apache-airflow-providers-fab 1.5.3rc1__py3-none-any.whl → 2.0.0rc1__py3-none-any.whl

airflow/providers/fab/__init__.py

@@ -29,11 +29,11 @@ from airflow import __version__ as airflow_version
 
 __all__ = ["__version__"]
 
-__version__ = "1.5.3"
+__version__ = "2.0.0"
 
 if packaging.version.parse(packaging.version.parse(airflow_version).base_version) < packaging.version.parse(
-    "2.9.0"
+    "3.0.0.dev0"
 ):
     raise RuntimeError(
-        f"The package `apache-airflow-providers-fab:{__version__}` needs Apache Airflow 2.9.0+"
+        f"The package `apache-airflow-providers-fab:{__version__}` needs Apache Airflow 3.0.0.dev0+"
     )

airflow/providers/fab/auth_manager/api/auth/backend/basic_auth.py

@@ -25,8 +25,8 @@ from flask import Response, current_app, request
 from flask_appbuilder.const import AUTH_LDAP
 from flask_login import login_user
 
+from airflow.api_fastapi.app import get_auth_manager
 from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride
-from airflow.www.extensions.init_auth_manager import get_auth_manager
 
 if TYPE_CHECKING:
     from airflow.providers.fab.auth_manager.models import User

airflow/providers/fab/auth_manager/api/auth/backend/kerberos_auth.py

@@ -26,10 +26,10 @@ import kerberos
 from flask import Response, current_app, g, make_response, request
 from requests_kerberos import HTTPKerberosAuth
 
+from airflow.api_fastapi.app import get_auth_manager
 from airflow.configuration import conf
 from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride
 from airflow.utils.net import getfqdn
-from airflow.www.extensions.init_auth_manager import get_auth_manager
 
 if TYPE_CHECKING:
     from airflow.auth.managers.models.base_user import BaseUser

airflow/providers/fab/auth_manager/api/auth/backend/session.py

@@ -23,7 +23,7 @@ from typing import Any, Callable, TypeVar, cast
 
 from flask import Response
 
-from airflow.www.extensions.init_auth_manager import get_auth_manager
+from airflow.api_fastapi.app import get_auth_manager
 
 CLIENT_AUTH: tuple[str, str] | Any | None = None
 

airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py

@@ -27,6 +27,7 @@ from sqlalchemy import asc, desc, func, select
 from airflow.api_connexion.exceptions import AlreadyExists, BadRequest, NotFound
 from airflow.api_connexion.parameters import check_limit, format_parameters
 from airflow.api_connexion.security import requires_access_custom_view
+from airflow.api_fastapi.app import get_auth_manager
 from airflow.providers.fab.auth_manager.models import Action, Role
 from airflow.providers.fab.auth_manager.schemas.role_and_permission_schema import (
     ActionCollection,
@@ -37,7 +38,6 @@ from airflow.providers.fab.auth_manager.schemas.role_and_permission_schema impor
 )
 from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride
 from airflow.security import permissions
-from airflow.www.extensions.init_auth_manager import get_auth_manager
 
 if TYPE_CHECKING:
     from airflow.api_connexion.types import APIResponse, UpdateMask

airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py

@@ -28,6 +28,7 @@ from werkzeug.security import generate_password_hash
 from airflow.api_connexion.exceptions import AlreadyExists, BadRequest, NotFound, Unknown
 from airflow.api_connexion.parameters import check_limit, format_parameters
 from airflow.api_connexion.security import requires_access_custom_view
+from airflow.api_fastapi.app import get_auth_manager
 from airflow.providers.fab.auth_manager.models import User
 from airflow.providers.fab.auth_manager.schemas.user_schema import (
     UserCollection,
@@ -37,7 +38,6 @@ from airflow.providers.fab.auth_manager.schemas.user_schema import (
 )
 from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride
 from airflow.security import permissions
-from airflow.www.extensions.init_auth_manager import get_auth_manager
 
 if TYPE_CHECKING:
     from airflow.api_connexion.types import APIResponse, UpdateMask

airflow/providers/fab/auth_manager/cli_commands/db_command.py

@@ -17,7 +17,7 @@
 from __future__ import annotations
 
 from airflow import settings
-from airflow.cli.commands.db_command import run_db_downgrade_command, run_db_migrate_command
+from airflow.cli.commands.local_commands.db_command import run_db_downgrade_command, run_db_migrate_command
 from airflow.providers.fab.auth_manager.models.db import _REVISION_HEADS_MAP, FABDBManager
 from airflow.utils import cli as cli_utils
 from airflow.utils.providers_configuration_loader import providers_configuration_loaded

