apache-airflow-providers-fab 2.0.0b1__py3-none-any.whl → 2.0.0rc2__py3-none-any.whl

airflow/providers/fab/__init__.py

@@ -29,7 +29,7 @@ from airflow import __version__ as airflow_version
 
 __all__ = ["__version__"]
 
-__version__ = "2.0.0b1"
+__version__ = "2.0.0"
 
 if packaging.version.parse(packaging.version.parse(airflow_version).base_version) < packaging.version.parse(
     "3.0.0.dev0"

airflow/providers/fab/auth_manager/api/auth/backend/basic_auth.py

@@ -26,9 +26,9 @@ from flask_appbuilder.const import AUTH_LDAP
 from flask_login import login_user
 
 from airflow.api_fastapi.app import get_auth_manager
-from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
 
 if TYPE_CHECKING:
+    from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
     from airflow.providers.fab.auth_manager.models import User
 
 CLIENT_AUTH: tuple[str, str] | Any | None = None
@@ -45,8 +45,7 @@ def auth_current_user() -> User | None:
     auth = request.authorization
     if auth is None or not auth.username or not auth.password:
         return None
-
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     user = None
     if security_manager.auth_type == AUTH_LDAP:
         user = security_manager.auth_user_ldap(auth.username, auth.password)
@@ -67,4 +66,4 @@ def requires_authentication(function: T):
         else:
             return Response("Unauthorized", 401, {"WWW-Authenticate": "Basic"})
 
-    return cast(T, decorated)
+    return cast("T", decorated)

airflow/providers/fab/auth_manager/api/auth/backend/kerberos_auth.py

@@ -28,11 +28,11 @@ from requests_kerberos import HTTPKerberosAuth
 
 from airflow.api_fastapi.app import get_auth_manager
 from airflow.configuration import conf
-from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
 from airflow.utils.net import getfqdn
 
 if TYPE_CHECKING:
     from airflow.api_fastapi.auth.managers.models.base_user import BaseUser
+    from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
 
 log = logging.getLogger(__name__)
 
@@ -115,7 +115,7 @@ T = TypeVar("T", bound=Callable)
 
 
 def find_user(username=None, email=None):
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     return security_manager.find_user(username=username, email=email)
 
 
@@ -143,4 +143,4 @@ def requires_authentication(function: T, find_user: Callable[[str], BaseUser] |
                 return _forbidden()
         return _unauthorized()
 
-    return cast(T, decorated)
+    return cast("T", decorated)

airflow/providers/fab/auth_manager/api/auth/backend/session.py

@@ -44,4 +44,4 @@ def requires_authentication(function: T):
             return Response("Unauthorized", 401, {})
         return function(*args, **kwargs)
 
-    return cast(T, decorated)
+    return cast("T", decorated)

airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py

@@ -25,7 +25,6 @@ from marshmallow import ValidationError
 from sqlalchemy import asc, desc, func, select
 
 from airflow.api_fastapi.app import get_auth_manager
-from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
 from airflow.providers.fab.auth_manager.models import Action, Role
 from airflow.providers.fab.auth_manager.schemas.role_and_permission_schema import (
     ActionCollection,
@@ -40,6 +39,7 @@ from airflow.providers.fab.www.api_connexion.security import requires_access_cus
 from airflow.providers.fab.www.security import permissions
 
 if TYPE_CHECKING:
+    from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
     from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride
     from airflow.providers.fab.www.api_connexion.types import APIResponse, UpdateMask
 
