This is an automated email from the ASF dual-hosted git repository. ephraimanierobi pushed a commit to branch v2-7-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit b501446a2db1c474f5a303b3ea6897da3a60bf77 Author: slmg <[email protected]> AuthorDate: Tue Aug 8 08:00:12 2023 +0100 Pass app context to webserver_config.py (#32759) (cherry picked from commit 7847b6ead3c039726bb82e0de3a39e5ef5eb00aa) --- airflow/www/app.py | 4 +++- docs/apache-airflow/howto/set-config.rst | 12 ++++++++++++ docs/apache-airflow/security/webserver.rst | 27 +++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/airflow/www/app.py b/airflow/www/app.py index fd60bbfc61..9ac01ef5b5 100644 --- a/airflow/www/app.py +++ b/airflow/www/app.py @@ -83,7 +83,9 @@ def create_app(config=None, testing=False): flask_app.config["PERMANENT_SESSION_LIFETIME"] = timedelta(minutes=settings.get_session_lifetime_config()) webserver_config = conf.get_mandatory_value("webserver", "config_file") - flask_app.config.from_pyfile(webserver_config, silent=True) + # Enable customizations in webserver_config.py to be applied via Flask.current_app. + with flask_app.app_context(): + flask_app.config.from_pyfile(webserver_config, silent=True) flask_app.config["TESTING"] = testing flask_app.config["SQLALCHEMY_DATABASE_URI"] = conf.get("database", "SQL_ALCHEMY_CONN") diff --git a/docs/apache-airflow/howto/set-config.rst b/docs/apache-airflow/howto/set-config.rst index 14da8198d5..1e0679c886 100644 --- a/docs/apache-airflow/howto/set-config.rst +++ b/docs/apache-airflow/howto/set-config.rst @@ -178,3 +178,15 @@ and add any extra settings however by adding flask configuration to ``webserver_ For example if you would like to change rate limit strategy to "moving window", you can set the ``RATELIMIT_STRATEGY`` to ``moving-window``. + +You could also enhance / modify the underlying flask app directly, +as the `app context <https://flask.palletsprojects.com/en/2.3.x/appcontext/>`_ is pushed to ``webserver_config.py``: + +.. code-block:: python + + from flask import current_app as app + + + @app.before_request + def print_custom_message() -> None: + print("Executing before every request") diff --git a/docs/apache-airflow/security/webserver.rst b/docs/apache-airflow/security/webserver.rst index 71ad85fb3a..2862f7073a 100644 --- a/docs/apache-airflow/security/webserver.rst +++ b/docs/apache-airflow/security/webserver.rst @@ -104,6 +104,33 @@ with the following entry in the ``$AIRFLOW_HOME/webserver_config.py``. AUTH_TYPE = AUTH_DB +A WSGI middleware could be used to manage very specific forms of authentication +(e.g. `SPNEGO <https://www.ibm.com/docs/en/was-liberty/core?topic=authentication-single-sign-http-requests-using-spnego-web>`_) +and leverage the REMOTE_USER method: + +.. code-block:: python + + from typing import Any, Callable + + from flask import current_app + from airflow.www.fab_security.manager import AUTH_REMOTE_USER + + + class CustomMiddleware: + def __init__(self, wsgi_app: Callable) -> None: + self.wsgi_app = wsgi_app + + def __call__(self, environ: dict, start_response: Callable) -> Any: + # Custom authenticating logic here + # ... + environ["REMOTE_USER"] = "username" + return self.wsgi_app(environ, start_response) + + + current_app.wsgi_app = CustomMiddleware(current_app.wsgi_app) + + AUTH_TYPE = AUTH_REMOTE_USER + Another way to create users is in the UI login page, allowing user self registration through a "Register" button. The following entries in the ``$AIRFLOW_HOME/webserver_config.py`` can be edited to make it possible:
