PyPI - apache-airflow-providers-fab - Versions diffs - 2.0.0rc1__py3-none-any.whl → 2.0.0rc2__py3-none-any.whl - Mend

apache-airflow-providers-fab 2.0.0rc1py3-none-any.whl → 2.0.0rc2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

airflow/providers/fab/www/app.py CHANGED Viewed

@@ -25,14 +25,21 @@ from flask_wtf.csrf import CSRFProtect
 from sqlalchemy.engine.url import make_url
 from airflow import settings
+from airflow.api_fastapi.app import get_auth_manager
 from airflow.configuration import conf
 from airflow.exceptions import AirflowConfigException
 from airflow.logging_config import configure_logging
 from airflow.providers.fab.www.extensions.init_appbuilder import init_appbuilder
 from airflow.providers.fab.www.extensions.init_jinja_globals import init_jinja_globals
 from airflow.providers.fab.www.extensions.init_manifest_files import configure_manifest_files
-from airflow.providers.fab.www.extensions.init_security import init_xframe_protection
-from airflow.providers.fab.www.extensions.init_views import init_error_handlers, init_plugins
+from airflow.providers.fab.www.extensions.init_security import init_api_auth, init_xframe_protection
+from airflow.providers.fab.www.extensions.init_session import init_airflow_session_interface
+from airflow.providers.fab.www.extensions.init_views import (
+    init_api_auth_provider,
+    init_api_error_handlers,
+    init_error_handlers,
+    init_plugins,
+)
 app: Flask | None = None
@@ -41,43 +48,61 @@ app: Flask | None = None
 csrf = CSRFProtect()
-def create_app(config=None, testing=False):
+def create_app(enable_plugins: bool):
     """Create a new instance of Airflow WWW app."""
+    from airflow.providers.fab.auth_manager.fab_auth_manager import FabAuthManager
     flask_app = Flask(__name__)
     flask_app.secret_key = conf.get("webserver", "SECRET_KEY")
     flask_app.config["SQLALCHEMY_DATABASE_URI"] = conf.get("database", "SQL_ALCHEMY_CONN")
+    flask_app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
     url = make_url(flask_app.config["SQLALCHEMY_DATABASE_URI"])
     if url.drivername == "sqlite" and url.database and not isabs(url.database):
         raise AirflowConfigException(
-            f'Cannot use relative path: `{conf.get("database", "SQL_ALCHEMY_CONN")}` to connect to sqlite. '
+            f"Cannot use relative path: `{conf.get('database', 'SQL_ALCHEMY_CONN')}` to connect to sqlite. "
             "Please use absolute path such as `sqlite:////tmp/airflow.db`."
         )
     if "SQLALCHEMY_ENGINE_OPTIONS" not in flask_app.config:
         flask_app.config["SQLALCHEMY_ENGINE_OPTIONS"] = settings.prepare_engine_args()
+    csrf.init_app(flask_app)
     db = SQLA()
     db.session = settings.Session
     db.init_app(flask_app)
     configure_logging()
     configure_manifest_files(flask_app)
+    init_api_auth(flask_app)
     with flask_app.app_context():
-        init_appbuilder(flask_app)
-        init_plugins(flask_app)
+        init_appbuilder(flask_app, enable_plugins=enable_plugins)
         init_error_handlers(flask_app)
-        init_jinja_globals(flask_app)
+        # In two scenarios a Flask application can be created:
+        # - To support Airflow 2 plugins relying on Flask (``enable_plugins`` is True)
+        # - To support FAB auth manager (``enable_plugins`` is False)
+        # There are some edge cases where ``enable_plugins`` is False but the auth manager configured is not
+        # FAB auth manager. One example is ``run_update_fastapi_api_spec``, it calls
+        # ``FabAuthManager().get_fastapi_app()`` to generate the openapi documentation regardless of the
+        # configured auth manager.
+        if enable_plugins:
+            init_plugins(flask_app)
+        elif isinstance(get_auth_manager(), FabAuthManager):
+            init_api_auth_provider(flask_app)
+            init_api_error_handlers(flask_app)
+        init_jinja_globals(flask_app, enable_plugins=enable_plugins)
         init_xframe_protection(flask_app)
+        init_airflow_session_interface(flask_app)
     return flask_app
-def cached_app(config=None, testing=False):
+def cached_app():
     """Return cached instance of Airflow WWW app."""
     global app
     if not app:
-        app = create_app(config=config, testing=testing)
+        app = create_app()
     return app

