",
+        description=(
+            "Migrate the schema of the FAB metadata database. "
+            "Create the database if it does not exist "
+            "To print but not execute commands, use option ``--show-sql-only``. "
+            "If using options ``--from-revision`` or ``--from-version``, you must also use "
+            "``--show-sql-only``, because if actually *running* migrations, we should only "
+            "migrate from the *current* Alembic revision."
+        ),
+        func=lazy_load_command("airflow.providers.fab.auth_manager.cli_commands.db_command.migratedb"),
+        args=(
+            ARG_DB_REVISION__UPGRADE,
+            ARG_DB_VERSION__UPGRADE,
+            ARG_DB_SQL_ONLY,
+            ARG_DB_FROM_REVISION,
+            ARG_DB_FROM_VERSION,
+            ARG_VERBOSE,
+        ),
+    ),
+    ActionCommand(
+        name="downgrade",
+        help="Downgrade the schema of the FAB metadata database.",
+        description=(
+            "Downgrade the schema of the FAB metadata database. "
+            "You must provide either `--to-revision` or `--to-version`. "
+            "To print but not execute commands, use option `--show-sql-only`. "
+            "If using options `--from-revision` or `--from-version`, you must also use `--show-sql-only`, "
+            "because if actually *running* migrations, we should only migrate from the *current* Alembic "
+            "revision."
+        ),
+        func=lazy_load_command("airflow.providers.fab.auth_manager.cli_commands.db_command.downgrade"),
+        args=(
+            ARG_DB_REVISION__DOWNGRADE,
+            ARG_DB_VERSION__DOWNGRADE,
+            ARG_DB_SQL_ONLY,
+            ARG_YES,
+            ARG_DB_FROM_REVISION,
+            ARG_DB_FROM_VERSION,
+            ARG_VERBOSE,
+        ),
+    ),
+    ActionCommand(
+        name="reset",
+        help="Burn down and rebuild the FAB metadata database",
+        func=lazy_load_command("airflow.providers.fab.auth_manager.cli_commands.db_command.resetdb"),
+        args=(ARG_YES, ARG_DB_SKIP_INIT, ARG_VERBOSE),
+    ),
+)

airflow/providers/fab/auth_manager/cli_commands/user_command.py

@@ -212,10 +212,12 @@ def users_import(args):
 
     users_created, users_updated = _import_users(users_list)
     if users_created:
-        print("Created the following users:\n\t{}".format("\n\t".join(users_created)))
+        users_created_str = "\n\t".join(users_created)
+        print(f"Created the following users:\n\t{users_created_str}")
 
     if users_updated:
-        print("Updated the following users:\n\t{}".format("\n\t".join(users_updated)))
+        users_updated_str = "\n\t".join(users_updated)
+        print(f"Updated the following users:\n\t{users_updated_str}")
 
 
 def _import_users(users_list: list[dict[str, Any]]):
@@ -231,9 +233,8 @@ def _import_users(users_list: list[dict[str, Any]]):
                 msg.append(f"[Item {row_num}]")
                 for key, value in failure.items():
                     msg.append(f"\t{key}: {value}")
-            raise SystemExit(
-                "Error: Input file didn't pass validation. See below:\n{}".format("\n".join(msg))
-            )
+            msg_str = "\n".join(msg)
+            raise SystemExit(f"Error: Input file didn't pass validation. See below:\n{msg_str}")
 
         for user in users_list:
             roles = []

airflow/providers/fab/auth_manager/fab_auth_manager.py

@@ -22,11 +22,14 @@ from functools import cached_property
 from pathlib import Path
 from typing import TYPE_CHECKING, Container
 
+import packaging.version
 from connexion import FlaskApi
 from flask import Blueprint, url_for
+from packaging.version import Version
 from sqlalchemy import select
 from sqlalchemy.orm import Session, joinedload
 
+from airflow import __version__ as airflow_version
 from airflow.auth.managers.base_auth_manager import BaseAuthManager, ResourceMethod
 from airflow.auth.managers.models.resource_details import (
     AccessView,
@@ -47,6 +50,7 @@ from airflow.configuration import conf
 from airflow.exceptions import AirflowConfigException, AirflowException
 from airflow.models import DagModel
 from airflow.providers.fab.auth_manager.cli_commands.definition import (
+    DB_COMMANDS,
     ROLES_COMMANDS,
     SYNC_PERM_COMMAND,
     USERS_COMMANDS,
@@ -81,6 +85,7 @@ from airflow.security.permissions import (
 )
 from airflow.utils.session import NEW_SESSION, provide_session
 from airflow.utils.yaml import safe_load
+from airflow.version import version
 from airflow.www.constants import SWAGGER_BUNDLE, SWAGGER_ENABLED
 from airflow.www.extensions.init_views import _CustomErrorRequestBodyValidator, _LazyResolver
 