airflow/providers/fab/auth_manager/cli_commands/utils.py

@@ -18,31 +18,27 @@
 from __future__ import annotations
 
 import os
+from collections.abc import Generator
 from contextlib import contextmanager
-from functools import lru_cache
-from os.path import isabs
-from typing import TYPE_CHECKING, Generator
+from functools import cache
+from typing import TYPE_CHECKING
 
 from flask import Flask
 
 import airflow
 from airflow.configuration import conf
-from airflow.exceptions import AirflowConfigException
-from airflow.www.app import make_url
 from airflow.www.extensions.init_appbuilder import init_appbuilder
-from airflow.www.extensions.init_session import init_airflow_session_interface
 from airflow.www.extensions.init_views import init_plugins
 
 if TYPE_CHECKING:
     from airflow.www.extensions.init_appbuilder import AirflowAppBuilder
 
 
-@lru_cache(maxsize=None)
+@cache
 def _return_appbuilder(app: Flask) -> AirflowAppBuilder:
     """Return an appbuilder instance for the given app."""
     init_appbuilder(app)
     init_plugins(app)
-    init_airflow_session_interface(app)
     return app.appbuilder  # type: ignore[attr-defined]
 
 
@@ -54,12 +50,4 @@ def get_application_builder() -> Generator[AirflowAppBuilder, None, None]:
     with flask_app.app_context():
         # Enable customizations in webserver_config.py to be applied via Flask.current_app.
         flask_app.config.from_pyfile(webserver_config, silent=True)
-        flask_app.config["SQLALCHEMY_DATABASE_URI"] = conf.get("database", "SQL_ALCHEMY_CONN")
-        url = make_url(flask_app.config["SQLALCHEMY_DATABASE_URI"])
-        if url.drivername == "sqlite" and url.database and not isabs(url.database):
-            raise AirflowConfigException(
-                f'Cannot use relative path: `{conf.get("database", "SQL_ALCHEMY_CONN")}` to connect to sqlite. '
-                "Please use absolute path such as `sqlite:////tmp/airflow.db`."
-            )
-        flask_app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
         yield _return_appbuilder(flask_app)

airflow/providers/fab/auth_manager/decorators/auth.py

@@ -18,19 +18,20 @@
 from __future__ import annotations
 
 import logging
+from collections.abc import Sequence
 from functools import wraps
-from typing import Callable, Sequence, TypeVar, cast
+from typing import Callable, TypeVar, cast
 
 from flask import current_app, render_template, request
 
 from airflow.api_connexion.exceptions import PermissionDenied
 from airflow.api_connexion.security import check_authentication
+from airflow.api_fastapi.app import get_auth_manager
 from airflow.configuration import conf
 from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride
 from airflow.utils.airflow_flask_app import AirflowApp
 from airflow.utils.net import get_hostname
 from airflow.www.auth import _has_access
-from airflow.www.extensions.init_auth_manager import get_auth_manager
 
 T = TypeVar("T", bound=Callable)
 

airflow/providers/fab/auth_manager/fab_auth_manager.py

@@ -18,10 +18,10 @@
 from __future__ import annotations
 
 import argparse
-import warnings
+from collections.abc import Container
 from functools import cached_property
 from pathlib import Path
-from typing import TYPE_CHECKING, Container
+from typing import TYPE_CHECKING, Any
 
 import packaging.version
 from connexion import FlaskApi
@@ -47,7 +47,7 @@ from airflow.cli.cli_config import (
     GroupCommand,
 )
 from airflow.configuration import conf
-from airflow.exceptions import AirflowConfigException, AirflowException, AirflowProviderDeprecationWarning
+from airflow.exceptions import AirflowConfigException, AirflowException
 from airflow.models import DagModel
 from airflow.providers.fab.auth_manager.cli_commands.definition import (
     DB_COMMANDS,
@@ -82,7 +82,7 @@ from airflow.security.permissions import (
     RESOURCE_WEBSITE,
     RESOURCE_XCOM,
 )
-from airflow.utils.session import NEW_SESSION, provide_session
+from airflow.utils.session import NEW_SESSION, create_session, provide_session
 from airflow.utils.yaml import safe_load
 from airflow.version import version
 from airflow.www.constants import SWAGGER_BUNDLE, SWAGGER_ENABLED
@@ -131,13 +131,18 @@ _MAP_ACCESS_VIEW_TO_FAB_RESOURCE_TYPE = {
 }
 
 
-class FabAuthManager(BaseAuthManager):
+class FabAuthManager(BaseAuthManager[User]):
     """
     Flask-AppBuilder auth manager.
 
