(airflow) branch main updated: Remove `is_authorized_cluster_activity` from auth manager (#36175)

Mon, 11 Dec 2023 13:42:06 -0800 

This is an automated email from the ASF dual-hosted git repository.

vincbeck pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 357355ac09 Remove `is_authorized_cluster_activity` from auth manager 
(#36175)
357355ac09 is described below

commit 357355ac09b4741d621a5408d859b697a07b3ceb
Author: Vincent <[email protected]>
AuthorDate: Mon Dec 11 16:41:48 2023 -0500

    Remove `is_authorized_cluster_activity` from auth manager (#36175)
---
 airflow/auth/managers/base_auth_manager.py                 | 14 --------------
 .../providers/amazon/aws/auth_manager/aws_auth_manager.py  |  3 ---
 airflow/providers/fab/auth_manager/fab_auth_manager.py     |  3 ---
 airflow/www/auth.py                                        |  4 ----
 airflow/www/views.py                                       |  4 ++--
 tests/auth/managers/test_base_auth_manager.py              |  3 ---
 tests/providers/fab/auth_manager/test_fab_auth_manager.py  |  2 --
 tests/www/test_auth.py                                     |  1 -
 8 files changed, 2 insertions(+), 32 deletions(-)

diff --git a/airflow/auth/managers/base_auth_manager.py 
b/airflow/auth/managers/base_auth_manager.py
index f50e40082b..fb57c984d5 100644
--- a/airflow/auth/managers/base_auth_manager.py
+++ b/airflow/auth/managers/base_auth_manager.py
@@ -134,20 +134,6 @@ class BaseAuthManager(LoggingMixin):
         :param user: the user to perform the action on. If not provided (or 
None), it uses the current user
         """
 
-    @abstractmethod
-    def is_authorized_cluster_activity(
-        self,
-        *,
-        method: ResourceMethod,
-        user: BaseUser | None = None,
-    ) -> bool:
-        """
-        Return whether the user is authorized to perform a given action on the 
cluster activity.
-
-        :param method: the method to perform
-        :param user: the user to perform the action on. If not provided (or 
None), it uses the current user
-        """
-
     @abstractmethod
     def is_authorized_connection(
         self,
diff --git a/airflow/providers/amazon/aws/auth_manager/aws_auth_manager.py 
b/airflow/providers/amazon/aws/auth_manager/aws_auth_manager.py
index 99b6d4f70c..20234f5f2b 100644
--- a/airflow/providers/amazon/aws/auth_manager/aws_auth_manager.py
+++ b/airflow/providers/amazon/aws/auth_manager/aws_auth_manager.py
@@ -99,9 +99,6 @@ class AwsAuthManager(BaseAuthManager):
             entity_id=config_section,
         )
 
-    def is_authorized_cluster_activity(self, *, method: ResourceMethod, user: 
BaseUser | None = None) -> bool:
-        return self.is_logged_in()
-
     def is_authorized_connection(
         self,
         *,
diff --git a/airflow/providers/fab/auth_manager/fab_auth_manager.py 
b/airflow/providers/fab/auth_manager/fab_auth_manager.py
index cc9c590db4..3f160da497 100644
--- a/airflow/providers/fab/auth_manager/fab_auth_manager.py
+++ b/airflow/providers/fab/auth_manager/fab_auth_manager.py
@@ -193,9 +193,6 @@ class FabAuthManager(BaseAuthManager):
     ) -> bool:
         return self._is_authorized(method=method, 
resource_type=RESOURCE_CONFIG, user=user)
 
-    def is_authorized_cluster_activity(self, *, method: ResourceMethod, user: 
BaseUser | None = None) -> bool:
-        return self._is_authorized(method=method, 
resource_type=RESOURCE_CLUSTER_ACTIVITY, user=user)
-
     def is_authorized_connection(
         self,
         *,
diff --git a/airflow/www/auth.py b/airflow/www/auth.py
index 8519fc8153..5aaf5913db 100644
--- a/airflow/www/auth.py
+++ b/airflow/www/auth.py
@@ -182,10 +182,6 @@ def _has_access(*, is_authorized: bool, func: Callable, 
args, kwargs):
     return redirect(get_auth_manager().get_url_login(next=request.url))
 