@@ -132,7 +137,7 @@ class FabAuthManager(BaseAuthManager):
     @staticmethod
     def get_cli_commands() -> list[CLICommand]:
         """Vends CLI commands to be included in Airflow CLI."""
-        return [
+        commands: list[CLICommand] = [
             GroupCommand(
                 name="users",
                 help="Manage users",
@@ -145,6 +150,12 @@ class FabAuthManager(BaseAuthManager):
             ),
             SYNC_PERM_COMMAND,  # not in a command group
         ]
+        # If Airflow version is 3.0.0 or higher, add the fab-db command group
+        if packaging.version.parse(
+            packaging.version.parse(airflow_version).base_version
+        ) >= packaging.version.parse("3.0.0"):
+            commands.append(GroupCommand(name="fab-db", help="Manage FAB", subcommands=DB_COMMANDS))
+        return commands
 
     def get_api_endpoints(self) -> None | Blueprint:
         folder = Path(__file__).parents[0].resolve()  # this is airflow/auth/managers/fab/
@@ -179,7 +190,13 @@ class FabAuthManager(BaseAuthManager):
 
     def is_logged_in(self) -> bool:
         """Return whether the user is logged in."""
-        return not self.get_user().is_anonymous
+        user = self.get_user()
+        if Version(Version(version).base_version) < Version("3.0.0"):
+            return not user.is_anonymous and user.is_active
+        else:
+            return self.appbuilder.get_app.config.get("AUTH_ROLE_PUBLIC", None) or (
+                not user.is_anonymous and user.is_active
+            )
 
     def is_authorized_configuration(
         self,
@@ -364,10 +381,15 @@ class FabAuthManager(BaseAuthManager):
 
     def get_url_user_profile(self) -> str | None:
         """Return the url to a page displaying info about the current user."""
-        if not self.security_manager.user_view:
+        if not self.security_manager.user_view or self.appbuilder.get_app.config.get(
+            "AUTH_ROLE_PUBLIC", None
+        ):
             return None
         return url_for(f"{self.security_manager.user_view.endpoint}.userinfo")
 
+    def register_views(self) -> None:
+        self.security_manager.register_views()
+
     def _is_authorized(
         self,
         *,
@@ -519,9 +541,11 @@ class FabAuthManager(BaseAuthManager):
         # Otherwise, when the name of a view or menu is changed, the framework
         # will add the new Views and Menus names to the backend, but will not
         # delete the old ones.
-        if conf.getboolean(
-            "fab", "UPDATE_FAB_PERMS", fallback=conf.getboolean("webserver", "UPDATE_FAB_PERMS")
-        ):
+        if Version(Version(version).base_version) >= Version("3.0.0"):
+            fallback = None
+        else:
+            fallback = conf.getboolean("webserver", "UPDATE_FAB_PERMS")
+        if conf.getboolean("fab", "UPDATE_FAB_PERMS", fallback=fallback):
             self.security_manager.sync_roles()
 
 

airflow/providers/fab/auth_manager/models/__init__.py

@@ -23,6 +23,7 @@ import datetime
 # Copyright 2013, Daniel Vaz Gaspar
 from typing import TYPE_CHECKING
 
+import packaging.version
 from flask import current_app, g
 from flask_appbuilder.models.sqla import Model
 from sqlalchemy import (
@@ -32,6 +33,7 @@ from sqlalchemy import (
     ForeignKey,
     Index,
     Integer,
+    MetaData,
     String,
     Table,
     UniqueConstraint,
@@ -39,16 +41,11 @@ from sqlalchemy import (
     func,
     select,
 )
-from sqlalchemy.orm import backref, declared_attr, relationship
+from sqlalchemy.orm import backref, declared_attr, registry, relationship
 