@@ -60,7 +60,7 @@ def _check_action_and_resource(sm: FabAirflowSecurityManagerOverride, perms: lis
 @requires_access_custom_view("GET", permissions.RESOURCE_ROLE)
 def get_role(*, role_name: str) -> APIResponse:
     """Get role."""
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     role = security_manager.find_role(name=role_name)
     if not role:
         raise NotFound(title="Role not found", detail=f"Role with name {role_name!r} was not found")
@@ -71,7 +71,7 @@ def get_role(*, role_name: str) -> APIResponse:
 @format_parameters({"limit": check_limit})
 def get_roles(*, order_by: str = "name", limit: int, offset: int | None = None) -> APIResponse:
     """Get roles."""
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     session = security_manager.get_session
     total_entries = session.scalars(select(func.count(Role.id))).one()
     direction = desc if order_by.startswith("-") else asc
@@ -81,8 +81,7 @@ def get_roles(*, order_by: str = "name", limit: int, offset: int | None = None)
     allowed_sort_attrs = ["role_id", "name"]
     if order_by not in allowed_sort_attrs:
         raise BadRequest(
-            detail=f"Ordering with '{order_by}' is disallowed or "
-            f"the attribute does not exist on the model"
+            detail=f"Ordering with '{order_by}' is disallowed or the attribute does not exist on the model"
         )
 
     query = select(Role)
@@ -99,7 +98,7 @@ def get_roles(*, order_by: str = "name", limit: int, offset: int | None = None)
 @format_parameters({"limit": check_limit})
 def get_permissions(*, limit: int, offset: int | None = None) -> APIResponse:
     """Get permissions."""
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     session = security_manager.get_session
     total_entries = session.scalars(select(func.count(Action.id))).one()
     query = select(Action)
@@ -110,7 +109,7 @@ def get_permissions(*, limit: int, offset: int | None = None) -> APIResponse:
 @requires_access_custom_view("DELETE", permissions.RESOURCE_ROLE)
 def delete_role(*, role_name: str) -> APIResponse:
     """Delete a role."""
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
 
     role = security_manager.find_role(name=role_name)
     if not role:
@@ -122,7 +121,7 @@ def delete_role(*, role_name: str) -> APIResponse:
 @requires_access_custom_view("PUT", permissions.RESOURCE_ROLE)
 def patch_role(*, role_name: str, update_mask: UpdateMask = None) -> APIResponse:
     """Update a role."""
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     body = request.json
     try:
         data = role_schema.load(body)
@@ -155,7 +154,7 @@ def patch_role(*, role_name: str, update_mask: UpdateMask = None) -> APIResponse
 @requires_access_custom_view("POST", permissions.RESOURCE_ROLE)
 def post_role() -> APIResponse:
     """Create a new role."""
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     body = request.json
     try:
         data = role_schema.load(body)

airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py

@@ -26,7 +26,6 @@ from sqlalchemy import asc, desc, func, select
 from werkzeug.security import generate_password_hash
 
 from airflow.api_fastapi.app import get_auth_manager
-from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
 from airflow.providers.fab.auth_manager.models import User
 from airflow.providers.fab.auth_manager.schemas.user_schema import (
     UserCollection,
@@ -40,6 +39,7 @@ from airflow.providers.fab.www.api_connexion.security import requires_access_cus
 from airflow.providers.fab.www.security import permissions
 
 if TYPE_CHECKING:
+    from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
     from airflow.providers.fab.auth_manager.models import Role
     from airflow.providers.fab.www.api_connexion.types import APIResponse, UpdateMask
 
@@ -47,7 +47,7 @@ if TYPE_CHECKING:
 @requires_access_custom_view("GET", permissions.RESOURCE_USER)
 def get_user(*, username: str) -> APIResponse:
     """Get a user."""
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     user = security_manager.find_user(username=username)
     if not user:
         raise NotFound(title="User not found", detail=f"The User with username `{username}` was not found")
@@ -58,7 +58,7 @@ def get_user(*, username: str) -> APIResponse:
 @format_parameters({"limit": check_limit})
 def get_users(*, limit: int, order_by: str = "id", offset: str | None = None) -> APIResponse:
     """Get users."""
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     session = security_manager.get_session
     total_entries = session.execute(select(func.count(User.id))).scalar()
     direction = desc if order_by.startswith("-") else asc
@@ -76,8 +76,7 @@ def get_users(*, limit: int, order_by: str = "id", offset: str | None = None) ->
     ]
     if order_by not in allowed_sort_attrs:
         raise BadRequest(
-            detail=f"Ordering with '{order_by}' is disallowed or "
-            f"the attribute does not exist on the model"
+            detail=f"Ordering with '{order_by}' is disallowed or the attribute does not exist on the model"
         )
 
     query = select(User).order_by(direction(getattr(User, order_param))).offset(offset).limit(limit)
@@ -94,7 +93,7 @@ def post_user() -> APIResponse:
     except ValidationError as e:
         raise BadRequest(detail=str(e.messages))
 