     This auth manager is responsible for providing a backward compatible user management experience to users.
     """
 
+    def init(self) -> None:
+        """Run operations when Airflow is initializing."""
+        if self.appbuilder:
+            self._sync_appbuilder_roles()
+
     @staticmethod
     def get_cli_commands() -> list[CLICommand]:
         """Vends CLI commands to be included in Airflow CLI."""
@@ -199,9 +204,12 @@ class FabAuthManager(BaseAuthManager):
 
         return current_user
 
-    def init(self) -> None:
-        """Run operations when Airflow is initializing."""
-        self._sync_appbuilder_roles()
+    def deserialize_user(self, token: dict[str, Any]) -> User:
+        with create_session() as session:
+            return session.get(User, token["id"])
+
+    def serialize_user(self, user: User) -> dict[str, Any]:
+        return {"id": user.id}
 
     def is_logged_in(self) -> bool:
         """Return whether the user is logged in."""
@@ -209,8 +217,10 @@ class FabAuthManager(BaseAuthManager):
         if Version(Version(version).base_version) < Version("3.0.0"):
             return not user.is_anonymous and user.is_active
         else:
-            return self.appbuilder.get_app.config.get("AUTH_ROLE_PUBLIC", None) or (
-                not user.is_anonymous and user.is_active
+            return (
+                self.appbuilder
+                and self.appbuilder.get_app.config.get("AUTH_ROLE_PUBLIC", None)
+                or (not user.is_anonymous and user.is_active)
             )
 
     def is_authorized_configuration(
@@ -283,16 +293,6 @@ class FabAuthManager(BaseAuthManager):
     ) -> bool:
         return self._is_authorized(method=method, resource_type=RESOURCE_ASSET, user=user)
 
-    def is_authorized_dataset(
-        self, *, method: ResourceMethod, details: AssetDetails | None = None, user: BaseUser | None = None
-    ) -> bool:
-        warnings.warn(
-            "is_authorized_dataset will be renamed as is_authorized_asset in Airflow 3 and will be removed when the minimum Airflow version is set to 3.0 for the fab provider",
-            AirflowProviderDeprecationWarning,
-            stacklevel=2,
-        )
-        return self.is_authorized_asset(method=method, user=user)
-
     def is_authorized_pool(
         self, *, method: ResourceMethod, details: PoolDetails | None = None, user: BaseUser | None = None
     ) -> bool:
@@ -376,6 +376,9 @@ class FabAuthManager(BaseAuthManager):
             FabAirflowSecurityManagerOverride,
         )
 
+        if not self.appbuilder:
+            raise AirflowException("AppBuilder is not initialized.")
+
         sm_from_config = self.appbuilder.get_app.config.get("SECURITY_MANAGER_CLASS")
         if sm_from_config:
             if not issubclass(sm_from_config, FabAirflowSecurityManagerOverride):
@@ -547,6 +550,9 @@ class FabAuthManager(BaseAuthManager):
 
         :meta private:
         """
+        if not self.appbuilder:
+            raise AirflowException("AppBuilder is not initialized.")
+
         if "." in dag_id and hasattr(DagModel, "root_dag_id"):
             return self.appbuilder.get_session.scalar(
                 select(DagModel.dag_id, DagModel.root_dag_id).where(DagModel.dag_id == dag_id).limit(1)

airflow/providers/fab/auth_manager/security_manager/override.py

@@ -24,13 +24,12 @@ import logging
 import os
 import random
 import uuid
-import warnings
-from typing import TYPE_CHECKING, Any, Callable, Collection, Container, Iterable, Mapping, Sequence
+from collections.abc import Collection, Iterable, Mapping, Sequence
+from typing import TYPE_CHECKING, Any, Callable
 
 import jwt
 import packaging.version
 import re2
-from deprecated import deprecated
 from flask import flash, g, has_request_context, session
 from flask_appbuilder import const
 from flask_appbuilder.const import (
@@ -70,13 +69,13 @@ from itsdangerous import want_bytes
 from markupsafe import Markup
 from sqlalchemy import and_, func, inspect, literal, or_, select
 from sqlalchemy.exc import MultipleResultsFound
-from sqlalchemy.orm import Session, joinedload
+from sqlalchemy.orm import joinedload
 from werkzeug.security import check_password_hash, generate_password_hash
 
