apache-airflow-providers-fab 1.5.3__py3-none-any.whl → 2.0.0__py3-none-any.whl

airflow/providers/fab/LICENSE

@@ -199,55 +199,3 @@ distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-
-============================================================================
-   APACHE AIRFLOW SUBCOMPONENTS:
-
-   The Apache Airflow project contains subcomponents with separate copyright
-   notices and license terms. Your use of the source code for the these
-   subcomponents is subject to the terms and conditions of the following
-   licenses.
-
-
-========================================================================
-Third party Apache 2.0 licenses
-========================================================================
-
-The following components are provided under the Apache 2.0 License.
-See project link for details. The text of each license is also included
-at 3rd-party-licenses/LICENSE-[project].txt.
-
-    (ALv2 License) hue v4.3.0 (https://github.com/cloudera/hue/)
-    (ALv2 License) jqclock v2.3.0 (https://github.com/JohnRDOrazio/jQuery-Clock-Plugin)
-    (ALv2 License) bootstrap3-typeahead v4.0.2 (https://github.com/bassjobsen/Bootstrap-3-Typeahead)
-    (ALv2 License) connexion v2.7.0 (https://github.com/zalando/connexion)
-
-========================================================================
-MIT licenses
-========================================================================
-
-The following components are provided under the MIT License. See project link for details.
-The text of each license is also included at 3rd-party-licenses/LICENSE-[project].txt.
-
-    (MIT License) jquery v3.5.1 (https://jquery.org/license/)
-    (MIT License) dagre-d3 v0.6.4 (https://github.com/cpettitt/dagre-d3)
-    (MIT License) bootstrap v3.4.1 (https://github.com/twbs/bootstrap/)
-    (MIT License) d3-tip v0.9.1 (https://github.com/Caged/d3-tip)
-    (MIT License) dataTables v1.10.25 (https://datatables.net)
-    (MIT License) normalize.css v3.0.2 (http://necolas.github.io/normalize.css/)
-    (MIT License) ElasticMock v1.3.2 (https://github.com/vrcmarcos/elasticmock)
-    (MIT License) MomentJS v2.24.0 (http://momentjs.com/)
-    (MIT License) eonasdan-bootstrap-datetimepicker v4.17.49 (https://github.com/eonasdan/bootstrap-datetimepicker/)
-
-========================================================================
-BSD 3-Clause licenses
-========================================================================
-The following components are provided under the BSD 3-Clause license. See project links for details.
-The text of each license is also included at 3rd-party-licenses/LICENSE-[project].txt.
-
-    (BSD 3 License) d3 v5.16.0 (https://d3js.org)
-    (BSD 3 License) d3-shape v2.1.0 (https://github.com/d3/d3-shape)
-    (BSD 3 License) cgroupspy 0.2.1 (https://github.com/cloudsigma/cgroupspy)
-
-========================================================================
-See 3rd-party-licenses/LICENSES-ui.txt for packages used in `/airflow/www`

airflow/providers/fab/__init__.py

@@ -29,11 +29,11 @@ from airflow import __version__ as airflow_version
 
 __all__ = ["__version__"]
 
-__version__ = "1.5.3"
+__version__ = "2.0.0"
 
 if packaging.version.parse(packaging.version.parse(airflow_version).base_version) < packaging.version.parse(
-    "2.9.0"
+    "3.0.0"
 ):
     raise RuntimeError(
-        f"The package `apache-airflow-providers-fab:{__version__}` needs Apache Airflow 2.9.0+"
+        f"The package `apache-airflow-providers-fab:{__version__}` needs Apache Airflow 3.0.0+"
     )

airflow/providers/fab/auth_manager/api/auth/backend/basic_auth.py

@@ -25,10 +25,10 @@ from flask import Response, current_app, request
 from flask_appbuilder.const import AUTH_LDAP
 from flask_login import login_user
 