+from airflow import __version__ as airflow_version
 from airflow.auth.managers.models.base_user import BaseUser
-from airflow.models.base import Base
-
-"""
-Compatibility note: The models in this file are duplicated from Flask AppBuilder.
-"""
-# Use airflow metadata to create the tables
-Model.metadata = Base.metadata
+from airflow.models.base import _get_schema, naming_convention
 
 if TYPE_CHECKING:
     try:
@@ -56,6 +53,22 @@ if TYPE_CHECKING:
     except Exception:
         Identity = None
 
+"""
+Compatibility note: The models in this file are duplicated from Flask AppBuilder.
+"""
+
+metadata = MetaData(schema=_get_schema(), naming_convention=naming_convention)
+mapper_registry = registry(metadata=metadata)
+
+if packaging.version.parse(packaging.version.parse(airflow_version).base_version) >= packaging.version.parse(
+    "3.0.0"
+):
+    Model.metadata = metadata
+else:
+    from airflow.models.base import Base
+
+    Model.metadata = Base.metadata
+
 
 class Action(Model):
     """Represents permission actions such as `can_read`."""

airflow/providers/fab/auth_manager/models/anonymous_user.py

@@ -29,10 +29,13 @@ class AnonymousUser(AnonymousUserMixin, BaseUser):
     _roles: set[tuple[str, str]] = set()
     _perms: set[tuple[str, str]] = set()
 
+    first_name = "Anonymous"
+    last_name = ""
+
     @property
     def roles(self):
         if not self._roles:
-            public_role = current_app.appbuilder.get_app.config["AUTH_ROLE_PUBLIC"]
+            public_role = current_app.appbuilder.get_app.config.get("AUTH_ROLE_PUBLIC", None)
             self._roles = {current_app.appbuilder.sm.find_role(public_role)} if public_role else set()
         return self._roles
 
@@ -48,3 +51,6 @@ class AnonymousUser(AnonymousUserMixin, BaseUser):
                 (perm.action.name, perm.resource.name) for role in self.roles for perm in role.permissions
             }
         return self._perms
+
+    def get_name(self) -> str:
+        return "Anonymous"

airflow/providers/fab/auth_manager/models/db.py

@@ -0,0 +1,107 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+import os
+
+import airflow
+from airflow import settings
+from airflow.exceptions import AirflowException
+from airflow.providers.fab.auth_manager.models import metadata
+from airflow.utils.db import _offline_migration, print_happy_cat
+from airflow.utils.db_manager import BaseDBManager
+
+PACKAGE_DIR = os.path.dirname(airflow.__file__)
+
+_REVISION_HEADS_MAP: dict[str, str] = {
+    "1.4.0": "6709f7a774b9",
+}
+
+
+class FABDBManager(BaseDBManager):
+    """Manages FAB database."""
+
+    metadata = metadata
+    version_table_name = "alembic_version_fab"
+    migration_dir = os.path.join(PACKAGE_DIR, "providers/fab/migrations")
+    alembic_file = os.path.join(PACKAGE_DIR, "providers/fab/alembic.ini")
+    supports_table_dropping = True
+
+    def upgradedb(self, to_revision=None, from_revision=None, show_sql_only=False):
+        """Upgrade the database."""
+        if from_revision and not show_sql_only:
+            raise AirflowException("`from_revision` only supported with `sql_only=True`.")
+
+        # alembic adds significant import time, so we import it lazily
+        if not settings.SQL_ALCHEMY_CONN:
+            raise RuntimeError("The settings.SQL_ALCHEMY_CONN not set. This is a critical assertion.")
+        from alembic import command
+
+        config = self.get_alembic_config()
+
+        if show_sql_only:
+            if settings.engine.dialect.name == "sqlite":
+                raise SystemExit("Offline migration not supported for SQLite.")
+            if not from_revision:
+                from_revision = self.get_current_revision()
+
+            if not to_revision:
+                script = self.get_script_object(config)
+                to_revision = script.get_current_head()
+
+            if to_revision == from_revision:
+                print_happy_cat("No migrations to apply; nothing to do.")
+                return
+            _offline_migration(command.upgrade, config, f"{from_revision}:{to_revision}")
+            return  # only running sql; our job is done
+
+        if not self.get_current_revision():
+            # New DB; initialize and exit
+            self.initdb()
+            return
+
+        command.upgrade(config, revision=to_revision or "heads")
+
+    def downgrade(self, to_revision, from_revision=None, show_sql_only=False):
+        if from_revision and not show_sql_only:
+            raise ValueError(
+                "`from_revision` can't be combined with `show_sql_only=False`. When actually "
+                "applying a downgrade (instead of just generating sql), we always "
+                "downgrade from current revision."
+            )
+
+        if not settings.SQL_ALCHEMY_CONN:
+            raise RuntimeError("The settings.SQL_ALCHEMY_CONN not set.")
+
+        # alembic adds significant import time, so we import it lazily
+        from alembic import command
+
+        self.log.info("Attempting downgrade of FAB migration to revision %s", to_revision)
+        config = self.get_alembic_config()
+
+        if show_sql_only:
+            self.log.warning("Generating sql scripts for manual migration.")
+            if not from_revision:
+                from_revision = self.get_current_revision()
+            if from_revision is None:
+                self.log.info("No revision found")
+                return
+            revision_range = f"{from_revision}:{to_revision}"
+            _offline_migration(command.downgrade, config=config, revision=revision_range)
+        else:
+            self.log.info("Applying FAB downgrade migrations.")
+            command.downgrade(config, revision=to_revision, sql=show_sql_only)