 from airflow import __version__ as airflow_version
-from airflow.auth.managers.utils.fab import get_method_from_fab_action_map
+from airflow.api_fastapi.app import get_auth_manager
 from airflow.configuration import conf
-from airflow.exceptions import AirflowException, AirflowProviderDeprecationWarning, RemovedInAirflow3Warning
+from airflow.exceptions import AirflowException
 from airflow.models import DagBag, DagModel
 from airflow.providers.fab.auth_manager.models import (
     Action,
@@ -109,13 +108,10 @@ from airflow.providers.fab.auth_manager.views.user_edit import (
 )
 from airflow.providers.fab.auth_manager.views.user_stats import CustomUserStatsChartView
 from airflow.security import permissions
-from airflow.utils.session import NEW_SESSION, provide_session
-from airflow.www.extensions.init_auth_manager import get_auth_manager
 from airflow.www.security_manager import AirflowSecurityManagerV2
 from airflow.www.session import AirflowDatabaseSessionInterface
 
 if TYPE_CHECKING:
-    from airflow.auth.managers.base_auth_manager import ResourceMethod
     from airflow.security.permissions import RESOURCE_ASSET
 else:
     from airflow.providers.common.compat.security.permissions import RESOURCE_ASSET
@@ -576,7 +572,6 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
                     session_details = interface.serializer.loads(want_bytes(s.data))
                     if session_details.get("_user_id") == user.id:
                         session.delete(s)
-                session.commit()
         else:
             self._cli_safe_flash(
                 "Since you are using `securecookie` session backend mechanism, we cannot prevent "
@@ -774,14 +769,6 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         """Get the admin role."""
         return self.appbuilder.get_app.config["AUTH_ROLE_ADMIN"]
 
-    @property
-    @deprecated(
-        reason="The 'oauth_whitelists' property is deprecated. Please use 'oauth_allow_list' instead.",
-        category=AirflowProviderDeprecationWarning,
-    )
-    def oauth_whitelists(self):
-        return self.oauth_allow_list
-
     def create_builtin_roles(self):
         """Return FAB builtin roles."""
         return self.appbuilder.get_app.config.get("FAB_ROLES", {})
@@ -847,24 +834,6 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         app.config.setdefault("AUTH_ROLES_SYNC_AT_LOGIN", False)
         app.config.setdefault("AUTH_API_LOGIN_ALLOW_MULTIPLE_PROVIDERS", False)
 
-        from packaging.version import Version
-        from werkzeug import __version__ as werkzeug_version
-
-        parsed_werkzeug_version = Version(werkzeug_version)
-        if parsed_werkzeug_version < Version("3.0.0"):
-            app.config.setdefault(
-                "AUTH_DB_FAKE_PASSWORD_HASH_CHECK",
-                "pbkdf2:sha256:150000$Z3t6fmj2$22da622d94a1f8118"
-                "c0976a03d2f18f680bfff877c9a965db9eedc51bc0be87c",
-            )
-        else:
-            app.config.setdefault(
-                "AUTH_DB_FAKE_PASSWORD_HASH_CHECK",
-                "scrypt:32768:8:1$wiDa0ruWlIPhp9LM$6e409d093e62ad54df2af895d0e125b05ff6cf6414"
-                "8350189ffc4bcc71286edf1b8ad94a442c00f890224bf2b32153d0750c89ee9"
-                "401e62f9dcee5399065e4e5",
-            )
-
         # LDAP Config
         if self.auth_type == AUTH_LDAP:
             if "AUTH_LDAP_SERVER" not in app.config:
@@ -904,15 +873,6 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         :meta private:
         """
         app = self.appbuilder.get_app
-        if self.auth_type == AUTH_OID:
-            from flask_openid import OpenID
-
-            log.warning(
-                "AUTH_OID is deprecated and will be removed in version 5. "
-                "Migrate to other authentication methods."
-            )
-            self.oid = OpenID(app)
-
         if self.auth_type == AUTH_OAUTH:
             from authlib.integrations.flask_client import OAuth
 
@@ -985,70 +945,6 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
             log.exception(const.LOGMSG_ERR_SEC_CREATE_DB)
             exit(1)
 