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
     username = data["username"]
     email = data["email"]
 
@@ -137,7 +136,7 @@ def patch_user(*, username: str, update_mask: UpdateMask = None) -> APIResponse:
     except ValidationError as e:
         raise BadRequest(detail=str(e.messages))
 
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
 
     user = security_manager.find_user(username=username)
     if user is None:
@@ -201,7 +200,7 @@ def patch_user(*, username: str, update_mask: UpdateMask = None) -> APIResponse:
 @requires_access_custom_view("DELETE", permissions.RESOURCE_USER)
 def delete_user(*, username: str) -> APIResponse:
     """Delete a user."""
-    security_manager = cast(FabAuthManager, get_auth_manager()).security_manager
+    security_manager = cast("FabAuthManager", get_auth_manager()).security_manager
 
     user = security_manager.find_user(username=username)
     if user is None:

airflow/providers/fab/auth_manager/api_fastapi/datamodels/login.py

@@ -22,7 +22,7 @@ from airflow.api_fastapi.core_api.base import BaseModel
 class LoginResponse(BaseModel):
     """API Token serializer for responses."""
 
-    jwt_token: str
+    access_token: str
 
 
 class LoginBody(BaseModel):

airflow/providers/fab/auth_manager/api_fastapi/openapi/v1-generated.yaml

@@ -89,7 +89,8 @@ components:
         detail:
           anyOf:
           - type: string
-          - type: object
+          - additionalProperties: true
+            type: object
           title: Detail
       type: object
       required:
@@ -121,12 +122,12 @@ components:
       description: API Token serializer for requests.
     LoginResponse:
       properties:
-        jwt_token:
+        access_token:
           type: string
-          title: Jwt Token
+          title: Access Token
       type: object
       required:
-      - jwt_token
+      - access_token
       title: LoginResponse
       description: API Token serializer for responses.
     ValidationError:

airflow/providers/fab/auth_manager/api_fastapi/routes/login.py

@@ -47,5 +47,5 @@ def create_token(body: LoginBody) -> LoginResponse:
 def create_token_cli(body: LoginBody) -> LoginResponse:
     """Generate a new CLI API token."""
     return FABAuthManagerLogin.create_token(
-        body=body, expiration_time_in_sec=conf.getint("api_auth", "jwt_cli_expiration_time")
+        body=body, expiration_time_in_seconds=conf.getint("api_auth", "jwt_cli_expiration_time")
     )

airflow/providers/fab/auth_manager/api_fastapi/services/login.py

@@ -24,9 +24,9 @@ from starlette.exceptions import HTTPException
 from airflow.api_fastapi.app import get_auth_manager
 from airflow.configuration import conf
 from airflow.providers.fab.auth_manager.api_fastapi.datamodels.login import LoginBody, LoginResponse
-from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
 
 if TYPE_CHECKING:
+    from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
     from airflow.providers.fab.auth_manager.models import User
 
 
@@ -35,7 +35,7 @@ class FABAuthManagerLogin:
 
     @classmethod
     def create_token(
-        cls, body: LoginBody, expiration_time_in_sec: int = conf.getint("api_auth", "jwt_expiration_time")
+        cls, body: LoginBody, expiration_time_in_seconds: int = conf.getint("api_auth", "jwt_expiration_time")
     ) -> LoginResponse:
         """Create a new token."""
         if not body.username or not body.password:
@@ -43,15 +43,15 @@ class FABAuthManagerLogin:
                 status_code=status.HTTP_400_BAD_REQUEST, detail="Username and password must be provided"
             )
 