airflow/providers/fab/auth_manager/security_manager/override.py

@@ -609,7 +609,7 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
     @property
     def auth_role_public(self):
         """Get the public role."""
-        return self.appbuilder.get_app.config["AUTH_ROLE_PUBLIC"]
+        return self.appbuilder.get_app.config.get("AUTH_ROLE_PUBLIC", None)
 
     @property
     def oauth_providers(self):
@@ -832,7 +832,6 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         app = self.appbuilder.get_app
         # Base Security Config
         app.config.setdefault("AUTH_ROLE_ADMIN", "Admin")
-        app.config.setdefault("AUTH_ROLE_PUBLIC", "Public")
         app.config.setdefault("AUTH_TYPE", AUTH_DB)
         # Self Registration
         app.config.setdefault("AUTH_USER_REGISTRATION", False)
@@ -955,7 +954,8 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
                 self.add_role(role_name)
             if self.auth_role_admin not in self._builtin_roles:
                 self.add_role(self.auth_role_admin)
-            self.add_role(self.auth_role_public)
+            if self.auth_role_public:
+                self.add_role(self.auth_role_public)
             if self.count_users() == 0 and self.auth_role_public != self.auth_role_admin:
                 log.warning(const.LOGMSG_WAR_SEC_NO_USER)
         except Exception:
@@ -1073,6 +1073,7 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         dags = dagbag.dags.values()
 
         for dag in dags:
+            # TODO: Remove this when the minimum version of Airflow is bumped to 3.0
             root_dag_id = (getattr(dag, "parent_dag", None) or dag).dag_id
             for resource_name, resource_values in self.RESOURCE_DETAILS_MAP.items():
                 dag_resource_name = self._resource_name(root_dag_id, resource_name)
@@ -2828,6 +2829,7 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         ).all()
 
     def _get_root_dag_id(self, dag_id: str) -> str:
+        # TODO: The "root_dag_id" check can be remove when the minimum version of Airflow is bumped to 3.0
         if "." in dag_id and hasattr(DagModel, "root_dag_id"):
             dm = self.appbuilder.get_session.execute(
                 select(DagModel.dag_id, DagModel.root_dag_id).where(DagModel.dag_id == dag_id)

airflow/providers/fab/get_provider_info.py

@@ -28,8 +28,9 @@ def get_provider_info():
         "name": "Fab",
         "description": "`Flask App Builder <https://flask-appbuilder.readthedocs.io/>`__\n",
         "state": "ready",
-        "source-date-epoch": 1723970140,
+        "source-date-epoch": 1726860772,
         "versions": [
+            "1.4.0",
             "1.3.0",
             "1.2.2",
             "1.2.1",
@@ -50,6 +51,8 @@ def get_provider_info():
             "google-re2>=1.0",
             "jmespath>=0.7.0",
         ],
+        "additional-extras": [{"name": "kerberos", "dependencies": ["kerberos>=1.3.0"]}],
+        "devel-dependencies": ["kerberos>=1.3.0"],
         "config": {
             "fab": {
                 "description": "This section contains configs specific to FAB provider.",

airflow/providers/fab/migrations/README

@@ -0,0 +1 @@
+Generic single-database configuration.

airflow/providers/fab/migrations/__init__.py

@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.

