apache-airflow-providers-fab 1.5.3__py3-none-any.whl → 2.0.0b1__py3-none-any.whl

airflow/providers/fab/auth_manager/views/permissions.py

@@ -23,7 +23,7 @@ from flask_appbuilder.security.views import (
 )
 from flask_babel import lazy_gettext
 
-from airflow.security import permissions
+from airflow.providers.fab.www.security import permissions
 
 
 class ActionModelView(PermissionModelView):

airflow/providers/fab/auth_manager/views/roles_list.py

@@ -18,7 +18,7 @@ from __future__ import annotations
 
 from flask_appbuilder.security.views import RoleModelView
 
-from airflow.security import permissions
+from airflow.providers.fab.www.security import permissions
 
 
 class CustomRoleModelView(RoleModelView):

airflow/providers/fab/auth_manager/views/user.py

@@ -28,7 +28,7 @@ from flask_appbuilder.security.views import (
     UserRemoteUserModelView,
 )
 
-from airflow.security import permissions
+from airflow.providers.fab.www.security import permissions
 
 
 class MultiResourceUserMixin:

airflow/providers/fab/auth_manager/views/user_edit.py

@@ -22,7 +22,7 @@ from flask_appbuilder.security.views import (
     UserInfoEditView,
 )
 
-from airflow.security import permissions
+from airflow.providers.fab.www.security import permissions
 
 
 class CustomUserInfoEditView(UserInfoEditView):

airflow/providers/fab/auth_manager/views/user_stats.py

@@ -18,7 +18,7 @@ from __future__ import annotations
 
 from flask_appbuilder.security.views import UserStatsChartView
 
-from airflow.security import permissions
+from airflow.providers.fab.www.security import permissions
 
 
 class CustomUserStatsChartView(UserStatsChartView):

airflow/providers/fab/get_provider_info.py

@@ -15,8 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-# NOTE! THIS FILE IS AUTOMATICALLY GENERATED AND WILL BE
-# OVERWRITTEN WHEN PREPARING PACKAGES.
+# NOTE! THIS FILE IS AUTOMATICALLY GENERATED AND WILL BE OVERWRITTEN!
 #
 # IF YOU WANT TO MODIFY THIS FILE, YOU SHOULD MODIFY THE TEMPLATE
 # `get_provider_info_TEMPLATE.py.jinja2` IN the `dev/breeze/src/airflow_breeze/templates` DIRECTORY
@@ -27,10 +26,10 @@ def get_provider_info():
         "package-name": "apache-airflow-providers-fab",
         "name": "Fab",
         "description": "`Flask App Builder <https://flask-appbuilder.readthedocs.io/>`__\n",
-        "state": "ready",
-        "source-date-epoch": 1738677661,
+        "state": "not-ready",
+        "source-date-epoch": 1741121873,
         "versions": [
-            "1.5.3",
+            "2.0.0b1",
             "1.5.2",
             "1.5.1",
             "1.5.0",
@@ -48,17 +47,6 @@ def get_provider_info():
             "1.0.1",
             "1.0.0",
         ],
-        "dependencies": [
-            "apache-airflow>=2.9.0",
-            "apache-airflow-providers-common-compat>=1.2.1",
-            "flask>=2.2,<2.3",
-            "flask-appbuilder==4.5.3",
-            "flask-login>=0.6.2",
-            "google-re2>=1.0",
-            "jmespath>=0.7.0",
-        ],
-        "additional-extras": [{"name": "kerberos", "dependencies": ["kerberos>=1.3.0"]}],
-        "devel-dependencies": ["kerberos>=1.3.0"],
         "config": {
             "fab": {
                 "description": "This section contains configs specific to FAB provider.",
@@ -84,8 +72,26 @@ def get_provider_info():
                         "example": None,
                         "default": "True",
                     },
+                    "auth_backends": {
+                        "description": "Comma separated list of auth backends to authenticate users of the API.\n",
+                        "version_added": "2.3.0",
+                        "type": "string",
+                        "example": None,
+                        "default": "airflow.providers.fab.auth_manager.api.auth.backend.session",
+                    },
                 },
             }
         },
         "auth-managers": ["airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager"],
+        "dependencies": [
+            "apache-airflow>=3.0.0.dev0",
+            "apache-airflow-providers-common-compat>=1.2.1",
+            "flask>=2.2,<2.3",
+            "flask-appbuilder==4.5.3",
+            "flask-login>=0.6.2",
+            "connexion[flask]>=2.14.2,<3.0",
+            "jmespath>=0.7.0",
+        ],
+        "optional-dependencies": {"kerberos": ["kerberos>=1.3.0"]},
+        "devel-dependencies": ["kerberos>=1.3.0"],
     }