airflow/providers/fab/www/auth.py ADDED Viewed

@@ -0,0 +1,350 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+import functools
+import logging
+from collections.abc import Sequence
+from functools import wraps
+from typing import TYPE_CHECKING, Callable, TypeVar, cast
+from flask import flash, redirect, render_template, request, url_for
+from flask_appbuilder._compat import as_unicode
+from flask_appbuilder.const import (
+    FLAMSG_ERR_SEC_ACCESS_DENIED,
+    LOGMSG_ERR_SEC_ACCESS_DENIED,
+    PERMISSION_PREFIX,
+)
+from airflow.api_fastapi.app import get_auth_manager
+from airflow.api_fastapi.auth.managers.models.resource_details import (
+    AccessView,
+    ConnectionDetails,
+    DagAccessEntity,
+    DagDetails,
+    PoolDetails,
+    VariableDetails,
+)
+from airflow.configuration import conf
+from airflow.providers.fab.www.utils import get_fab_auth_manager
+from airflow.utils.net import get_hostname
+if TYPE_CHECKING:
+    from airflow.api_fastapi.auth.managers.base_auth_manager import ResourceMethod
+    from airflow.api_fastapi.auth.managers.models.batch_apis import (
+        IsAuthorizedConnectionRequest,
+        IsAuthorizedDagRequest,
+        IsAuthorizedPoolRequest,
+        IsAuthorizedVariableRequest,
+    )
+    from airflow.models import DagRun, Pool, TaskInstance, Variable
+    from airflow.models.connection import Connection
+    from airflow.models.xcom import XComModel
+T = TypeVar("T", bound=Callable)
+log = logging.getLogger(__name__)
+def get_access_denied_message():
+    return conf.get("webserver", "access_denied_message")
+def has_access_with_pk(f):
+    """
+    Check permissions on views.
+    The implementation is very similar from
+    https://github.com/dpgaspar/Flask-AppBuilder/blob/c6fecdc551629e15467fde5d06b4437379d90592/flask_appbuilder/security/decorators.py#L134
+    The difference is that this decorator will pass the resource ID to check permissions. It allows
+    fined-grained access control using resource IDs.
+    """
+    if hasattr(f, "_permission_name"):
+        permission_str = f._permission_name
+    else:
+        permission_str = f.__name__
+    def wraps(self, *args, **kwargs):
+        permission_str = f"{PERMISSION_PREFIX}{f._permission_name}"
+        if self.method_permission_name:
+            _permission_name = self.method_permission_name.get(f.__name__)
+            if _permission_name:
+                permission_str = f"{PERMISSION_PREFIX}{_permission_name}"
+        if permission_str in self.base_permissions and self.appbuilder.sm.has_access(
+            action_name=permission_str,
+            resource_name=self.class_permission_name,
+            resource_pk=kwargs.get("pk"),
+        ):
+            return f(self, *args, **kwargs)
+        else:
+            log.warning(LOGMSG_ERR_SEC_ACCESS_DENIED, permission_str, self.__class__.__name__)
+            flash(as_unicode(FLAMSG_ERR_SEC_ACCESS_DENIED), "danger")
+        return redirect(get_auth_manager().get_url_login(next_url=request.url))
+    f._permission_name = permission_str
+    return functools.update_wrapper(wraps, f)
+def _has_access_no_details(is_authorized_callback: Callable[[], bool]) -> Callable[[T], T]:
+    """
+    Check current user's permissions against required permissions.
+    This works only for resources with no details. This function is used in some ``has_access_`` functions
+    below.
+    :param is_authorized_callback: callback to execute to figure whether the user is authorized to access
+        the resource?
+    """
+    def has_access_decorator(func: T):
+        @wraps(func)
+        def decorated(*args, **kwargs):
+            return _has_access(
+                is_authorized=is_authorized_callback(),
+                func=func,
+                args=args,
+                kwargs=kwargs,
+            )
+        return cast("T", decorated)
+    return has_access_decorator
+def _has_access(*, is_authorized: bool, func: Callable, args, kwargs):
+    """
+    Define the behavior whether the user is authorized to access the resource.
+    :param is_authorized: whether the user is authorized to access the resource
+    :param func: the function to call if the user is authorized
+    :param args: the arguments of ``func``
+    :param kwargs: the keyword arguments ``func``
+    :meta private:
+    """
+    if is_authorized:
+        return func(*args, **kwargs)
+    elif get_fab_auth_manager().is_logged_in() and not get_auth_manager().is_authorized_view(
+        access_view=AccessView.WEBSITE,
+        user=get_fab_auth_manager().get_user(),
+    ):
+        return (
+            render_template(
+                "airflow/no_roles_permissions.html",
+                hostname=get_hostname() if conf.getboolean("webserver", "EXPOSE_HOSTNAME") else "",
+                logout_url=get_fab_auth_manager().get_url_logout(),
+            ),
+            403,
+        )
+    elif not get_fab_auth_manager().is_logged_in():
+        return redirect(get_auth_manager().get_url_login(next_url=request.url))
+    else:
+        access_denied = get_access_denied_message()
+        flash(access_denied, "danger")
+    return redirect(url_for("FabIndexView.index"))
+def has_access_configuration(method: ResourceMethod) -> Callable[[T], T]:
+    return _has_access_no_details(
+        lambda: get_auth_manager().is_authorized_configuration(
+            method=method, user=get_fab_auth_manager().get_user()
+        )
+    )
+def has_access_connection(method: ResourceMethod) -> Callable[[T], T]:
+    def has_access_decorator(func: T):
+        @wraps(func)
+        def decorated(*args, **kwargs):
+            connections: set[Connection] = set(args[1])
+            requests: Sequence[IsAuthorizedConnectionRequest] = [
+                {
+                    "method": method,
+                    "details": ConnectionDetails(conn_id=connection.conn_id),
+                }
+                for connection in connections
+            ]
+            is_authorized = get_auth_manager().batch_is_authorized_connection(
+                requests, user=get_auth_manager().get_user()