airflow/providers/fab/migrations/env.py

@@ -0,0 +1,125 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+import contextlib
+from logging.config import fileConfig
+
+from alembic import context
+
+from airflow import settings
+from airflow.providers.fab.auth_manager.models.db import FABDBManager
+
+# this is the Alembic Config object, which provides
+# access to the values within the .ini file in use.
+config = context.config
+
+version_table = FABDBManager.version_table_name
+
+# Interpret the config file for Python logging.
+# This line sets up loggers basically.
+if config.config_file_name is not None:
+    fileConfig(config.config_file_name, disable_existing_loggers=False)
+
+# add your model's MetaData object here
+# for 'autogenerate' support
+# from myapp import mymodel
+# target_metadata = mymodel.Base.metadata
+target_metadata = FABDBManager.metadata
+
+# other values from the config, defined by the needs of env.py,
+# can be acquired:
+# my_important_option = config.get_main_option("my_important_option")
+# ... etc.
+
+
+def include_object(_, name, type_, *args):
+    if type_ == "table" and name not in target_metadata.tables:
+        return False
+    return True
+
+
+def run_migrations_offline():
+    """
+    Run migrations in 'offline' mode.
+
+    This configures the context with just a URL
+    and not an Engine, though an Engine is acceptable
+    here as well.  By skipping the Engine creation
+    we don't even need a DBAPI to be available.
+
+    Calls to context.execute() here emit the given string to the
+    script output.
+
+    """
+    context.configure(
+        url=settings.SQL_ALCHEMY_CONN,
+        target_metadata=target_metadata,
+        literal_binds=True,
+        compare_type=True,
+        compare_server_default=True,
+        render_as_batch=True,
+        version_table=version_table,
+        include_object=include_object,
+    )
+
+    with context.begin_transaction():
+        context.run_migrations()
+
+
+def run_migrations_online():
+    """
+    Run migrations in 'online' mode.
+
+    In this scenario we need to create an Engine
+    and associate a connection with the context.
+
+    """
+
+    def process_revision_directives(context, revision, directives):
+        if getattr(config.cmd_opts, "autogenerate", False):
+            script = directives[0]
+            if script.upgrade_ops and script.upgrade_ops.is_empty():
+                directives[:] = []
+                print("No change detected in ORM schema, skipping revision.")
+
+    with contextlib.ExitStack() as stack:
+        connection = config.attributes.get("connection", None)
+
+        if not connection:
+            connection = stack.push(settings.engine.connect())
+
+        context.configure(
+            connection=connection,
+            transaction_per_migration=True,
+            target_metadata=target_metadata,
+            compare_type=True,
+            compare_server_default=True,
+            include_object=include_object,
+            render_as_batch=True,
+            process_revision_directives=process_revision_directives,
+            version_table=version_table,
+        )
+
+        with context.begin_transaction():
+            context.run_migrations()
+
+
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    run_migrations_online()

airflow/providers/fab/migrations/script.py.mako

@@ -0,0 +1,45 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+"""${message}
+
+Revision ID: ${up_revision}
+Revises: ${down_revision | comma,n}
+Create Date: ${create_date}
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+${imports if imports else ""}
+
+# revision identifiers, used by Alembic.
+revision = ${repr(up_revision)}
+down_revision = ${repr(down_revision)}
+branch_labels = ${repr(branch_labels)}
+depends_on = ${repr(depends_on)}
+fab_version = None
+
+
+def upgrade() -> None:
+    ${upgrades if upgrades else "pass"}
+
+
+def downgrade() -> None:
+    ${downgrades if downgrades else "pass"}

airflow/providers/fab/migrations/versions/0001_1_4_0_placeholder_migration.py

@@ -0,0 +1,45 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+"""
+placeholder migration.
+
+Revision ID: 6709f7a774b9
+Revises:
+Create Date: 2024-09-03 17:06:38.040510
+
+Note: This is a placeholder migration used to stamp the migration
+when we create the migration from the ORM. Otherwise, it will run
+without stamping the migration, leading to subsequent changes to
+the tables not being migrated.
+"""
+
+from __future__ import annotations
+
+# revision identifiers, used by Alembic.
+revision = "6709f7a774b9"
+down_revision = None
+branch_labels = None
+depends_on = None
+fab_version = "1.4.0"
+
+
+def upgrade() -> None: ...
+
+
+def downgrade() -> None: ...

airflow/providers/fab/migrations/versions/__init__.py

@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.

