apache-airflow-providers-fab 2.3.0rc1__py3-none-any.whl → 2.3.1rc1__py3-none-any.whl

airflow/providers/fab/__init__.py

@@ -29,7 +29,7 @@ from airflow import __version__ as airflow_version
 
 __all__ = ["__version__"]
 
-__version__ = "2.3.0"
+__version__ = "2.3.1"
 
 if packaging.version.parse(packaging.version.parse(airflow_version).base_version) < packaging.version.parse(
     "3.0.2"

airflow/providers/fab/auth_manager/fab_auth_manager.py

@@ -34,6 +34,12 @@ from starlette.middleware.wsgi import WSGIMiddleware
 from airflow import __version__ as airflow_version
 from airflow.api_fastapi.app import AUTH_MANAGER_FASTAPI_APP_PREFIX
 from airflow.api_fastapi.auth.managers.base_auth_manager import BaseAuthManager
+
+try:
+    from airflow.api_fastapi.auth.managers.base_auth_manager import ExtendedResourceMethod
+except ImportError:
+    from airflow.api_fastapi.auth.managers.base_auth_manager import ResourceMethod as ExtendedResourceMethod
+
 from airflow.api_fastapi.auth.managers.models.resource_details import (
     AccessView,
     BackfillDetails,
@@ -382,7 +388,7 @@ class FabAuthManager(BaseAuthManager[User]):
 
     def is_authorized_view(self, *, access_view: AccessView, user: User) -> bool:
         # "Docs" are only links in the menu, there is no page associated
-        method: ResourceMethod = "MENU" if access_view == AccessView.DOCS else "GET"
+        method: ExtendedResourceMethod = "MENU" if access_view == AccessView.DOCS else "GET"
         return self._is_authorized(
             method=method,
             resource_type=_MAP_ACCESS_VIEW_TO_FAB_RESOURCE_TYPE[access_view],
@@ -523,7 +529,7 @@ class FabAuthManager(BaseAuthManager[User]):
     def _is_authorized(
         self,
         *,
-        method: ResourceMethod,
+        method: ExtendedResourceMethod,
         resource_type: str,
         user: User,
     ) -> bool:
@@ -594,7 +600,7 @@ class FabAuthManager(BaseAuthManager[User]):
         return len(authorized_dags) > 0
 
     @staticmethod
-    def _get_fab_action(method: ResourceMethod) -> str:
+    def _get_fab_action(method: ExtendedResourceMethod) -> str:
         """
         Convert the method to a FAB action.
 

airflow/providers/fab/auth_manager/security_manager/override.py

@@ -1551,7 +1551,7 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
     ---------------
     """
 
-    def get_resource(self, name: str) -> Resource:
+    def get_resource(self, name: str) -> Resource | None:
         """
         Return a resource record by name, if it exists.
 
@@ -1559,7 +1559,7 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         """
         return self.get_session.query(self.resource_model).filter_by(name=name).one_or_none()
 
-    def create_resource(self, name) -> Resource:
+    def create_resource(self, name) -> Resource | None:
         """
         Create a resource with the given name.
 
@@ -1628,6 +1628,9 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         if perm:
             return perm
         resource = self.create_resource(resource_name)
+        if resource is None:
+            log.error(const.LOGMSG_ERR_SEC_ADD_PERMVIEW, f"Resource creation failed {resource_name}")
+            return None
         action = self.create_action(action_name)
         perm = self.permission_model()
         perm.resource_id, perm.action_id = resource.id, action.id

airflow/providers/fab/www/auth.py

@@ -46,10 +46,7 @@ from airflow.utils.net import get_hostname
 if TYPE_CHECKING:
     from airflow.api_fastapi.auth.managers.base_auth_manager import ResourceMethod
     from airflow.api_fastapi.auth.managers.models.batch_apis import (
-        IsAuthorizedConnectionRequest,
         IsAuthorizedDagRequest,
-        IsAuthorizedPoolRequest,
-        IsAuthorizedVariableRequest,
     )
     from airflow.models import DagRun, Pool, TaskInstance, Variable
     from airflow.models.connection import Connection
@@ -170,15 +167,13 @@ def has_access_connection(method: ResourceMethod) -> Callable[[T], T]:
         @wraps(func)
         def decorated(*args, **kwargs):
             connections: set[Connection] = set(args[1])
-            requests: Sequence[IsAuthorizedConnectionRequest] = [
-                {
-                    "method": method,
-                    "details": ConnectionDetails(conn_id=connection.conn_id),
-                }
+            is_authorized = all(
+                get_auth_manager().is_authorized_connection(
+                    method=method,
+                    details=ConnectionDetails(conn_id=connection.conn_id),
+                    user=get_auth_manager().get_user(),
+                )
                 for connection in connections
-            ]
-            is_authorized = get_auth_manager().batch_is_authorized_connection(
-                requests, user=get_auth_manager().get_user()
             )
             return _has_access(
                 is_authorized=is_authorized,
@@ -284,15 +279,11 @@ def has_access_pool(method: ResourceMethod) -> Callable[[T], T]:
         @wraps(func)
         def decorated(*args, **kwargs):
             pools: set[Pool] = set(args[1])
-            requests: Sequence[IsAuthorizedPoolRequest] = [
-                {
-                    "method": method,
-                    "details": PoolDetails(name=pool.pool),
-                }
+            is_authorized = all(
+                get_auth_manager().is_authorized_pool(
+                    method=method, details=PoolDetails(name=pool.pool), user=get_auth_manager().get_user()
+                )
                 for pool in pools
-            ]
-            is_authorized = get_auth_manager().batch_is_authorized_pool(
-                requests, user=get_auth_manager().get_user()
             )
             return _has_access(
                 is_authorized=is_authorized,
@@ -310,23 +301,15 @@ def has_access_variable(method: ResourceMethod) -> Callable[[T], T]:
     def has_access_decorator(func: T):
         @wraps(func)
         def decorated(*args, **kwargs):
-            if len(args) == 1:
-                # No items provided
-                is_authorized = get_auth_manager().is_authorized_variable(
-                    method=method, user=get_auth_manager().get_user()
-                )
-            else:
-                variables: set[Variable] = set(args[1])
-                requests: Sequence[IsAuthorizedVariableRequest] = [
-                    {
-                        "method": method,
-                        "details": VariableDetails(key=variable.key),
-                    }
-                    for variable in variables
-                ]
-                is_authorized = get_auth_manager().batch_is_authorized_variable(
-                    requests, user=get_auth_manager().get_user()
+            variables: set[Variable] = set(args[1])
+            is_authorized = all(
+                get_auth_manager().is_authorized_variable(
+                    method=method,
+                    details=VariableDetails(key=variable.key),
+                    user=get_auth_manager().get_user(),
                 )
+                for variable in variables
+            )
             return _has_access(
                 is_authorized=is_authorized,
                 func=func,

airflow/providers/fab/www/extensions/init_jinja_globals.py

@@ -18,7 +18,7 @@ from __future__ import annotations
 
 import logging
 
-import pendulum
+from pendulum import local_timezone
 
 import airflow
 from airflow.api_fastapi.app import get_auth_manager
@@ -33,7 +33,10 @@ def init_jinja_globals(app, enable_plugins: bool):
     """Add extra globals variable to Jinja context."""
     server_timezone = conf.get("core", "default_timezone")
     if server_timezone == "system":
-        server_timezone = pendulum.local_timezone().name  # type: ignore[operator]
+        if callable(local_timezone):
+            server_timezone = local_timezone().name
+        else:
+            raise ValueError("`local_timezone` is not callable")
     elif server_timezone == "utc":
         server_timezone = "UTC"