airflow/providers/fab/www/airflow_flask_app.py

@@ -0,0 +1,31 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+from typing import TYPE_CHECKING, Any
+
+from flask import Flask
+
+if TYPE_CHECKING:
+    from airflow.models.dagbag import DagBag
+
+
+class AirflowApp(Flask):
+    """Airflow Flask Application."""
+
+    dag_bag: DagBag
+    api_auth: list[Any]

airflow/providers/fab/www/api_connexion/__init__.py

@@ -0,0 +1,17 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.

airflow/providers/fab/www/api_connexion/exceptions.py

@@ -0,0 +1,197 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+from http import HTTPStatus
+from typing import TYPE_CHECKING, Any
+
+import werkzeug
+from connexion import FlaskApi, ProblemException, problem
+
+from airflow.utils.docs import get_docs_url
+
+if TYPE_CHECKING:
+    import flask
+
+doc_link = get_docs_url("stable-rest-api-ref.html")
+
+EXCEPTIONS_LINK_MAP = {
+    400: f"{doc_link}#section/Errors/BadRequest",
+    404: f"{doc_link}#section/Errors/NotFound",
+    405: f"{doc_link}#section/Errors/MethodNotAllowed",
+    401: f"{doc_link}#section/Errors/Unauthenticated",
+    409: f"{doc_link}#section/Errors/AlreadyExists",
+    403: f"{doc_link}#section/Errors/PermissionDenied",
+    500: f"{doc_link}#section/Errors/Unknown",
+}
+
+
+def common_error_handler(exception: BaseException) -> flask.Response:
+    """Use to capture connexion exceptions and add link to the type field."""
+    if isinstance(exception, ProblemException):
+        link = EXCEPTIONS_LINK_MAP.get(exception.status)
+        if link:
+            response = problem(
+                status=exception.status,
+                title=exception.title,
+                detail=exception.detail,
+                type=link,
+                instance=exception.instance,
+                headers=exception.headers,
+                ext=exception.ext,
+            )
+        else:
+            response = problem(
+                status=exception.status,
+                title=exception.title,
+                detail=exception.detail,
+                type=exception.type,
+                instance=exception.instance,
+                headers=exception.headers,
+                ext=exception.ext,
+            )
+    else:
+        if not isinstance(exception, werkzeug.exceptions.HTTPException):
+            exception = werkzeug.exceptions.InternalServerError()
+
+        response = problem(title=exception.name, detail=exception.description, status=exception.code)
+
+    return FlaskApi.get_response(response)
+
+
+class NotFound(ProblemException):
+    """Raise when the object cannot be found."""
+
+    def __init__(
+        self,
+        title: str = "Not Found",
+        detail: str | None = None,
+        headers: dict | None = None,
+        **kwargs: Any,
+    ) -> None:
+        super().__init__(
+            status=HTTPStatus.NOT_FOUND,
+            type=EXCEPTIONS_LINK_MAP[404],
+            title=title,
+            detail=detail,
+            headers=headers,
+            **kwargs,
+        )
+
+
+class BadRequest(ProblemException):
+    """Raise when the server processes a bad request."""
+
+    def __init__(
+        self,
+        title: str = "Bad Request",
+        detail: str | None = None,
+        headers: dict | None = None,
+        **kwargs: Any,
+    ) -> None:
+        super().__init__(
+            status=HTTPStatus.BAD_REQUEST,
+            type=EXCEPTIONS_LINK_MAP[400],
+            title=title,
+            detail=detail,
+            headers=headers,
+            **kwargs,
+        )
+
+
+class Unauthenticated(ProblemException):
+    """Raise when the user is not authenticated."""
+
+    def __init__(
+        self,
+        title: str = "Unauthorized",
+        detail: str | None = None,
+        headers: dict | None = None,
+        **kwargs: Any,
+    ):
+        super().__init__(
+            status=HTTPStatus.UNAUTHORIZED,
+            type=EXCEPTIONS_LINK_MAP[401],
+            title=title,
+            detail=detail,
+            headers=headers,
+            **kwargs,
+        )
+
+
+class PermissionDenied(ProblemException):
+    """Raise when the user does not have the required permissions."""
+
+    def __init__(
+        self,
+        title: str = "Forbidden",
+        detail: str | None = None,
+        headers: dict | None = None,
+        **kwargs: Any,
+    ) -> None:
+        super().__init__(
+            status=HTTPStatus.FORBIDDEN,
+            type=EXCEPTIONS_LINK_MAP[403],
+            title=title,
+            detail=detail,
+            headers=headers,
+            **kwargs,
+        )
+
+
+class Conflict(ProblemException):
+    """Raise when there is some conflict."""
+
+    def __init__(
+        self,
+        title="Conflict",
+        detail: str | None = None,
+        headers: dict | None = None,
+        **kwargs: Any,
+    ):
+        super().__init__(
+            status=HTTPStatus.CONFLICT,
+            type=EXCEPTIONS_LINK_MAP[409],
+            title=title,
+            detail=detail,
+            headers=headers,
+            **kwargs,
+        )
+
+
+class AlreadyExists(Conflict):
+    """Raise when the object already exists."""
+
+
+class Unknown(ProblemException):
+    """Returns a response body and status code for HTTP 500 exception."""
+
+    def __init__(
+        self,
+        title: str = "Internal Server Error",
+        detail: str | None = None,
+        headers: dict | None = None,
+        **kwargs: Any,
+    ) -> None:
+        super().__init__(
+            status=HTTPStatus.INTERNAL_SERVER_ERROR,
+            type=EXCEPTIONS_LINK_MAP[500],
+            title=title,
+            detail=detail,
+            headers=headers,
+            **kwargs,
+        )