{apache_airflow_providers_fab-1.3.0rc1.dist-info → apache_airflow_providers_fab-1.4.0rc1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: apache-airflow-providers-fab
-Version: 1.3.0rc1
+Version: 1.4.0rc1
 Summary: Provider package apache-airflow-providers-fab for Apache Airflow
 Keywords: airflow-provider,fab,airflow,integration
 Author-email: Apache Software Foundation <dev@airflow.apache.org>
@@ -27,13 +27,15 @@ Requires-Dist: flask-login>=0.6.2
 Requires-Dist: flask>=2.2,<2.3
 Requires-Dist: google-re2>=1.0
 Requires-Dist: jmespath>=0.7.0
+Requires-Dist: kerberos>=1.3.0 ; extra == "kerberos"
 Project-URL: Bug Tracker, https://github.com/apache/airflow/issues
-Project-URL: Changelog, https://airflow.apache.org/docs/apache-airflow-providers-fab/1.3.0/changelog.html
-Project-URL: Documentation, https://airflow.apache.org/docs/apache-airflow-providers-fab/1.3.0
+Project-URL: Changelog, https://airflow.apache.org/docs/apache-airflow-providers-fab/1.4.0/changelog.html
+Project-URL: Documentation, https://airflow.apache.org/docs/apache-airflow-providers-fab/1.4.0
 Project-URL: Slack Chat, https://s.apache.org/airflow-slack
 Project-URL: Source Code, https://github.com/apache/airflow
 Project-URL: Twitter, https://twitter.com/ApacheAirflow
 Project-URL: YouTube, https://www.youtube.com/channel/UCSXwxpWZQ7XZ1WL3wqevChA/
+Provides-Extra: kerberos
 
 
 .. Licensed to the Apache Software Foundation (ASF) under one
@@ -79,7 +81,7 @@ Project-URL: YouTube, https://www.youtube.com/channel/UCSXwxpWZQ7XZ1WL3wqevChA/
 
 Package ``apache-airflow-providers-fab``
 
-Release: ``1.3.0.rc1``
+Release: ``1.4.0.rc1``
 
 
 `Flask App Builder <https://flask-appbuilder.readthedocs.io/>`__
@@ -92,7 +94,7 @@ This is a provider package for ``fab`` provider. All classes for this provider p
 are in ``airflow.providers.fab`` python package.
 
 You can find package information and changelog for the provider
-in the `documentation <https://airflow.apache.org/docs/apache-airflow-providers-fab/1.3.0/>`_.
+in the `documentation <https://airflow.apache.org/docs/apache-airflow-providers-fab/1.4.0/>`_.
 
 Installation
 ------------
@@ -118,4 +120,4 @@ PIP package           Version required
 ====================  ==================
 
 The changelog for the provider package can be found in the
-`changelog <https://airflow.apache.org/docs/apache-airflow-providers-fab/1.3.0/changelog.html>`_.
+`changelog <https://airflow.apache.org/docs/apache-airflow-providers-fab/1.4.0/changelog.html>`_.

{apache_airflow_providers_fab-1.3.0rc1.dist-info → apache_airflow_providers_fab-1.4.0rc1.dist-info}/RECORD

