This is an automated email from the ASF dual-hosted git repository.
vincbeck pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 357355ac09 Remove `is_authorized_cluster_activity` from auth manager
(#36175)
357355ac09 is described below
commit 357355ac09b4741d621a5408d859b697a07b3ceb
Author: Vincent <[email protected]>
AuthorDate: Mon Dec 11 16:41:48 2023 -0500
Remove `is_authorized_cluster_activity` from auth manager (#36175)
---
airflow/auth/managers/base_auth_manager.py | 14 --------------
.../providers/amazon/aws/auth_manager/aws_auth_manager.py | 3 ---
airflow/providers/fab/auth_manager/fab_auth_manager.py | 3 ---
airflow/www/auth.py | 4 ----
airflow/www/views.py | 4 ++--
tests/auth/managers/test_base_auth_manager.py | 3 ---
tests/providers/fab/auth_manager/test_fab_auth_manager.py | 2 --
tests/www/test_auth.py | 1 -
8 files changed, 2 insertions(+), 32 deletions(-)
diff --git a/airflow/auth/managers/base_auth_manager.py
b/airflow/auth/managers/base_auth_manager.py
index f50e40082b..fb57c984d5 100644
--- a/airflow/auth/managers/base_auth_manager.py
+++ b/airflow/auth/managers/base_auth_manager.py
@@ -134,20 +134,6 @@ class BaseAuthManager(LoggingMixin):
:param user: the user to perform the action on. If not provided (or
None), it uses the current user
"""
- @abstractmethod
- def is_authorized_cluster_activity(
- self,
- *,
- method: ResourceMethod,
- user: BaseUser | None = None,
- ) -> bool:
- """
- Return whether the user is authorized to perform a given action on the
cluster activity.
-
- :param method: the method to perform
- :param user: the user to perform the action on. If not provided (or
None), it uses the current user
- """
-
@abstractmethod
def is_authorized_connection(
self,
diff --git a/airflow/providers/amazon/aws/auth_manager/aws_auth_manager.py
b/airflow/providers/amazon/aws/auth_manager/aws_auth_manager.py
index 99b6d4f70c..20234f5f2b 100644
--- a/airflow/providers/amazon/aws/auth_manager/aws_auth_manager.py
+++ b/airflow/providers/amazon/aws/auth_manager/aws_auth_manager.py
@@ -99,9 +99,6 @@ class AwsAuthManager(BaseAuthManager):
entity_id=config_section,
)
- def is_authorized_cluster_activity(self, *, method: ResourceMethod, user:
BaseUser | None = None) -> bool:
- return self.is_logged_in()
-
def is_authorized_connection(
self,
*,
diff --git a/airflow/providers/fab/auth_manager/fab_auth_manager.py
b/airflow/providers/fab/auth_manager/fab_auth_manager.py
index cc9c590db4..3f160da497 100644
--- a/airflow/providers/fab/auth_manager/fab_auth_manager.py
+++ b/airflow/providers/fab/auth_manager/fab_auth_manager.py
@@ -193,9 +193,6 @@ class FabAuthManager(BaseAuthManager):
) -> bool:
return self._is_authorized(method=method,
resource_type=RESOURCE_CONFIG, user=user)
- def is_authorized_cluster_activity(self, *, method: ResourceMethod, user:
BaseUser | None = None) -> bool:
- return self._is_authorized(method=method,
resource_type=RESOURCE_CLUSTER_ACTIVITY, user=user)
-
def is_authorized_connection(
self,
*,
diff --git a/airflow/www/auth.py b/airflow/www/auth.py
index 8519fc8153..5aaf5913db 100644
--- a/airflow/www/auth.py
+++ b/airflow/www/auth.py
@@ -182,10 +182,6 @@ def _has_access(*, is_authorized: bool, func: Callable,
args, kwargs):
return redirect(get_auth_manager().get_url_login(next=request.url))
-def has_access_cluster_activity(method: ResourceMethod) -> Callable[[T], T]:
- return _has_access_no_details(lambda:
get_auth_manager().is_authorized_cluster_activity(method=method))
-
-
def has_access_configuration(method: ResourceMethod) -> Callable[[T], T]:
return _has_access_no_details(lambda:
get_auth_manager().is_authorized_configuration(method=method))
diff --git a/airflow/www/views.py b/airflow/www/views.py
index f51fbb9e79..8fef6aea58 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -1055,7 +1055,7 @@ class Airflow(AirflowBaseView):
)
@expose("/cluster_activity")
- @auth.has_access_cluster_activity("GET")
+ @auth.has_access_view(AccessView.CLUSTER_ACTIVITY)
def cluster_activity(self):
"""Cluster Activity view."""
state_color_mapping = State.state_color.copy()
@@ -3556,7 +3556,7 @@ class Airflow(AirflowBaseView):
)
@expose("/object/historical_metrics_data")
- @auth.has_access_cluster_activity("GET")
+ @auth.has_access_view(AccessView.CLUSTER_ACTIVITY)
def historical_metrics_data(self):
"""Return cluster activity historical metrics."""
start_date = _safe_parse_datetime(request.args.get("start_date"))
diff --git a/tests/auth/managers/test_base_auth_manager.py
b/tests/auth/managers/test_base_auth_manager.py
index 832ae50d2a..6655c01132 100644
--- a/tests/auth/managers/test_base_auth_manager.py
+++ b/tests/auth/managers/test_base_auth_manager.py
@@ -57,9 +57,6 @@ class EmptyAuthManager(BaseAuthManager):
) -> bool:
raise NotImplementedError()
- def is_authorized_cluster_activity(self, *, method: ResourceMethod, user:
BaseUser | None = None) -> bool:
- raise NotImplementedError()
-
def is_authorized_connection(
self,
*,
diff --git a/tests/providers/fab/auth_manager/test_fab_auth_manager.py
b/tests/providers/fab/auth_manager/test_fab_auth_manager.py
index 12aaeb0488..e4c5745536 100644
--- a/tests/providers/fab/auth_manager/test_fab_auth_manager.py
+++ b/tests/providers/fab/auth_manager/test_fab_auth_manager.py
@@ -34,7 +34,6 @@ from airflow.security.permissions import (
ACTION_CAN_DELETE,
ACTION_CAN_EDIT,
ACTION_CAN_READ,
- RESOURCE_CLUSTER_ACTIVITY,
RESOURCE_CONFIG,
RESOURCE_CONNECTION,
RESOURCE_DAG,
@@ -52,7 +51,6 @@ from airflow.www.extensions.init_appbuilder import
init_appbuilder
IS_AUTHORIZED_METHODS_SIMPLE = {
"is_authorized_configuration": RESOURCE_CONFIG,
- "is_authorized_cluster_activity": RESOURCE_CLUSTER_ACTIVITY,
"is_authorized_connection": RESOURCE_CONNECTION,
"is_authorized_dataset": RESOURCE_DATASET,
"is_authorized_variable": RESOURCE_VARIABLE,
diff --git a/tests/www/test_auth.py b/tests/www/test_auth.py
index a85fa9803d..bd2e963f86 100644
--- a/tests/www/test_auth.py
+++ b/tests/www/test_auth.py
@@ -45,7 +45,6 @@ class TestHasAccessDecorator:
@pytest.mark.parametrize(
"decorator_name, is_authorized_method_name",
[
- ("has_access_cluster_activity", "is_authorized_cluster_activity"),
("has_access_configuration", "is_authorized_configuration"),
("has_access_dataset", "is_authorized_dataset"),
("has_access_view", "is_authorized_view"),