-from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride
-from airflow.www.extensions.init_auth_manager import get_auth_manager
+from airflow.api_fastapi.app import get_auth_manager
 
 if TYPE_CHECKING:
+    from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
     from airflow.providers.fab.auth_manager.models import User
 
 CLIENT_AUTH: tuple[str, str] | Any | None = None
@@ -45,8 +45,7 @@ def auth_current_user() -> User | None:
     auth = request.authorization
     if auth is None or not auth.username or not auth.password:
         return None
-
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     user = None
     if security_manager.auth_type == AUTH_LDAP:
         user = security_manager.auth_user_ldap(auth.username, auth.password)
@@ -67,4 +66,4 @@ def requires_authentication(function: T):
         else:
             return Response("Unauthorized", 401, {"WWW-Authenticate": "Basic"})
 
-    return cast(T, decorated)
+    return cast("T", decorated)

airflow/providers/fab/auth_manager/api/auth/backend/kerberos_auth.py

@@ -26,13 +26,13 @@ import kerberos
 from flask import Response, current_app, g, make_response, request
 from requests_kerberos import HTTPKerberosAuth
 
+from airflow.api_fastapi.app import get_auth_manager
 from airflow.configuration import conf
-from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride
 from airflow.utils.net import getfqdn
-from airflow.www.extensions.init_auth_manager import get_auth_manager
 
 if TYPE_CHECKING:
-    from airflow.auth.managers.models.base_user import BaseUser
+    from airflow.api_fastapi.auth.managers.models.base_user import BaseUser
+    from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
 
 log = logging.getLogger(__name__)
 
@@ -115,7 +115,7 @@ T = TypeVar("T", bound=Callable)
 
 
 def find_user(username=None, email=None):
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     return security_manager.find_user(username=username, email=email)
 
 
@@ -143,4 +143,4 @@ def requires_authentication(function: T, find_user: Callable[[str], BaseUser] |
                 return _forbidden()
         return _unauthorized()
 
-    return cast(T, decorated)
+    return cast("T", decorated)

airflow/providers/fab/auth_manager/api/auth/backend/session.py

@@ -23,7 +23,7 @@ from typing import Any, Callable, TypeVar, cast
 
 from flask import Response
 
-from airflow.www.extensions.init_auth_manager import get_auth_manager
+from airflow.api_fastapi.app import get_auth_manager
 
 CLIENT_AUTH: tuple[str, str] | Any | None = None
 
@@ -44,4 +44,4 @@ def requires_authentication(function: T):
             return Response("Unauthorized", 401, {})
         return function(*args, **kwargs)
 
-    return cast(T, decorated)
+    return cast("T", decorated)

airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py

@@ -24,9 +24,7 @@ from flask import request
 from marshmallow import ValidationError
 from sqlalchemy import asc, desc, func, select
 
-from airflow.api_connexion.exceptions import AlreadyExists, BadRequest, NotFound
-from airflow.api_connexion.parameters import check_limit, format_parameters
-from airflow.api_connexion.security import requires_access_custom_view
+from airflow.api_fastapi.app import get_auth_manager
 from airflow.providers.fab.auth_manager.models import Action, Role
 from airflow.providers.fab.auth_manager.schemas.role_and_permission_schema import (
     ActionCollection,
@@ -35,12 +33,15 @@ from airflow.providers.fab.auth_manager.schemas.role_and_permission_schema impor
     role_collection_schema,
     role_schema,
 )
-from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride
-from airflow.security import permissions
-from airflow.www.extensions.init_auth_manager import get_auth_manager
+from airflow.providers.fab.www.api_connexion.exceptions import AlreadyExists, BadRequest, NotFound
+from airflow.providers.fab.www.api_connexion.parameters import check_limit, format_parameters
+from airflow.providers.fab.www.api_connexion.security import requires_access_custom_view
+from airflow.providers.fab.www.security import permissions
 
 if TYPE_CHECKING:
-    from airflow.api_connexion.types import APIResponse, UpdateMask
+    from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
+    from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride
+    from airflow.providers.fab.www.api_connexion.types import APIResponse, UpdateMask
 
