nicolamarangoni commented on PR #36538:
URL: https://github.com/apache/airflow/pull/36538#issuecomment-1884285472
This code trigger exactly the error `Your CUSTOM_SECURITY_MANAGER must
extend FabAirflowSecurityManagerOverride, not FAB's own security manager.`
```
"""Default configuration for the Airflow webserver"""
import os
from flask_appbuilder.security.manager import AUTH_OAUTH
from airflow.auth.managers.fab.security_manager.override import (
FabAirflowSecurityManagerOverride,
)
class AzureCustomSecurity(FabAirflowSecurityManagerOverride):
"""Custom security class"""
MANDANTID = os.environ.get("MANDANTID")
CLIENTID = os.environ.get("CLIENTID")
CLIENTSECRET = os.environ.get("CLIENTSECRET")
AUTH_TYPE = AUTH_OAUTH
AUTH_ROLES_SYNC_AT_LOGIN = True
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Public"
AUTH_ROLES_MAPPING = {
"airflow_admin": ["Admin"],
"airflow_user": ["User"],
"airflow_viewer": ["Viewer"],
}
OAUTH_PROVIDERS = [
{
"name": "azure",
"icon": "fa-windows",
"token_key": "access_token",
"remote_app": {
"client_secret": CLIENTSECRET,
"client_id": CLIENTID,
"api_base_url":
f"https://login.microsoftonline.com/{MANDANTID}/";,
"client_kwargs": {
"scope": "openid",
"resource": CLIENTID,
},
"request_token_url": None,
"access_token_url":
f"https://login.microsoftonline.com/{MANDANTID}/oauth2/v2.0/token/";,
"authorize_url":
f"https://login.microsoftonline.com/{MANDANTID}/oauth2/v2.0/authorize/";,
"jwks_uri":
"https://login.microsoftonline.com/common/discovery/v2.0/keys/";,
},
}
]
SECURITY_MANAGER_CLASS = AzureCustomSecurity # pylint: disable=invalid-name
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
