vincbeck commented on code in PR #35488: URL: https://github.com/apache/airflow/pull/35488#discussion_r1383968545
########## airflow/providers/amazon/aws/auth_manager/aws_auth_manager.py: ########## @@ -0,0 +1,140 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +from __future__ import annotations + +import warnings +from functools import cached_property +from typing import TYPE_CHECKING + +from flask import Flask, session, url_for + +from airflow.auth.managers.base_auth_manager import BaseAuthManager, ResourceMethod +from airflow.exceptions import AirflowException +from airflow.providers.amazon.aws.auth_manager.security_manager.aws_security_manager_override import ( + AwsSecurityManagerOverride, +) + +if TYPE_CHECKING: + from airflow.auth.managers.models.base_user import BaseUser + from airflow.auth.managers.models.resource_details import ( + AccessView, + ConfigurationDetails, + ConnectionDetails, + DagAccessEntity, + DagDetails, + DatasetDetails, + PoolDetails, + VariableDetails, + ) + from airflow.providers.amazon.aws.auth_manager.user import AwsAuthManagerUser + from airflow.www.extensions.init_appbuilder import AirflowAppBuilder + + +class AwsAuthManager(BaseAuthManager): + """ + AWS auth manager. + + Leverages AWS services such as Amazon Identity Center and Amazon Verified Permissions to perform + authentication and authorization in Airflow. + + :param app: the flask app + :param appbuilder: the flask app builder + """ + + def __init__(self, app: Flask, appbuilder: AirflowAppBuilder) -> None: + super().__init__(app, appbuilder) + warnings.warn( + "The AWS auth manager is currently being built. It is not finalized. " + "It is not intended to be used yet." + ) + + def get_user_name(self) -> str: + user = self.get_user() + if not user: + self.log.error("Calling 'get_user_name()' but the user is not signed in.") + raise AirflowException("The user must be signed in.") + return user.get_user_name() + + def get_user(self) -> AwsAuthManagerUser | None: + return session["aws_user"] if self.is_logged_in() else None + + def is_logged_in(self) -> bool: + return "aws_user" in session + + def is_authorized_configuration( + self, + *, + method: ResourceMethod, + details: ConfigurationDetails | None = None, + user: BaseUser | None = None, + ) -> bool: + return self.is_logged_in() Review Comment: For now, returns whether the user is logged-in. The actual authorization will be implemented in a separate PR -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