airflow/providers/fab/www/api_connexion/parameters.py

@@ -0,0 +1,131 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+import logging
+from collections.abc import Container
+from functools import wraps
+from typing import TYPE_CHECKING, Any, Callable, TypeVar, cast
+
+from pendulum.parsing import ParserError
+from sqlalchemy import text
+
+from airflow.configuration import conf
+from airflow.providers.fab.www.api_connexion.exceptions import BadRequest
+from airflow.utils import timezone
+
+if TYPE_CHECKING:
+    from datetime import datetime
+
+    from sqlalchemy.sql import Select
+
+log = logging.getLogger(__name__)
+
+
+def validate_istimezone(value: datetime) -> None:
+    """Validate that a datetime is not naive."""
+    if not value.tzinfo:
+        raise BadRequest("Invalid datetime format", detail="Naive datetime is disallowed")
+
+
+def format_datetime(value: str) -> datetime:
+    """
+    Format datetime objects.
+
+    Datetime format parser for args since connexion doesn't parse datetimes
+    https://github.com/zalando/connexion/issues/476
+
+    This should only be used within connection views because it raises 400
+    """
+    value = value.strip()
+    if value[-1] != "Z":
+        value = value.replace(" ", "+")
+    try:
+        return timezone.parse(value)
+    except (ParserError, TypeError) as err:
+        raise BadRequest("Incorrect datetime argument", detail=str(err))
+
+
+def check_limit(value: int) -> int:
+    """
+    Check the limit does not exceed configured value.
+
+    This checks the limit passed to view and raises BadRequest if
+    limit exceed user configured value
+    """
+    max_val = conf.getint("api", "maximum_page_limit")  # user configured max page limit
+    fallback = conf.getint("api", "fallback_page_limit")
+
+    if value > max_val:
+        log.warning(
+            "The limit param value %s passed in API exceeds the configured maximum page limit %s",
+            value,
+            max_val,
+        )
+        return max_val
+    if value == 0:
+        return fallback
+    if value < 0:
+        raise BadRequest("Page limit must be a positive integer")
+    return value
+
+
+T = TypeVar("T", bound=Callable)
+
+
+def format_parameters(params_formatters: dict[str, Callable[[Any], Any]]) -> Callable[[T], T]:
+    """
+    Create a decorator to convert parameters using given formatters.
+
+    Using it allows you to separate parameter formatting from endpoint logic.
+
+    :param params_formatters: Map of key name and formatter function
+    """
+
+    def format_parameters_decorator(func: T) -> T:
+        @wraps(func)
+        def wrapped_function(*args, **kwargs):
+            for key, formatter in params_formatters.items():
+                if key in kwargs:
+                    kwargs[key] = formatter(kwargs[key])
+            return func(*args, **kwargs)
+
+        return cast(T, wrapped_function)
+
+    return format_parameters_decorator
+
+
+def apply_sorting(
+    query: Select,
+    order_by: str,
+    to_replace: dict[str, str] | None = None,
+    allowed_attrs: Container[str] | None = None,
+) -> Select:
+    """Apply sorting to query."""
+    lstriped_orderby = order_by.lstrip("-")
+    if allowed_attrs and lstriped_orderby not in allowed_attrs:
+        raise BadRequest(
+            detail=f"Ordering with '{lstriped_orderby}' is disallowed or "
+            f"the attribute does not exist on the model"
+        )
+    if to_replace:
+        lstriped_orderby = to_replace.get(lstriped_orderby, lstriped_orderby)
+    if order_by[0] == "-":
+        order_by = f"{lstriped_orderby} desc"
+    else:
+        order_by = f"{lstriped_orderby} asc"
+    return query.order_by(text(order_by))