 
 def _check_action_and_resource(sm: FabAirflowSecurityManagerOverride, perms: list[tuple[str, str]]) -> None:
@@ -59,7 +60,7 @@ def _check_action_and_resource(sm: FabAirflowSecurityManagerOverride, perms: lis
 @requires_access_custom_view("GET", permissions.RESOURCE_ROLE)
 def get_role(*, role_name: str) -> APIResponse:
     """Get role."""
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     role = security_manager.find_role(name=role_name)
     if not role:
         raise NotFound(title="Role not found", detail=f"Role with name {role_name!r} was not found")
@@ -70,7 +71,7 @@ def get_role(*, role_name: str) -> APIResponse:
 @format_parameters({"limit": check_limit})
 def get_roles(*, order_by: str = "name", limit: int, offset: int | None = None) -> APIResponse:
     """Get roles."""
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     session = security_manager.get_session
     total_entries = session.scalars(select(func.count(Role.id))).one()
     direction = desc if order_by.startswith("-") else asc
@@ -80,8 +81,7 @@ def get_roles(*, order_by: str = "name", limit: int, offset: int | None = None)
     allowed_sort_attrs = ["role_id", "name"]
     if order_by not in allowed_sort_attrs:
         raise BadRequest(
-            detail=f"Ordering with '{order_by}' is disallowed or "
-            f"the attribute does not exist on the model"
+            detail=f"Ordering with '{order_by}' is disallowed or the attribute does not exist on the model"
         )
 
     query = select(Role)
@@ -98,7 +98,7 @@ def get_roles(*, order_by: str = "name", limit: int, offset: int | None = None)
 @format_parameters({"limit": check_limit})
 def get_permissions(*, limit: int, offset: int | None = None) -> APIResponse:
     """Get permissions."""
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     session = security_manager.get_session
     total_entries = session.scalars(select(func.count(Action.id))).one()
     query = select(Action)
@@ -109,7 +109,7 @@ def get_permissions(*, limit: int, offset: int | None = None) -> APIResponse:
 @requires_access_custom_view("DELETE", permissions.RESOURCE_ROLE)
 def delete_role(*, role_name: str) -> APIResponse:
     """Delete a role."""
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
 
     role = security_manager.find_role(name=role_name)
     if not role:
@@ -121,7 +121,7 @@ def delete_role(*, role_name: str) -> APIResponse:
 @requires_access_custom_view("PUT", permissions.RESOURCE_ROLE)
 def patch_role(*, role_name: str, update_mask: UpdateMask = None) -> APIResponse:
     """Update a role."""
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     body = request.json
     try:
         data = role_schema.load(body)
@@ -154,7 +154,7 @@ def patch_role(*, role_name: str, update_mask: UpdateMask = None) -> APIResponse
 @requires_access_custom_view("POST", permissions.RESOURCE_ROLE)
 def post_role() -> APIResponse:
     """Create a new role."""
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     body = request.json
     try:
         data = role_schema.load(body)

airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py

@@ -25,9 +25,7 @@ from marshmallow import ValidationError
 from sqlalchemy import asc, desc, func, select
 from werkzeug.security import generate_password_hash
 
-from airflow.api_connexion.exceptions import AlreadyExists, BadRequest, NotFound, Unknown
-from airflow.api_connexion.parameters import check_limit, format_parameters
-from airflow.api_connexion.security import requires_access_custom_view
+from airflow.api_fastapi.app import get_auth_manager
 from airflow.providers.fab.auth_manager.models import User
 from airflow.providers.fab.auth_manager.schemas.user_schema import (
     UserCollection,
@@ -35,19 +33,21 @@ from airflow.providers.fab.auth_manager.schemas.user_schema import (
     user_collection_schema,
     user_schema,
 )
-from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride
-from airflow.security import permissions
-from airflow.www.extensions.init_auth_manager import get_auth_manager
+from airflow.providers.fab.www.api_connexion.exceptions import AlreadyExists, BadRequest, NotFound, Unknown
+from airflow.providers.fab.www.api_connexion.parameters import check_limit, format_parameters
+from airflow.providers.fab.www.api_connexion.security import requires_access_custom_view
+from airflow.providers.fab.www.security import permissions
 
 if TYPE_CHECKING:
-    from airflow.api_connexion.types import APIResponse, UpdateMask
+    from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
     from airflow.providers.fab.auth_manager.models import Role
+    from airflow.providers.fab.www.api_connexion.types import APIResponse, UpdateMask
 
 
 @requires_access_custom_view("GET", permissions.RESOURCE_USER)
 def get_user(*, username: str) -> APIResponse:
     """Get a user."""
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     user = security_manager.find_user(username=username)
     if not user:
         raise NotFound(title="User not found", detail=f"The User with username `{username}` was not found")
@@ -58,7 +58,7 @@ def get_user(*, username: str) -> APIResponse:
 @format_parameters({"limit": check_limit})
 def get_users(*, limit: int, order_by: str = "id", offset: str | None = None) -> APIResponse:
     """Get users."""
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     session = security_manager.get_session
     total_entries = session.execute(select(func.count(User.id))).scalar()
     direction = desc if order_by.startswith("-") else asc
@@ -76,8 +76,7 @@ def get_users(*, limit: int, order_by: str = "id", offset: str | None = None) ->
     ]
     if order_by not in allowed_sort_attrs:
         raise BadRequest(
-            detail=f"Ordering with '{order_by}' is disallowed or "
-            f"the attribute does not exist on the model"
+            detail=f"Ordering with '{order_by}' is disallowed or the attribute does not exist on the model"
         )
 
     query = select(User).order_by(direction(getattr(User, order_param))).offset(offset).limit(limit)
@@ -94,7 +93,7 @@ def post_user() -> APIResponse:
     except ValidationError as e:
         raise BadRequest(detail=str(e.messages))
 
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     username = data["username"]
     email = data["email"]
 
@@ -137,7 +136,7 @@ def patch_user(*, username: str, update_mask: UpdateMask = None) -> APIResponse:
     except ValidationError as e:
         raise BadRequest(detail=str(e.messages))
 
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
 
     user = security_manager.find_user(username=username)
     if user is None:
@@ -201,7 +200,7 @@ def patch_user(*, username: str, update_mask: UpdateMask = None) -> APIResponse:
 @requires_access_custom_view("DELETE", permissions.RESOURCE_USER)
 def delete_user(*, username: str) -> APIResponse:
     """Delete a user."""
-    security_manager = cast(FabAirflowSecurityManagerOverride, get_auth_manager().security_manager)
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
 
     user = security_manager.find_user(username=username)
     if user is None:

airflow/providers/fab/auth_manager/api_fastapi/__init__.py

@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.

airflow/providers/fab/auth_manager/api_fastapi/datamodels/__init__.py

@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.

airflow/providers/fab/auth_manager/api_fastapi/datamodels/login.py

@@ -0,0 +1,32 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+from airflow.api_fastapi.core_api.base import BaseModel
+
+
+class LoginResponse(BaseModel):
+    """API Token serializer for responses."""
+
+    access_token: str
+
+
+class LoginBody(BaseModel):
+    """API Token serializer for requests."""
+
+    username: str
+    password: str

airflow/providers/fab/auth_manager/api_fastapi/openapi/__init__.py

@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.

