schwartzmx edited a comment on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-900019441
Thanks for the reply, attaching requested info @thesuperzapper.
`webserver_config.py`
```python
import os
import logging
from flask_appbuilder.security.manager import AUTH_OAUTH
basedir = os.path.abspath(os.path.dirname(__file__))
logger = logging.getLogger(__name__)
GOOGLE_CLIENT_ID = os.getenv('GOOGLE_OAUTH2_CLIENT_ID')
GOOGLE_SECRET = os.getenv('GOOGLE_OAUTH2_SECRET')
ADMIN_EMAILS = os.getenv("WEB_ADMIN_EMAILS", "").split(',')
AUTH_TYPE = AUTH_OAUTH
AUTH_ROLE_ADMIN = 'Admin'
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Admin'
OAUTH_PROVIDERS = [{
'name':'google',
'token_key':'access_token',
'icon':'fa-google',
'remote_app': {
'api_base_url':'https://www.googleapis.com/oauth2/v2/',
'client_kwargs':{
'scope': 'email profile'
},
'access_token_url':'https://accounts.google.com/o/oauth2/token',
'authorize_url':'https://accounts.google.com/o/oauth2/auth',
'request_token_url': None,
'client_id': GOOGLE_CLIENT_ID,
'client_secret': GOOGLE_SECRET,
}
}]
# Custom Security Manager in order to get around the `role_keys` missing
from Google OAuth response
# See: https://github.com/apache/airflow/issues/16783
from airflow.www.security import AirflowSecurityManager
AUTH_ROLES_MAPPING = {
"devs": ["Viewer"],
"admins": ["Admin"]
}
class GoogleAirflowSecurityManager(AirflowSecurityManager):
def oauth_user_info(self, provider, resp):
assert provider == "google", "Google provider is only supported in
this Security Manager"
me = self.appbuilder.sm.oauth_remotes[provider].get("userinfo")
data = me.json()
email = data.get("email", "")
# Maps back to AUTH_ROLES_MAPPING keys
role_keys = ["admins"] if email in ADMIN_EMAILS else ["devs"]
return {
"username": "google_" + data.get("id", ""),
"first_name": data.get("given_name", ""),
"last_name": data.get("family_name", ""),
"email": email,
"role_keys": role_keys
}
SECURITY_MANAGER_CLASS = GoogleAirflowSecurityManager
```
`webserver.log`
Logs right as the login process occurs and directly after as the home page
is rendered
```
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:29 +0000] "GET /airflow/
HTTP/1.1" 302 233 "http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh;
Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:29 +0000] "GET
/airflow/home HTTP/1.1" 302 341 "http://localhost:8080/airflow/home";
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | [2021-08-17 05:46:29,307] {views.py:645} DEBUG -
Provider: None
airflow-webserver_1 | [2021-08-17 05:46:29,307] {views.py:661} DEBUG -
Going to call authorize for: google
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:29 +0000] "GET
/airflow/login/?next=http%3A%2F%2Flocalhost%3A8080%2Fairflow%2Fhome HTTP/1.1"
302 1029 "http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel
Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | [2021-08-17 05:46:32,693] {views.py:694} DEBUG -
Authorized init
airflow-webserver_1 | 127.0.0.1 - - [17/Aug/2021:05:46:33 +0000] "GET
/airflow/health HTTP/1.1" 200 187 "-" "curl/7.64.0"
airflow-webserver_1 | [2021-08-17 05:46:33,530] {views.py:699} DEBUG -
OAUTH Authorized resp: {'access_token': '<redacted>', 'expires_in': 3599,
'scope': 'https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile openid', 'token_type':
'Bearer', 'id_token': '<redacted>', 'expires_at': 1629182792}
airflow-webserver_1 | [2021-08-17 05:46:34,371] {views.py:708} DEBUG - User
info retrieved from google: {'username': '<redacted>', 'first_name':
'<redacted>', 'last_name': '<redacted>', 'email': '<redacted>', 'role_keys':
['admins']}
airflow-webserver_1 | [2021-08-17 05:46:34,371] {views.py:721} DEBUG - No
whitelist for OAuth provider
airflow-webserver_1 | [2021-08-17 05:46:34,378] {manager.py:227} INFO -
Updated user <redacted>
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/oauth-authorized/google?state=<redacted>&code=<redacted>&scope=email%20profile%20openid%20https://www.googleapis.com/auth/userinfo.profile%20https://www.googleapis.com/auth/userinfo.email&authuser=0&hd=<redacted>&prompt=none
HTTP/1.1" 302 275 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/home HTTP/1.1" 200 57650 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/css/bootstrap.min.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/css/font-awesome.min.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/datepicker/bootstrap-datepicker.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/select2/select2.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/css/flags/flags16.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/css/ab.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/dist/airflowDefaultTheme.3e8bda71892b61b62f94.css HTTP/1.1" 304
0 "http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/dist/materialIcons.3221294eb511f43d1b15.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/dist/main.e52cf607b64cdcd15089.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/dist/loadingDots.4033edd9abf2750d6f8f.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/dist/bootstrap-datetimepicker.min.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/dist/switch.e97750fdb7423f33656a.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/dist/dags.6c090f6b27d152c78e7a.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/dist/flash.d205b61edc54ed448412.css HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/js/jquery-latest.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/js/ab_filters.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/js/ab_actions.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/css/bootstrap.min.css.map HTTP/1.1" 404 567 "-"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/js/bootstrap.min.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/select2/select2.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/datepicker/bootstrap-datepicker.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/appbuilder/js/ab.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/dist/moment.c1933ee062e9650051f7.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/dist/main.e52cf607b64cdcd15089.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET
/airflow/static/dist/bootstrap-datetimepicker.min.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "GET
/airflow/static/dist/bootstrap3-typeahead.min.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "GET
/airflow/static/dist/d3.min.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "GET
/airflow/static/dist/dags.6c090f6b27d152c78e7a.js HTTP/1.1" 304 0
"http://localhost:8080/airflow/home"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107
Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST
/airflow/last_dagruns HTTP/1.1" 200 753 "http://localhost:8080/airflow/home";
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST
/airflow/blocked HTTP/1.1" 200 127 "http://localhost:8080/airflow/home";
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST
/airflow/task_stats HTTP/1.1" 200 6723 "http://localhost:8080/airflow/home";
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST
/airflow/dag_stats HTTP/1.1" 200 1804 "http://localhost:8080/airflow/home";
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/92.0.4515.107 Safari/537.36"
```
Additional info:
airflow version: `2.1.2`
python: `python3.8`
airflow.cfg base_url
```
[webserver]
base_url = http://localhost:8080/airflow
```
Google OAuth2 Dashboard configured URIs:
```
Authorized JavaScript origins:
http://localhost:8080
Authorized redirect URIs:
http://localhost:8080/airflow/oauth-authorized/google
```
As the @anmtan said originally,
>The alert is just a false alarm and it only appears at user login.
Refresh of the page removes the banner and the user can carry on, but it's
just something that is odd and would need to be noted to bring up to users.
<img width="1087" alt="image"
src="https://user-images.githubusercontent.com/6064408/129672436-d80eed14-c945-4f1c-ae60-0a14c46de6d0.png";>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
![https://user-images.githubusercontent.com/6064408/129672436-d80eed14-c945-4f1c-ae60-0a14c46de6d0.png"](https://user-images.githubusercontent.com/6064408/129672436-d80eed14-c945-4f1c-ae60-0a14c46de6d0.png"){kind=link}