-    def get_readable_dags(self, user) -> Iterable[DagModel]:
-        """Get the DAGs readable by authenticated user."""
-        warnings.warn(
-            "`get_readable_dags` has been deprecated. Please use `get_auth_manager().get_permitted_dag_ids` "
-            "instead.",
-            RemovedInAirflow3Warning,
-            stacklevel=2,
-        )
-        with warnings.catch_warnings():
-            warnings.simplefilter("ignore", RemovedInAirflow3Warning)
-            return self.get_accessible_dags([permissions.ACTION_CAN_READ], user)
-
-    def get_editable_dags(self, user) -> Iterable[DagModel]:
-        """Get the DAGs editable by authenticated user."""
-        warnings.warn(
-            "`get_editable_dags` has been deprecated. Please use `get_auth_manager().get_permitted_dag_ids` "
-            "instead.",
-            RemovedInAirflow3Warning,
-            stacklevel=2,
-        )
-        with warnings.catch_warnings():
-            warnings.simplefilter("ignore", RemovedInAirflow3Warning)
-            return self.get_accessible_dags([permissions.ACTION_CAN_EDIT], user)
-
-    @provide_session
-    def get_accessible_dags(
-        self,
-        user_actions: Container[str] | None,
-        user,
-        session: Session = NEW_SESSION,
-    ) -> Iterable[DagModel]:
-        warnings.warn(
-            "`get_accessible_dags` has been deprecated. Please use "
-            "`get_auth_manager().get_permitted_dag_ids` instead.",
-            RemovedInAirflow3Warning,
-            stacklevel=3,
-        )
-
-        dag_ids = self.get_accessible_dag_ids(user, user_actions, session)
-        return session.scalars(select(DagModel).where(DagModel.dag_id.in_(dag_ids)))
-
-    @provide_session
-    def get_accessible_dag_ids(
-        self,
-        user,
-        user_actions: Container[str] | None = None,
-        session: Session = NEW_SESSION,
-    ) -> set[str]:
-        warnings.warn(
-            "`get_accessible_dag_ids` has been deprecated. Please use "
-            "`get_auth_manager().get_permitted_dag_ids` instead.",
-            RemovedInAirflow3Warning,
-            stacklevel=3,
-        )
-        if not user_actions:
-            user_actions = [permissions.ACTION_CAN_EDIT, permissions.ACTION_CAN_READ]
-        method_from_fab_action_map = get_method_from_fab_action_map()
-        user_methods: Container[ResourceMethod] = [
-            method_from_fab_action_map[action]
-            for action in method_from_fab_action_map
-            if action in user_actions
-        ]
-        return get_auth_manager().get_permitted_dag_ids(user=user, methods=user_methods, session=session)
-
     @staticmethod
     def get_readable_dag_ids(user=None) -> set[str]:
         """Get the DAG IDs readable by authenticated user."""
@@ -1107,17 +1003,6 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
             if dag.access_control is not None:
                 self.sync_perm_for_dag(root_dag_id, dag.access_control)
 
-    def prefixed_dag_id(self, dag_id: str) -> str:
-        """Return the permission name for a DAG id."""
-        warnings.warn(
-            "`prefixed_dag_id` has been deprecated. "
-            "Please use `airflow.security.permissions.resource_name` instead.",
-            RemovedInAirflow3Warning,
-            stacklevel=2,
-        )
-        root_dag_id = self._get_root_dag_id(dag_id)
-        return self._resource_name(root_dag_id, permissions.RESOURCE_DAG)
-
     def is_dag_resource(self, resource_name: str) -> bool:
         """Determine if a resource belongs to a DAG or all DAGs."""
         if resource_name == permissions.RESOURCE_DAG:
@@ -1451,20 +1336,6 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
     def perms_include_action(self, perms, action_name):
         return any(perm.action and perm.action.name == action_name for perm in perms)
 
-    def init_role(self, role_name, perms) -> None:
-        """
-        Initialize the role with actions and related resources.
-
-        :param role_name:
-        :param perms:
-        """
-        warnings.warn(
-            "`init_role` has been deprecated. Please use `bulk_sync_roles` instead.",
-            RemovedInAirflow3Warning,
-            stacklevel=2,
-        )
-        self.bulk_sync_roles([{"role": role_name, "perms": perms}])
-
     def bulk_sync_roles(self, roles: Iterable[dict[str, Any]]) -> None:
         """Sync the provided roles and permissions."""
         existing_roles = self._get_all_roles_with_permissions()
@@ -2226,7 +2097,8 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         if user is None or (not user.is_active):
             # Balance failure and success
             check_password_hash(
-                self.appbuilder.get_app.config["AUTH_DB_FAKE_PASSWORD_HASH_CHECK"],
+                "pbkdf2:sha256:150000$Z3t6fmj2$22da622d94a1f8118"
+                "c0976a03d2f18f680bfff877c9a965db9eedc51bc0be87c",
                 "password",
             )
             log.info(LOGMSG_WAR_SEC_LOGIN_FAILED, username)