+            )
+            return _has_access(
+                is_authorized=is_authorized,
+                func=func,
+                args=args,
+                kwargs=kwargs,
+            )
+        return cast("T", decorated)
+    return has_access_decorator
+def has_access_dag(method: ResourceMethod, access_entity: DagAccessEntity | None = None) -> Callable[[T], T]:
+    def has_access_decorator(func: T):
+        @wraps(func)
+        def decorated(*args, **kwargs):
+            dag_id_kwargs = kwargs.get("dag_id")
+            dag_id_args = request.args.get("dag_id")
+            dag_id_form = request.form.get("dag_id")
+            dag_id_json = request.json.get("dag_id") if request.is_json else None
+            all_dag_ids = [dag_id_kwargs, dag_id_args, dag_id_form, dag_id_json]
+            unique_dag_ids = set(dag_id for dag_id in all_dag_ids if dag_id is not None)
+            if len(unique_dag_ids) > 1:
+                log.warning(
+                    "There are different dag_ids passed in the request: %s. Returning 403.", unique_dag_ids
+                )
+                log.warning(
+                    "kwargs: %s, args: %s, form: %s, json: %s",
+                    dag_id_kwargs,
+                    dag_id_args,
+                    dag_id_form,
+                    dag_id_json,
+                )
+                return (
+                    render_template(
+                        "airflow/no_roles_permissions.html",
+                        hostname=get_hostname() if conf.getboolean("webserver", "EXPOSE_HOSTNAME") else "",
+                        logout_url=get_auth_manager().get_url_logout(),
+                    ),
+                    403,
+                )
+            dag_id = unique_dag_ids.pop() if unique_dag_ids else None
+            is_authorized = get_auth_manager().is_authorized_dag(
+                method=method,
+                access_entity=access_entity,
+                details=None if not dag_id else DagDetails(id=dag_id),
+                user=get_auth_manager().get_user(),
+            )
+            return _has_access(
+                is_authorized=is_authorized,
+                func=func,
+                args=args,
+                kwargs=kwargs,
+            )
+        return cast("T", decorated)
+    return has_access_decorator
+def has_access_dag_entities(method: ResourceMethod, access_entity: DagAccessEntity) -> Callable[[T], T]:
+    def has_access_decorator(func: T):
+        @wraps(func)
+        def decorated(*args, **kwargs):
+            items: set[XComModel | DagRun | TaskInstance] = set(args[1])
+            requests: Sequence[IsAuthorizedDagRequest] = [
+                {
+                    "method": method,
+                    "access_entity": access_entity,
+                    "details": DagDetails(id=item.dag_id),
+                }
+                for item in items
+                if item is not None
+            ]
+            is_authorized = get_auth_manager().batch_is_authorized_dag(
+                requests, user=get_auth_manager().get_user()
+            )
+            return _has_access(
+                is_authorized=is_authorized,
+                func=func,
+                args=args,
+                kwargs=kwargs,
+            )
+        return cast("T", decorated)
+    return has_access_decorator
+def has_access_asset(method: ResourceMethod) -> Callable[[T], T]:
+    """Check current user's permissions against required permissions for assets."""
+    return _has_access_no_details(
+        lambda: get_auth_manager().is_authorized_asset(method=method, user=get_fab_auth_manager().get_user())
+    )
+def has_access_pool(method: ResourceMethod) -> Callable[[T], T]:
+    def has_access_decorator(func: T):
+        @wraps(func)
+        def decorated(*args, **kwargs):
+            pools: set[Pool] = set(args[1])
+            requests: Sequence[IsAuthorizedPoolRequest] = [
+                {
+                    "method": method,
+                    "details": PoolDetails(name=pool.pool),
+                }
+                for pool in pools
+            ]
+            is_authorized = get_auth_manager().batch_is_authorized_pool(
+                requests, user=get_auth_manager().get_user()
+            )
+            return _has_access(
+                is_authorized=is_authorized,
+                func=func,
+                args=args,
+                kwargs=kwargs,
+            )
+        return cast("T", decorated)
+    return has_access_decorator
+def has_access_variable(method: ResourceMethod) -> Callable[[T], T]:
+    def has_access_decorator(func: T):
+        @wraps(func)
+        def decorated(*args, **kwargs):
+            if len(args) == 1:
+                # No items provided
+                is_authorized = get_auth_manager().is_authorized_variable(
+                    method=method, user=get_auth_manager().get_user()
+                )
+            else:
+                variables: set[Variable] = set(args[1])
+                requests: Sequence[IsAuthorizedVariableRequest] = [
+                    {
+                        "method": method,
+                        "details": VariableDetails(key=variable.key),
+                    }
+                    for variable in variables
+                ]
+                is_authorized = get_auth_manager().batch_is_authorized_variable(
+                    requests, user=get_auth_manager().get_user()
+                )
+            return _has_access(
+                is_authorized=is_authorized,
+                func=func,
+                args=args,
+                kwargs=kwargs,
+            )
+        return cast("T", decorated)
+    return has_access_decorator
+def has_access_view(access_view: AccessView = AccessView.WEBSITE) -> Callable[[T], T]:
+    """Check current user's permissions to access the website."""
+    return _has_access_no_details(
+        lambda: get_auth_manager().is_authorized_view(
+            access_view=access_view, user=get_fab_auth_manager().get_user()
+        )
+    )