@@ -1,38 +1,47 @@
 airflow/providers/fab/LICENSE,sha256=FFb4jd2AXnOOf7XLP04pQW6jbdhG49TxlGY6fFpCV1Y,13609
-airflow/providers/fab/__init__.py,sha256=kO58YtLm_XBzc8nZAjDWfM7_KtjjflLtkHjHaLfhCZ4,1490
-airflow/providers/fab/get_provider_info.py,sha256=ZaurwvXWOiDEyNg7_pCXctDAzEFYYEnPxA34Lf1emfQ,3189
+airflow/providers/fab/__init__.py,sha256=cDsr9zaomdLZDM0OHErGAqqk62gOk00enaPd7Wggbzs,1490
+airflow/providers/fab/alembic.ini,sha256=_1SvObfjMAkuD7DN5VR2S6Rd7_F81pORZT-w7GJldIA,4461
+airflow/providers/fab/get_provider_info.py,sha256=pmrrrCTCFbUghKT42uXbxRWK5ZKnEaYEMRlleaRSHEg,3351
 airflow/providers/fab/auth_manager/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
-airflow/providers/fab/auth_manager/fab_auth_manager.py,sha256=lzUhvexJGkMHrNrTl7RMM-69KgrAvUEmkrvaNxDZnVQ,20830
+airflow/providers/fab/auth_manager/fab_auth_manager.py,sha256=RQzFmULrGVre0GHr6MiVAL2_YqzKTf45LoLHpVjUkMY,21949
 airflow/providers/fab/auth_manager/api/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
 airflow/providers/fab/auth_manager/api/auth/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
 airflow/providers/fab/auth_manager/api/auth/backend/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
-airflow/providers/fab/auth_manager/api/auth/backend/basic_auth.py,sha256=UBGP5UHV6kNsChvL9rkYOQWHszEJtE4AkSFagcRsqrs,2502
-airflow/providers/fab/auth_manager/api/auth/backend/kerberos_auth.py,sha256=SvuJ9jo06ZfB_40FUKaiHb8cw2d3Jpxm-YYSOWEzA7I,1712
+airflow/providers/fab/auth_manager/api/auth/backend/basic_auth.py,sha256=qj9dIyfNXPoZQUUv9JcxgfNK5swS4aTnPcRa0wcE9Gg,2608
+airflow/providers/fab/auth_manager/api/auth/backend/kerberos_auth.py,sha256=KAFpis1g8xLDqZsBIzcLGXcGJSpZ_2DTgByHB9uEwqQ,5068
 airflow/providers/fab/auth_manager/api_endpoints/__init__.py,sha256=9hdXHABrVpkbpjZgUft39kOFL2xSGeG4GEua0Hmelus,785
 airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py,sha256=jr-nna1-QLwfquCR0FJcETlQOMC-L1Mhknf2-bvqITw,7552
 airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py,sha256=TPT4C02jjOXAWI-lOwnaDeS-EEWzJCjQuFVc2E4JsPw,8484
 airflow/providers/fab/auth_manager/cli_commands/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
-airflow/providers/fab/auth_manager/cli_commands/definition.py,sha256=hjcb3IL-G1s120UcdOZcV5ssgC7uuTfTmHECGlmr7bk,9075
+airflow/providers/fab/auth_manager/cli_commands/db_command.py,sha256=h0yRnHMKs1Dndujt5FKyWOv3yEZnX0L41rUadbyuP98,2189
+airflow/providers/fab/auth_manager/cli_commands/definition.py,sha256=XIAPqoHwkFHshfbj6yGIs7xUrR-uSE1F7V71n44PttA,11483
 airflow/providers/fab/auth_manager/cli_commands/role_command.py,sha256=4w1tHTR5gBbsymeqGIJ4Rs8CmGdw0l49y58pfI0DB_s,9098
 airflow/providers/fab/auth_manager/cli_commands/sync_perm_command.py,sha256=VpW-rWhgHAL_ReU66D_BrsxlXQN4okfxzj6dyE5IfwA,1663
-airflow/providers/fab/auth_manager/cli_commands/user_command.py,sha256=qaYuBbIvF_P0C_SIdQuEFS-hcjRkyn74Gl9Jt0hh2Gs,10207
+airflow/providers/fab/auth_manager/cli_commands/user_command.py,sha256=DMsGccMSs2u0cn1dQgRYkJoG37JhEE-m9dtn-sWEOXw,10275
 airflow/providers/fab/auth_manager/cli_commands/utils.py,sha256=yr4CMaP5Y6-0mRwsPl62aPEoiys8ImyOlO0e9CLyrGY,2043
 airflow/providers/fab/auth_manager/decorators/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
 airflow/providers/fab/auth_manager/decorators/auth.py,sha256=Z4_xiS1N1E0MqDP9OxHx_YJvKe0sH15afP0tn5LP3Ss,4948