-        auth_manager = cast(FabAuthManager, get_auth_manager())
+        auth_manager = cast("FabAuthManager", get_auth_manager())
         user: User = auth_manager.security_manager.find_user(username=body.username)
         if not user:
             raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid username")
 
         if auth_manager.security_manager.check_password(username=body.username, password=body.password):
             return LoginResponse(
-                jwt_token=auth_manager.generate_jwt(
-                    user=user, expiration_time_in_seconds=expiration_time_in_sec
+                access_token=auth_manager.generate_jwt(
+                    user=user, expiration_time_in_seconds=expiration_time_in_seconds
                 )
             )
         else:

airflow/providers/fab/auth_manager/cli_commands/db_command.py

@@ -17,7 +17,7 @@
 from __future__ import annotations
 
 from airflow import settings
-from airflow.cli.commands.local_commands.db_command import run_db_downgrade_command, run_db_migrate_command
+from airflow.cli.commands.db_command import run_db_downgrade_command, run_db_migrate_command
 from airflow.providers.fab.auth_manager.models.db import _REVISION_HEADS_MAP, FABDBManager
 from airflow.utils import cli as cli_utils
 from airflow.utils.providers_configuration_loader import providers_configuration_loaded

airflow/providers/fab/auth_manager/cli_commands/utils.py

@@ -59,7 +59,7 @@ def get_application_builder() -> Generator[AirflowAppBuilder, None, None]:
         url = make_url(flask_app.config["SQLALCHEMY_DATABASE_URI"])
         if url.drivername == "sqlite" and url.database and not isabs(url.database):
             raise AirflowConfigException(
-                f'Cannot use relative path: `{conf.get("database", "SQL_ALCHEMY_CONN")}` to connect to sqlite. '
+                f"Cannot use relative path: `{conf.get('database', 'SQL_ALCHEMY_CONN')}` to connect to sqlite. "
                 "Please use absolute path such as `sqlite:////tmp/airflow.db`."
             )
         flask_app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False

airflow/providers/fab/auth_manager/fab_auth_manager.py

@@ -521,6 +521,10 @@ class FabAuthManager(BaseAuthManager[User]):
             if self._is_authorized(method="MENU", resource_type=item["resource_type"], user=user)
         ]
 
+    @staticmethod
+    def get_db_manager() -> str | None:
+        return "airflow.providers.fab.auth_manager.models.db.FABDBManager"
+
     def _is_authorized(
         self,
         *,

airflow/providers/fab/auth_manager/models/db.py

@@ -54,8 +54,8 @@ class FABDBManager(BaseDBManager):
     alembic_file = (PACKAGE_DIR / "alembic.ini").as_posix()
     supports_table_dropping = True
 
-    def _create_db_from_orm(self):
-        super()._create_db_from_orm()
+    def create_db_from_orm(self):
+        super().create_db_from_orm()
         _get_flask_db(settings.SQL_ALCHEMY_CONN).create_all()
 
     def upgradedb(self, to_revision=None, from_revision=None, show_sql_only=False):

airflow/providers/fab/auth_manager/openapi/v1.yaml

@@ -687,12 +687,21 @@ components:
     Basic:
       type: http
       scheme: basic
+      description: To authenticate FAB auth manager API requests, clients have the option to use basic
+        authentication. To learn more about FAB auth manager API authentication, please read
+        https://airflow.apache.org/docs/apache-airflow-providers-fab/stable/auth-manager/api-authentication.html#basic-authentication.
     GoogleOpenId:
       type: openIdConnect
       openIdConnectUrl: https://accounts.google.com/.well-known/openid-configuration
+      description: To authenticate FAB auth manager API requests, clients have the option to use Google OpenID.
+        To learn more about Google OpenID authentication, please read
+        https://airflow.apache.org/docs/apache-airflow-providers-google/stable/api-auth-backend/google-openid.html.
     Kerberos:
       type: http
       scheme: negotiate
+      description: To authenticate FAB auth manager API requests, clients have the option to use Kerberos
+        authentication. To learn more about FAB auth manager API authentication, please read
+        https://airflow.apache.org/docs/apache-airflow-providers-fab/stable/auth-manager/api-authentication.html#kerberos-authentication.
 