 
-def has_access_cluster_activity(method: ResourceMethod) -> Callable[[T], T]:
-    return _has_access_no_details(lambda: 
get_auth_manager().is_authorized_cluster_activity(method=method))
-
-
 def has_access_configuration(method: ResourceMethod) -> Callable[[T], T]:
     return _has_access_no_details(lambda: 
get_auth_manager().is_authorized_configuration(method=method))
 
diff --git a/airflow/www/views.py b/airflow/www/views.py
index f51fbb9e79..8fef6aea58 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -1055,7 +1055,7 @@ class Airflow(AirflowBaseView):
         )
 
     @expose("/cluster_activity")
-    @auth.has_access_cluster_activity("GET")
+    @auth.has_access_view(AccessView.CLUSTER_ACTIVITY)
     def cluster_activity(self):
         """Cluster Activity view."""
         state_color_mapping = State.state_color.copy()
@@ -3556,7 +3556,7 @@ class Airflow(AirflowBaseView):
         )
 
     @expose("/object/historical_metrics_data")
-    @auth.has_access_cluster_activity("GET")
+    @auth.has_access_view(AccessView.CLUSTER_ACTIVITY)
     def historical_metrics_data(self):
         """Return cluster activity historical metrics."""
         start_date = _safe_parse_datetime(request.args.get("start_date"))
diff --git a/tests/auth/managers/test_base_auth_manager.py 
b/tests/auth/managers/test_base_auth_manager.py
index 832ae50d2a..6655c01132 100644
--- a/tests/auth/managers/test_base_auth_manager.py
+++ b/tests/auth/managers/test_base_auth_manager.py
@@ -57,9 +57,6 @@ class EmptyAuthManager(BaseAuthManager):
     ) -> bool:
         raise NotImplementedError()
 
-    def is_authorized_cluster_activity(self, *, method: ResourceMethod, user: 
BaseUser | None = None) -> bool:
-        raise NotImplementedError()
-
     def is_authorized_connection(
         self,
         *,
diff --git a/tests/providers/fab/auth_manager/test_fab_auth_manager.py 
b/tests/providers/fab/auth_manager/test_fab_auth_manager.py
index 12aaeb0488..e4c5745536 100644
--- a/tests/providers/fab/auth_manager/test_fab_auth_manager.py
+++ b/tests/providers/fab/auth_manager/test_fab_auth_manager.py
@@ -34,7 +34,6 @@ from airflow.security.permissions import (
     ACTION_CAN_DELETE,
     ACTION_CAN_EDIT,
     ACTION_CAN_READ,
-    RESOURCE_CLUSTER_ACTIVITY,
     RESOURCE_CONFIG,
     RESOURCE_CONNECTION,
     RESOURCE_DAG,
@@ -52,7 +51,6 @@ from airflow.www.extensions.init_appbuilder import 
init_appbuilder
 
 IS_AUTHORIZED_METHODS_SIMPLE = {
     "is_authorized_configuration": RESOURCE_CONFIG,
-    "is_authorized_cluster_activity": RESOURCE_CLUSTER_ACTIVITY,
     "is_authorized_connection": RESOURCE_CONNECTION,
     "is_authorized_dataset": RESOURCE_DATASET,
     "is_authorized_variable": RESOURCE_VARIABLE,
diff --git a/tests/www/test_auth.py b/tests/www/test_auth.py
index a85fa9803d..bd2e963f86 100644
--- a/tests/www/test_auth.py
+++ b/tests/www/test_auth.py
@@ -45,7 +45,6 @@ class TestHasAccessDecorator:
 @pytest.mark.parametrize(
     "decorator_name, is_authorized_method_name",
     [
-        ("has_access_cluster_activity", "is_authorized_cluster_activity"),
         ("has_access_configuration", "is_authorized_configuration"),
         ("has_access_dataset", "is_authorized_dataset"),
         ("has_access_view", "is_authorized_view"),

Reply via email to