-airflow/providers/fab/auth_manager/models/__init__.py,sha256=IEGXoz1HaCHxoH8DzI5DIoYHBKlrN1wjru7Ey_YhtkA,8827
-airflow/providers/fab/auth_manager/models/anonymous_user.py,sha256=ki1jM-SdxSEJzXhrsiulmziWHlKkU2LguQkXMaRmykE,1775
+airflow/providers/fab/auth_manager/models/__init__.py,sha256=KZl07tphFlZ8kTnsV8k7eTMilaWtd6rV-RjtWOkb13E,9243
+airflow/providers/fab/auth_manager/models/anonymous_user.py,sha256=CNwZHKyURxkTSkqhnyGioML9qBsngDP0wmfdFe04w8E,1893
+airflow/providers/fab/auth_manager/models/db.py,sha256=lidEkcdFZ7jR-Sva0z3JLhfba0X3k4cOPmQM5wyzke4,4375
 airflow/providers/fab/auth_manager/openapi/__init__.py,sha256=9hdXHABrVpkbpjZgUft39kOFL2xSGeG4GEua0Hmelus,785
 airflow/providers/fab/auth_manager/openapi/v1.yaml,sha256=xFlQMccLoGarx8SnQvGJ1DRfHo4jQ3p9DzoPqQINcCw,19380
 airflow/providers/fab/auth_manager/security_manager/__init__.py,sha256=mlJxuZLkd5x-iq2SBwD3mvRQpt3YR7wjz_nceyF1IaI,787
 airflow/providers/fab/auth_manager/security_manager/constants.py,sha256=x1Sjl_Mu3wmaSy3NFZlHxK2z-juzWmMs1SrzJ0aiBBQ,907
-airflow/providers/fab/auth_manager/security_manager/override.py,sha256=TiZGNdAwpGe3GlcOEG2P0AI_EwBQFs1Hwtant0pKTVI,115241
+airflow/providers/fab/auth_manager/security_manager/override.py,sha256=uzHY9zftcSdJXozsgKdfR9KK7HIK_RYQa7Ad1nP7IMY,115425
 airflow/providers/fab/auth_manager/views/__init__.py,sha256=9hdXHABrVpkbpjZgUft39kOFL2xSGeG4GEua0Hmelus,785
 airflow/providers/fab/auth_manager/views/permissions.py,sha256=k5APUTqqKZqMxCWlKrUEgqdDVrGa9719HJ3UmFpiSLc,2886
 airflow/providers/fab/auth_manager/views/roles_list.py,sha256=o_VqnLbQa4sisKxLwyx6VCl3HmvjKcjkrJG23R81FMQ,1494
 airflow/providers/fab/auth_manager/views/user.py,sha256=KaBWeBMy5j8o9qwe0RDHhtToO4aC6pH_m7N9IcIj1xM,5995
 airflow/providers/fab/auth_manager/views/user_edit.py,sha256=d8wQ_8Rk8Ce95sCElZIXN7ATwbXrT2Tauqn5uTwuo2E,2140
 airflow/providers/fab/auth_manager/views/user_stats.py,sha256=zP2eX6e40rpEohJcvnvri4Khu3Q4ULLxjz1zOWvOr8A,1300
-apache_airflow_providers_fab-1.3.0rc1.dist-info/entry_points.txt,sha256=m05kASp7vFi0ZmQ--CFp7GeJpPL7UT2RQF8EEP5XRX8,99
-apache_airflow_providers_fab-1.3.0rc1.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81
-apache_airflow_providers_fab-1.3.0rc1.dist-info/METADATA,sha256=zgM-QPniFlqQOIf2OO6TBmtNUbrzS1PEyJdV-rjc-0I,5022
-apache_airflow_providers_fab-1.3.0rc1.dist-info/RECORD,,
+airflow/providers/fab/migrations/README,sha256=heMzebYwlGhnE8_4CWJ4LS74WoEZjBy-S-mIJRxAEKI,39
+airflow/providers/fab/migrations/__init__.py,sha256=9hdXHABrVpkbpjZgUft39kOFL2xSGeG4GEua0Hmelus,785
+airflow/providers/fab/migrations/env.py,sha256=brxmsuAiSRSwzG14Butue1chSJSXaLW53-ABihPLmKw,3951
+airflow/providers/fab/migrations/script.py.mako,sha256=_krfPtzv1Unme2b9MCHPgXo0g73HcN2_zDgz3co2N4M,1353
+airflow/providers/fab/migrations/versions/0001_1_4_0_placeholder_migration.py,sha256=wLZiBiWjfSofXZ4jXMjpEKkIc3jI0a6hpJ73xEYAzss,1370
+airflow/providers/fab/migrations/versions/__init__.py,sha256=9hdXHABrVpkbpjZgUft39kOFL2xSGeG4GEua0Hmelus,785
+apache_airflow_providers_fab-1.4.0rc1.dist-info/entry_points.txt,sha256=m05kASp7vFi0ZmQ--CFp7GeJpPL7UT2RQF8EEP5XRX8,99
+apache_airflow_providers_fab-1.4.0rc1.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81
+apache_airflow_providers_fab-1.4.0rc1.dist-info/METADATA,sha256=LZQ-8b5LI6Fb-kqfgQVLYrsj4vVYa3X5-MUzKy9ZMgc,5100
+apache_airflow_providers_fab-1.4.0rc1.dist-info/RECORD,,