airflow/providers/fab/www/constants.py ADDED Viewed

@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+from pathlib import Path
+from airflow.configuration import conf
+WWW = Path(__file__).resolve().parent
+# There is a difference with configuring Swagger in Connexion 2.x and Connexion 3.x
+# Connexion 2: https://connexion.readthedocs.io/en/2.14.2/quickstart.html#the-swagger-ui-console
+# Connexion 3: https://connexion.readthedocs.io/en/stable/swagger_ui.html#configuring-the-swagger-ui
+SWAGGER_ENABLED = conf.getboolean("webserver", "enable_swagger_ui", fallback=True)
+SWAGGER_BUNDLE = WWW.joinpath("static", "dist", "swagger-ui")

airflow/providers/fab/www/extensions/init_appbuilder.py CHANGED Viewed

@@ -36,11 +36,13 @@ from flask_appbuilder.const import (
 )
 from flask_appbuilder.filters import TemplateFilters
 from flask_appbuilder.menu import Menu
-from flask_appbuilder.views import IndexView
+from flask_appbuilder.views import IndexView, UtilView
 from airflow import settings
+from airflow.api_fastapi.app import create_auth_manager, get_auth_manager
 from airflow.configuration import conf
-from airflow.www.extensions.init_auth_manager import init_auth_manager
+from airflow.providers.fab.www.security_manager import AirflowSecurityManagerV2
+from airflow.providers.fab.www.views import FabIndexView
 if TYPE_CHECKING:
     from flask import Flask
@@ -108,6 +110,7 @@ class AirflowAppBuilder:
         base_template="airflow/main.html",
         static_folder="static/appbuilder",
         static_url_path="/appbuilder",
+        enable_plugins: bool = False,
     ):
         """
         App-builder constructor.
@@ -124,6 +127,15 @@ class AirflowAppBuilder:
             optional, your override for the global static folder
         :param static_url_path:
             optional, your override for the global static url path
+        :param enable_plugins:
+            optional, whether plugins are enabled for this app. AirflowAppBuilder from FAB provider can be
+            instantiated in two modes:
+             - Plugins enabled. The Flask application is responsible to execute Airflow 2 plugins.
+               This application is only running if there are Airflow 2 plugins defined as part of the Airflow
+               environment
+             - Plugins disabled. The Flask application is responsible to execute the FAB auth manager login
+               process. This application is only running if FAB auth manager is the auth manager configured
+               in the Airflow environment
         """
         from airflow.providers_manager import ProvidersManager
@@ -138,6 +150,7 @@ class AirflowAppBuilder:
         self.static_folder = static_folder
         self.static_url_path = static_url_path
         self.app = app
+        self.enable_plugins = enable_plugins
         self.update_perms = conf.getboolean("fab", "UPDATE_FAB_PERMS")
         self.auth_rate_limited = conf.getboolean("fab", "AUTH_RATE_LIMITED")
         self.auth_rate_limit = conf.get("fab", "AUTH_RATE_LIMIT")
@@ -171,8 +184,10 @@ class AirflowAppBuilder:
         _index_view = app.config.get("FAB_INDEX_VIEW", None)
         if _index_view is not None:
             self.indexview = dynamic_class_import(_index_view)
+        elif not self.enable_plugins:
+            self.indexview = FabIndexView
         else:
-            self.indexview = self.indexview or IndexView
+            self.indexview = IndexView
         _menu = app.config.get("FAB_MENU", None)
         if _menu is not None:
             self.menu = dynamic_class_import(_menu)
@@ -181,8 +196,14 @@ class AirflowAppBuilder:
         self._addon_managers = app.config["ADDON_MANAGERS"]
         self.session = session
-        auth_manager = init_auth_manager(self)
-        self.sm = auth_manager.security_manager
+        auth_manager = create_auth_manager()