airflow/providers/fab/get_provider_info.py

@@ -28,10 +28,9 @@ def get_provider_info():
         "name": "Fab",
         "description": "`Flask App Builder <https://flask-appbuilder.readthedocs.io/>`__\n",
         "state": "ready",
-        "source-date-epoch": 1738677661,
+        "source-date-epoch": 1731570160,
         "versions": [
-            "1.5.3",
-            "1.5.2",
+            "2.0.0",
             "1.5.1",
             "1.5.0",
             "1.4.1",
@@ -49,10 +48,10 @@ def get_provider_info():
             "1.0.0",
         ],
         "dependencies": [
-            "apache-airflow>=2.9.0",
+            "apache-airflow>=3.0.0.dev0",
             "apache-airflow-providers-common-compat>=1.2.1",
             "flask>=2.2,<2.3",
-            "flask-appbuilder==4.5.3",
+            "flask-appbuilder==4.5.2",
             "flask-login>=0.6.2",
             "google-re2>=1.0",
             "jmespath>=0.7.0",

airflow/providers/fab/www/__init__.py

@@ -0,0 +1,17 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.

airflow/providers/fab/www/app.py

@@ -0,0 +1,87 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+from os.path import isabs
+
+from flask import Flask
+from flask_appbuilder import SQLA
+from flask_wtf.csrf import CSRFProtect
+from sqlalchemy.engine.url import make_url
+
+from airflow import settings
+from airflow.configuration import conf
+from airflow.exceptions import AirflowConfigException
+from airflow.logging_config import configure_logging
+from airflow.providers.fab.www.extensions.init_appbuilder import init_appbuilder
+from airflow.providers.fab.www.extensions.init_jinja_globals import init_jinja_globals
+from airflow.providers.fab.www.extensions.init_manifest_files import configure_manifest_files
+from airflow.providers.fab.www.extensions.init_security import init_xframe_protection
+from airflow.providers.fab.www.extensions.init_views import init_error_handlers, init_plugins
+
+app: Flask | None = None
+
+# Initializes at the module level, so plugins can access it.
+# See: /docs/plugins.rst
+csrf = CSRFProtect()
+
+
+def create_app(config=None, testing=False):
+    """Create a new instance of Airflow WWW app."""
+    flask_app = Flask(__name__)
+    flask_app.secret_key = conf.get("webserver", "SECRET_KEY")
+    flask_app.config["SQLALCHEMY_DATABASE_URI"] = conf.get("database", "SQL_ALCHEMY_CONN")
+
+    url = make_url(flask_app.config["SQLALCHEMY_DATABASE_URI"])
+    if url.drivername == "sqlite" and url.database and not isabs(url.database):
+        raise AirflowConfigException(
+            f'Cannot use relative path: `{conf.get("database", "SQL_ALCHEMY_CONN")}` to connect to sqlite. '
+            "Please use absolute path such as `sqlite:////tmp/airflow.db`."
+        )
+
+    if "SQLALCHEMY_ENGINE_OPTIONS" not in flask_app.config:
+        flask_app.config["SQLALCHEMY_ENGINE_OPTIONS"] = settings.prepare_engine_args()
+
+    db = SQLA()
+    db.session = settings.Session
+    db.init_app(flask_app)
+
+    configure_logging()
+    configure_manifest_files(flask_app)
+
+    with flask_app.app_context():
+        init_appbuilder(flask_app)
+        init_plugins(flask_app)
+        init_error_handlers(flask_app)
+        init_jinja_globals(flask_app)
+        init_xframe_protection(flask_app)
+    return flask_app
+
+
+def cached_app(config=None, testing=False):
+    """Return cached instance of Airflow WWW app."""
+    global app
+    if not app:
+        app = create_app(config=config, testing=testing)
+    return app
+
+
+def purge_cached_app():
+    """Remove the cached version of the app in global state."""
+    global app
+    app = None

airflow/providers/fab/www/extensions/__init__.py

@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.