[GitHub] [airflow] nikiit007 opened a new issue #17725: Airflow 2.0.2 Github Enterprise OAuth giving 404 error

Thu, 19 Aug 2021 05:48:22 -0700 


nikiit007 opened a new issue #17725:
URL: https://github.com/apache/airflow/issues/17725


   
   **Apache Airflow version:**
   _2.0.2_
   **OS:**
    _PRETTY_NAME="Debian GNU/Linux 10 (buster)"
   NAME="Debian GNU/Linux"
   VERSION_ID="10"
   VERSION="10 (buster)"
   VERSION_CODENAME=buster
   ID=debian_
   **Apache Airflow Provider versions:**
   _apache-airflow-providers-amazon==1.3.0
   apache-airflow-providers-celery==1.0.1
   apache-airflow-providers-cncf-kubernetes==1.1.0
   apache-airflow-providers-docker==1.1.0
   apache-airflow-providers-elasticsearch==1.0.3
   apache-airflow-providers-ftp==1.0.1
   apache-airflow-providers-google==3.0.0
   apache-airflow-providers-grpc==1.1.0
   apache-airflow-providers-hashicorp==1.0.2
   apache-airflow-providers-http==1.1.1
   apache-airflow-providers-imap==1.0.1
   apache-airflow-providers-microsoft-azure==1.3.0
   apache-airflow-providers-mysql==1.1.0
   apache-airflow-providers-postgres==1.0.1
   apache-airflow-providers-redis==1.0.1
   apache-airflow-providers-sendgrid==1.0.2
   apache-airflow-providers-sftp==1.1.1
   apache-airflow-providers-slack==3.0.0
   apache-airflow-providers-sqlite==1.0.2
   apache-airflow-providers-ssh==1.3.0_
   
   **Deployment:**
   Helm Chart : 8.3.0
   https://artifacthub.io/packages/helm/airflow-helm/airflow/8.3.0
   
   **Please include your deployment tools and versions:**
   HELM
   Kubernetes:
   Kubectl version-
   Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.3", 
GitCommit:"2d3c76f9091b6bec110a5e63777c332469e0cba2", GitTreeState:"clean", 
BuildDate:"2019-08-19T11:13:54Z", GoVersion:"go1.12.9", Compiler:"gc", 
Platform:"linux/amd64"}
   Server Version: version.Info{Major:"1", Minor:"18+", 
GitVersion:"v1.18.20-gke.900", 
GitCommit:"1facb91642e16cb4f5be4e4a632c488aa4700382", GitTreeState:"clean", 
BuildDate:"2021-06-28T09:19:58Z", GoVersion:"go1.13.15b4", Compiler:"gc", 
Platform:"linux/amd64"}
   
   **What happened? :**
   Enabled Github Enterprise authentication in WebServer_config.py. Here is 
what happening in browser:
   Airflow Home Page -> login page> OAuth provider login page -> Successful 
login -> Redirecting to following page and getting 404
   
   
https://<ghe_url>/oauth/authorize?response_type=code&client_id=xxxx&redirect_uri=http%3A%2F%2F<airflow_url>%2Foauth-authorized%2Fgithub&scope=user&state=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuZXh0IjpbImh0dHA6Ly9haXJmbG93LWNsZWFucm9vbS1pbnQubmJjdS1kcy1zdGFibGUtaW50LmRldi5uYmN1cGVhLnVzLXdlc3QyLm1nbXQtZ2NwLmdlb290dC5jb20vaG9tZSJdfQ.pGKpkTZzcs5OZU7ax3fiyufSuIii0iU9yeYFPY9DOOI
   
   **In the github Oauth app the authorization callback url is : 
<airflow_url>/oauth-authorized/github**
   
   In the airflow-artifacthub-github.yaml.jinja2 which is template for 
deployment in our cluster, we have added the following :
   `    {% if enable_oauth == true %}
        web:
        extraPipPackages:
                ## the following configs require Flask-AppBuilder 3.2.0 (or 
later)
                - "Flask-AppBuilder~=3.2.0"
                ## the following configs require Authlib
                - "Authlib~=0.15.3"
                
        webserverConfig:
                stringOverride: |-
                from airflow import configuration as conf
                from flask_appbuilder.security.manager import AUTH_OAUTH
                SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
        
                AUTH_TYPE = AUTH_OAUTH
                
                # registration configs
                AUTH_USER_REGISTRATION = True  # allow users who are not 
already in the FAB DB
                AUTH_USER_REGISTRATION_ROLE = "Public"  # this role will be 
given in addition to any AUTH_ROLES_MAPPING
                OAUTH_PROVIDERS = [{
                        'name':'github',
                        'token_key':'access_token',
                        'icon':'fa-github',
                                'remote_app': {
                                        
'api_base_url':'https://<ghe_url>/api/v3/users',
                                        'client_kwargs' : { 'scope' : 'user'},
                                        'access_token_url':'https:// 
<ghe_url>/login/oauth/access_token',
                                        'authorize_url':'https:// 
<ghe_url>/oauth/authorize',
                                        'request_token_url': None,
                                        'client_id': 'xxxx',  
                                        'client_secret': 'xxxx'
                                }
                }] 
        {% endif %}
        webserver:
        service:
                type: NodePort
        authenticate: false
        
        {% if enable_oauth == true %}
                # Github Enterprise OAuth
                AIRFLOW__WEBSERVER__AUTHENTICATE: "True"
                AIRFLOW__WEBSERVER__AUTH_BACKEND: 
"airflow.contrib.auth.backends.github_enterprise_auth"
                AIRFLOW__GITHUB_ENTERPRISE__HOST: "<ghe_url>"
                AIRFLOW__GITHUB_ENTERPRISE__OAUTH_CALLBACK_ROUTE: 
"/oauth-authorized/github"
        {% else %}
                AIRFLOW__WEBSERVER__AUTHENTICATE: "False"
                AIRFLOW__WEBSERVER__AUTH_BACKEND: 
"airflow.api.auth.backend.default"
        {% endif %}
   `
   What you expected to happen:
   Successful login after authentication
   
   What do you think went wrong? 
   Not sure 
   
   How often does this problem occur? Once? Every time etc?
   Every time
   -->
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to