airflow/providers/fab/www/api_connexion/security.py

@@ -0,0 +1,84 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+from functools import wraps
+from typing import TYPE_CHECKING, Callable, TypeVar, cast
+
+from flask import Response, current_app
+
+from airflow.api_fastapi.app import get_auth_manager
+from airflow.providers.fab.www.airflow_flask_app import AirflowApp
+from airflow.providers.fab.www.api_connexion.exceptions import PermissionDenied, Unauthenticated
+
+if TYPE_CHECKING:
+    from airflow.api_fastapi.auth.managers.base_auth_manager import ResourceMethod
+
+T = TypeVar("T", bound=Callable)
+
+
+def check_authentication() -> None:
+    """Check that the request has valid authorization information."""
+    for auth in cast(AirflowApp, current_app).api_auth:
+        response = auth.requires_authentication(Response)()
+        if response.status_code == 200:
+            return
+
+    # since this handler only checks authentication, not authorization,
+    # we should always return 401
+    raise Unauthenticated(headers=response.headers)
+
+
+def _requires_access(*, is_authorized_callback: Callable[[], bool], func: Callable, args, kwargs) -> bool:
+    """
+    Define the behavior whether the user is authorized to access the resource.
+
+    :param is_authorized_callback: callback to execute to figure whether the user is authorized to access
+        the resource
+    :param func: the function to call if the user is authorized
+    :param args: the arguments of ``func``
+    :param kwargs: the keyword arguments ``func``
+
+    :meta private:
+    """
+    check_authentication()
+    if is_authorized_callback():
+        return func(*args, **kwargs)
+    raise PermissionDenied()
+
+
+def requires_access_custom_view(
+    method: ResourceMethod,
+    resource_name: str,
+) -> Callable[[T], T]:
+    def requires_access_decorator(func: T):
+        @wraps(func)
+        def decorated(*args, **kwargs):
+            return _requires_access(
+                is_authorized_callback=lambda: get_auth_manager().is_authorized_custom_view(
+                    method=method,
+                    resource_name=resource_name,
+                    user=get_auth_manager().get_user(),
+                ),
+                func=func,
+                args=args,
+                kwargs=kwargs,
+            )
+
+        return cast(T, decorated)
+
+    return requires_access_decorator

airflow/providers/fab/www/api_connexion/types.py

@@ -0,0 +1,30 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+from collections.abc import Mapping, Sequence
+from typing import Any, Optional, Union
+
+from flask import Response
+
+APIResponse = Union[
+    Response,
+    tuple[object, int],  # For '(NoContent, 201)'.
+    Mapping[str, Any],  # JSON.
+]
+
+UpdateMask = Optional[Sequence[str]]