+        auth_manager.appbuilder = self
+        if hasattr(auth_manager, "init_flask_resources"):
+            auth_manager.init_flask_resources()
+        if hasattr(auth_manager, "security_manager"):
+            self.sm = auth_manager.security_manager
+        else:
+            self.sm = AirflowSecurityManagerV2(self)
         self.bm = BabelManager(self)
         self._add_global_static()
         self._add_global_filters()
@@ -190,6 +211,15 @@ class AirflowAppBuilder:
         self._add_admin_views()
         self._add_addon_views()
         self._init_extension(app)
+        self._swap_url_filter()
+    def _swap_url_filter(self):
+        """Use our url filtering util function so there is consistency between FAB and Airflow routes."""
+        from flask_appbuilder.security import views as fab_sec_views
+        from airflow.providers.fab.www.views import get_safe_url
+        fab_sec_views.get_safe_redirect = get_safe_url
     def _init_extension(self, app):
         app.appbuilder = self
@@ -276,6 +306,10 @@ class AirflowAppBuilder:
         """Register indexview, utilview (back function), babel views and Security views."""
         self.indexview = self._check_and_init(self.indexview)
         self.add_view_no_menu(self.indexview)
+        self.add_view_no_menu(UtilView())
+        auth_manager = get_auth_manager()
+        if hasattr(auth_manager, "register_views"):
+            auth_manager.register_views()
     def _add_addon_views(self):
         """Register declared addons."""
@@ -494,9 +528,11 @@ class AirflowAppBuilder:
     @property
     def get_url_for_index(self):
-        # TODO: Return the fast api application homepage
         return url_for(f"{self.indexview.endpoint}.{self.indexview.default_view}")
+    def get_url_for_login_with(self, next_url: str | None = None) -> str:
+        return get_auth_manager().get_url_login(next_url=next_url)
     def get_url_for_locale(self, lang):
         return url_for(
             f"{self.bm.locale_view.endpoint}.{self.bm.locale_view.default_view}",
@@ -510,15 +546,23 @@ class AirflowAppBuilder:
     def _add_permission(self, baseview, update_perms=False):
         if self.update_perms or update_perms:
             try:
-                self.sm.add_permissions_view(baseview.base_permissions, baseview.class_permission_name)
+                if hasattr(self.sm, "add_permissions_view"):
+                    self.sm.add_permissions_view(baseview.base_permissions, baseview.class_permission_name)
             except Exception as e:
                 log.exception(e)
                 log.error(LOGMSG_ERR_FAB_ADD_PERMISSION_VIEW, e)
+    def add_permissions(self, update_perms=False):
+        if self.update_perms or update_perms:
+            for baseview in self.baseviews:
+                self._add_permission(baseview, update_perms=update_perms)
+            self._add_menu_permissions(update_perms=update_perms)
     def _add_permissions_menu(self, name, update_perms=False):
         if self.update_perms or update_perms:
             try:
-                self.sm.add_permissions_menu(name)
+                if hasattr(self.sm, "add_permissions_menu"):
+                    self.sm.add_permissions_menu(name)
             except Exception as e:
                 log.exception(e)
                 log.error(LOGMSG_ERR_FAB_ADD_PERMISSION_MENU, e)
@@ -548,10 +592,11 @@ class AirflowAppBuilder:
                         view.get_init_inner_views().append(v)
-def init_appbuilder(app: Flask) -> AirflowAppBuilder:
+def init_appbuilder(app: Flask, enable_plugins: bool) -> AirflowAppBuilder:
     """Init `Flask App Builder <https://flask-appbuilder.readthedocs.io/en/latest/>`__."""
     return AirflowAppBuilder(
         app=app,
         session=settings.Session,
         base_template="airflow/main.html",
+        enable_plugins=enable_plugins,
     )