 tags:
   - name: Role

airflow/providers/fab/auth_manager/security_manager/override.py

@@ -21,8 +21,6 @@ import copy
 import datetime
 import itertools
 import logging
-import os
-import random
 import uuid
 from collections.abc import Collection, Iterable, Mapping
 from typing import TYPE_CHECKING, Any
@@ -740,43 +738,6 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         """Get the builtin roles."""
         return self._builtin_roles
 
-    def create_admin_standalone(self) -> tuple[str | None, str | None]:
-        """Create an Admin user with a random password so that users can access airflow."""
-        from airflow.configuration import AIRFLOW_HOME, make_group_other_inaccessible
-
-        user_name = "admin"
-
-        # We want a streamlined first-run experience, but we do not want to
-        # use a preset password as people will inevitably run this on a public
-        # server. Thus, we make a random password and store it in AIRFLOW_HOME,
-        # with the reasoning that if you can read that directory, you can see
-        # the database credentials anyway.
-        password_path = os.path.join(AIRFLOW_HOME, "standalone_admin_password.txt")
-
-        user_exists = self.find_user(user_name) is not None
-        we_know_password = os.path.isfile(password_path)
-
-        # If the user does not exist, make a random password and make it
-        if not user_exists:
-            print(f"FlaskAppBuilder Authentication Manager: Creating {user_name} user")
-            if (role := self.find_role("Admin")) is None:
-                raise AirflowException("Unable to find role 'Admin'")
-            # password does not contain visually similar characters: ijlIJL1oO0
-            password = "".join(random.choices("abcdefghkmnpqrstuvwxyzABCDEFGHKMNPQRSTUVWXYZ23456789", k=16))
-            with open(password_path, "w") as file:
-                file.write(password)
-            make_group_other_inaccessible(password_path)
-            self.add_user(user_name, "Admin", "User", "admin@example.com", role, password)
-            print(f"FlaskAppBuilder Authentication Manager: Created {user_name} user")
-        # If the user does exist, and we know its password, read the password
-        elif user_exists and we_know_password:
-            with open(password_path) as file:
-                password = file.read().strip()
-        # Otherwise we don't know the password
-        else:
-            password = None
-        return user_name, password
-
     def _init_config(self):
         """
         Initialize config.

airflow/providers/fab/get_provider_info.py

@@ -29,7 +29,7 @@ def get_provider_info():
         "state": "not-ready",
         "source-date-epoch": 1741121873,
         "versions": [
-            "2.0.0b1",
+            "2.0.0",
             "1.5.2",
             "1.5.1",
             "1.5.0",
@@ -86,12 +86,16 @@ def get_provider_info():
         "dependencies": [
             "apache-airflow>=3.0.0.dev0",
             "apache-airflow-providers-common-compat>=1.2.1",
-            "flask>=2.2,<2.3",
+            "blinker>=1.6.2",
+            "flask>=2.2.1,<2.3",
             "flask-appbuilder==4.5.3",
             "flask-login>=0.6.2",
+            "flask-session>=0.4.0,<0.6",
+            "flask-wtf>=1.1.0",
             "connexion[flask]>=2.14.2,<3.0",
             "jmespath>=0.7.0",
+            "werkzeug>=2.2,<4",
         ],
         "optional-dependencies": {"kerberos": ["kerberos>=1.3.0"]},
-        "devel-dependencies": ["kerberos>=1.3.0"],
+        "devel-dependencies": ["kerberos>=1.3.0", "requests_kerberos>=0.14.0"],
     }

airflow/providers/fab/www/api_connexion/parameters.py

@@ -104,7 +104,7 @@ def format_parameters(params_formatters: dict[str, Callable[[Any], Any]]) -> Cal
                     kwargs[key] = formatter(kwargs[key])
             return func(*args, **kwargs)
 