airflow/providers/fab/auth_manager/api_fastapi/openapi/v1-generated.yaml

@@ -0,0 +1,153 @@
+openapi: 3.1.0
+info:
+  title: FAB auth manager API
+  description: This is FAB auth manager API. This API is only available if the auth
+    manager used in the Airflow environment is FAB auth manager. This API provides
+    endpoints to manage users and permissions managed by the FAB auth manager.
+  version: 0.1.0
+paths:
+  /token:
+    post:
+      tags:
+      - FabAuthManager
+      summary: Create Token
+      description: Generate a new API token.
+      operationId: create_token
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/LoginBody'
+        required: true
+      responses:
+        '201':
+          description: Successful Response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LoginResponse'
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HTTPExceptionResponse'
+        '401':
+          description: Unauthorized
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HTTPExceptionResponse'
+        '422':
+          description: Validation Error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HTTPValidationError'
+  /token/cli:
+    post:
+      tags:
+      - FabAuthManager
+      summary: Create Token Cli
+      description: Generate a new CLI API token.
+      operationId: create_token_cli
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/LoginBody'
+        required: true
+      responses:
+        '201':
+          description: Successful Response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LoginResponse'
+        '400':
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HTTPExceptionResponse'
+        '401':
+          description: Unauthorized
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HTTPExceptionResponse'
+        '422':
+          description: Validation Error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HTTPValidationError'
+components:
+  schemas:
+    HTTPExceptionResponse:
+      properties:
+        detail:
+          anyOf:
+          - type: string
+          - additionalProperties: true
+            type: object
+          title: Detail
+      type: object
+      required:
+      - detail
+      title: HTTPExceptionResponse
+      description: HTTPException Model used for error response.
+    HTTPValidationError:
+      properties:
+        detail:
+          items:
+            $ref: '#/components/schemas/ValidationError'
+          type: array
+          title: Detail
+      type: object
+      title: HTTPValidationError
+    LoginBody:
+      properties:
+        username:
+          type: string
+          title: Username
+        password:
+          type: string
+          title: Password
+      type: object
+      required:
+      - username
+      - password
+      title: LoginBody
+      description: API Token serializer for requests.
+    LoginResponse:
+      properties:
+        access_token:
+          type: string
+          title: Access Token
+      type: object
+      required:
+      - access_token
+      title: LoginResponse
+      description: API Token serializer for responses.
+    ValidationError:
+      properties:
+        loc:
+          items:
+            anyOf:
+            - type: string
+            - type: integer
+          type: array
+          title: Location
+        msg:
+          type: string
+          title: Message
+        type:
+          type: string
+          title: Error Type
+      type: object
+      required:
+      - loc
+      - msg
+      - type
+      title: ValidationError

airflow/providers/fab/auth_manager/api_fastapi/routes/__init__.py

@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.

airflow/providers/fab/auth_manager/api_fastapi/routes/login.py

@@ -0,0 +1,51 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+from starlette import status
+
+from airflow.api_fastapi.common.router import AirflowRouter
+from airflow.api_fastapi.core_api.openapi.exceptions import create_openapi_http_exception_doc
+from airflow.configuration import conf
+from airflow.providers.fab.auth_manager.api_fastapi.datamodels.login import LoginBody, LoginResponse
+from airflow.providers.fab.auth_manager.api_fastapi.services.login import FABAuthManagerLogin
+
+login_router = AirflowRouter(tags=["FabAuthManager"])
+
+
+@login_router.post(
+    "/token",
+    response_model=LoginResponse,
+    status_code=status.HTTP_201_CREATED,
+    responses=create_openapi_http_exception_doc([status.HTTP_400_BAD_REQUEST, status.HTTP_401_UNAUTHORIZED]),
+)
+def create_token(body: LoginBody) -> LoginResponse:
+    """Generate a new API token."""
+    return FABAuthManagerLogin.create_token(body=body)
+
+
+@login_router.post(
+    "/token/cli",
+    response_model=LoginResponse,
+    status_code=status.HTTP_201_CREATED,
+    responses=create_openapi_http_exception_doc([status.HTTP_400_BAD_REQUEST, status.HTTP_401_UNAUTHORIZED]),
+)
+def create_token_cli(body: LoginBody) -> LoginResponse:
+    """Generate a new CLI API token."""
+    return FABAuthManagerLogin.create_token(
+        body=body, expiration_time_in_seconds=conf.getint("api_auth", "jwt_cli_expiration_time")
+    )

airflow/providers/fab/auth_manager/api_fastapi/services/__init__.py

@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.