airflow/providers/fab/www/extensions/init_jinja_globals.py CHANGED Viewed

@@ -30,17 +30,17 @@ from airflow.utils.platform import get_airflow_git_version
 logger = logging.getLogger(__name__)
-def init_jinja_globals(app):
+def init_jinja_globals(app, enable_plugins: bool):
     """Add extra globals variable to Jinja context."""
     server_timezone = conf.get("core", "default_timezone")
     if server_timezone == "system":
-        server_timezone = pendulum.local_timezone().name
+        server_timezone = pendulum.local_timezone().name  # type: ignore[operator]
     elif server_timezone == "utc":
         server_timezone = "UTC"
     default_ui_timezone = conf.get("webserver", "default_ui_timezone")
     if default_ui_timezone == "system":
-        default_ui_timezone = pendulum.local_timezone().name
+        default_ui_timezone = pendulum.local_timezone().name  # type: ignore[operator]
     elif default_ui_timezone == "utc":
         default_ui_timezone = "UTC"
     if not default_ui_timezone:
@@ -70,6 +70,8 @@ def init_jinja_globals(app):
             "state_color_mapping": STATE_COLORS,
             "airflow_version": airflow_version,
             "git_version": git_version,
+            "show_plugin_message": enable_plugins,
+            "disable_nav_bar": not enable_plugins,
         }
         # Extra global specific to auth manager

airflow/providers/fab/www/extensions/init_security.py CHANGED Viewed

@@ -17,8 +17,10 @@
 from __future__ import annotations
 import logging
+from importlib import import_module
 from airflow.configuration import conf
+from airflow.exceptions import AirflowException
 log = logging.getLogger(__name__)
@@ -40,3 +42,20 @@ def init_xframe_protection(app):
         return response
     app.after_request(apply_caching)
+def init_api_auth(app):
+    """Load authentication backends."""
+    auth_backends = conf.get(
+        "fab", "auth_backends", fallback="airflow.providers.fab.auth_manager.api.auth.backend.session"
+    )
+    app.api_auth = []
+    try:
+        for backend in auth_backends.split(","):
+            auth = import_module(backend.strip())
+            auth.init_app(app)
+            app.api_auth.append(auth)
+    except ImportError as err:
+        log.critical("Cannot import %s for API authentication due to: %s", backend, err)
+        raise AirflowException(err)

apache-airflow-providers-fab 2.0.0rc1__py3-none-any.whl → 2.0.0rc2__py3-none-any.whl

apache-airflow-providers-fab 2.0.0rc1py3-none-any.whl → 2.0.0rc2py3-none-any.whl