-        return cast(T, wrapped_function)
+        return cast("T", wrapped_function)
 
     return format_parameters_decorator
 

airflow/providers/fab/www/api_connexion/security.py

@@ -22,18 +22,18 @@ from typing import TYPE_CHECKING, Callable, TypeVar, cast
 from flask import Response, current_app
 
 from airflow.api_fastapi.app import get_auth_manager
-from airflow.providers.fab.www.airflow_flask_app import AirflowApp
 from airflow.providers.fab.www.api_connexion.exceptions import PermissionDenied, Unauthenticated
 
 if TYPE_CHECKING:
     from airflow.api_fastapi.auth.managers.base_auth_manager import ResourceMethod
+    from airflow.providers.fab.www.airflow_flask_app import AirflowApp
 
 T = TypeVar("T", bound=Callable)
 
 
 def check_authentication() -> None:
     """Check that the request has valid authorization information."""
-    for auth in cast(AirflowApp, current_app).api_auth:
+    for auth in cast("AirflowApp", current_app).api_auth:
         response = auth.requires_authentication(Response)()
         if response.status_code == 200:
             return
@@ -79,6 +79,6 @@ def requires_access_custom_view(
                 kwargs=kwargs,
             )
 
-        return cast(T, decorated)
+        return cast("T", decorated)
 
     return requires_access_decorator

airflow/providers/fab/www/app.py

@@ -60,7 +60,7 @@ def create_app(enable_plugins: bool):
     url = make_url(flask_app.config["SQLALCHEMY_DATABASE_URI"])
     if url.drivername == "sqlite" and url.database and not isabs(url.database):
         raise AirflowConfigException(
-            f'Cannot use relative path: `{conf.get("database", "SQL_ALCHEMY_CONN")}` to connect to sqlite. '
+            f"Cannot use relative path: `{conf.get('database', 'SQL_ALCHEMY_CONN')}` to connect to sqlite. "
             "Please use absolute path such as `sqlite:////tmp/airflow.db`."
         )
 

airflow/providers/fab/www/auth.py

@@ -121,7 +121,7 @@ def _has_access_no_details(is_authorized_callback: Callable[[], bool]) -> Callab
                 kwargs=kwargs,
             )
 
-        return cast(T, decorated)
+        return cast("T", decorated)
 
     return has_access_decorator
 
@@ -189,7 +189,7 @@ def has_access_connection(method: ResourceMethod) -> Callable[[T], T]:
                 kwargs=kwargs,
             )
 
-        return cast(T, decorated)
+        return cast("T", decorated)
 
     return has_access_decorator
 
@@ -240,7 +240,7 @@ def has_access_dag(method: ResourceMethod, access_entity: DagAccessEntity | None
                 kwargs=kwargs,
             )
 
-        return cast(T, decorated)
+        return cast("T", decorated)
 
     return has_access_decorator
 
@@ -269,7 +269,7 @@ def has_access_dag_entities(method: ResourceMethod, access_entity: DagAccessEnti
                 kwargs=kwargs,
             )
 
-        return cast(T, decorated)
+        return cast("T", decorated)
 
     return has_access_decorator
 
@@ -303,7 +303,7 @@ def has_access_pool(method: ResourceMethod) -> Callable[[T], T]:
                 kwargs=kwargs,
             )
 
-        return cast(T, decorated)
+        return cast("T", decorated)
 
     return has_access_decorator
 
@@ -336,7 +336,7 @@ def has_access_variable(method: ResourceMethod) -> Callable[[T], T]:
                 kwargs=kwargs,
             )
 
-        return cast(T, decorated)
+        return cast("T", decorated)
 
     return has_access_decorator