This is an automated email from the ASF dual-hosted git repository.
vincbeck pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new a6c2f37de2 Remove `default` as auth backend (#43096)
a6c2f37de2 is described below
commit a6c2f37de29c66f377719df0965e49b7d0a63de4
Author: Vincent <[email protected]>
AuthorDate: Fri Oct 18 12:49:00 2024 -0400
Remove `default` as auth backend (#43096)
---
airflow/api/__init__.py | 8 ++-----
airflow/api/auth/backend/default.py | 42 ---------------------------------
airflow/config_templates/config.yml | 5 ++--
airflow/config_templates/unit_tests.cfg | 2 +-
airflow/configuration.py | 10 ++++----
airflow/www/extensions/init_security.py | 8 ++-----
newsfragments/43096.significant.rst | 1 +
tests/core/test_configuration.py | 2 +-
8 files changed, 14 insertions(+), 64 deletions(-)
diff --git a/airflow/api/__init__.py b/airflow/api/__init__.py
index d0613bb651..10c1ce6cea 100644
--- a/airflow/api/__init__.py
+++ b/airflow/api/__init__.py
@@ -23,18 +23,14 @@ import logging
from importlib import import_module
from airflow.configuration import conf
-from airflow.exceptions import AirflowConfigException, AirflowException
+from airflow.exceptions import AirflowException
log = logging.getLogger(__name__)
def load_auth():
"""Load authentication backends."""
- auth_backends = "airflow.api.auth.backend.default"
- try:
- auth_backends = conf.get("api", "auth_backends")
- except AirflowConfigException:
- pass
+ auth_backends = conf.get("api", "auth_backends")
backends = []
try:
diff --git a/airflow/api/auth/backend/default.py
b/airflow/api/auth/backend/default.py
deleted file mode 100644
index afe2c88f35..0000000000
--- a/airflow/api/auth/backend/default.py
+++ /dev/null
@@ -1,42 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-"""Default authentication backend - everything is allowed."""
-
-from __future__ import annotations
-
-from functools import wraps
-from typing import Any, Callable, TypeVar, cast
-
-CLIENT_AUTH: tuple[str, str] | Any | None = None
-
-
-def init_app(_):
- """Initialize authentication backend."""
-
-
-T = TypeVar("T", bound=Callable)
-
-
-def requires_authentication(function: T):
- """Decorate functions that require authentication."""
-
- @wraps(function)
- def decorated(*args, **kwargs):
- return function(*args, **kwargs)
-
- return cast(T, decorated)
diff --git a/airflow/config_templates/config.yml
b/airflow/config_templates/config.yml
index 0be77a3b68..b7c810cfe5 100644
--- a/airflow/config_templates/config.yml
+++ b/airflow/config_templates/config.yml
@@ -1377,12 +1377,11 @@ api:
description: |
Comma separated list of auth backends to authenticate users of the
API. See
`Security: API
-
<https://airflow.apache.org/docs/apache-airflow/stable/security/api.html>`__
for possible values.
- ("airflow.api.auth.backend.default" allows all requests for historic
reasons)
+
<https://airflow.apache.org/docs/apache-airflow/stable/security/api.html>`__
for possible values
version_added: 2.3.0
type: string
example: ~
- default: "airflow.api.auth.backend.session"
+ default: "airflow.providers.fab.auth_manager.api.auth.backend.session"
maximum_page_limit:
description: |
Used to set the maximum page limit for API requests. If limit passed
as param
diff --git a/airflow/config_templates/unit_tests.cfg
b/airflow/config_templates/unit_tests.cfg
index 27134c7218..b29c642afe 100644
--- a/airflow/config_templates/unit_tests.cfg
+++ b/airflow/config_templates/unit_tests.cfg
@@ -71,7 +71,7 @@ celery_logging_level = INFO
smtp_mail_from = [email protected]
[api]
-auth_backends = airflow.api.auth.backend.default
+auth_backends = airflow.providers.fab.auth_manager.api.auth.backend.session
[hive]
# Hive uses the configuration below to run the tests
diff --git a/airflow/configuration.py b/airflow/configuration.py
index 81dc183653..e59b5b5e9e 100644
--- a/airflow/configuration.py
+++ b/airflow/configuration.py
@@ -670,11 +670,11 @@ class AirflowConfigParser(ConfigParser):
This is required by the UI for ajax queries.
"""
old_value = self.get("api", "auth_backends", fallback="")
- if old_value in ("airflow.api.auth.backend.default", ""):
- # handled by deprecated_values
- pass
- elif old_value.find("airflow.api.auth.backend.session") == -1:
- new_value = old_value + ",airflow.api.auth.backend.session"
+ if (
+ old_value.find("airflow.api.auth.backend.session") == -1
+ and
old_value.find("airflow.providers.fab.auth_manager.api.auth.backend.session")
== -1
+ ):
+ new_value = old_value +
",airflow.providers.fab.auth_manager.api.auth.backend.session"
self._update_env_var(section="api", name="auth_backends",
new_value=new_value)
self.upgraded_values[("api", "auth_backends")] = old_value
diff --git a/airflow/www/extensions/init_security.py
b/airflow/www/extensions/init_security.py
index 28e96a06ca..76b2944c47 100644
--- a/airflow/www/extensions/init_security.py
+++ b/airflow/www/extensions/init_security.py
@@ -20,7 +20,7 @@ import logging
from importlib import import_module
from airflow.configuration import conf
-from airflow.exceptions import AirflowConfigException, AirflowException
+from airflow.exceptions import AirflowException
log = logging.getLogger(__name__)
@@ -46,11 +46,7 @@ def init_xframe_protection(app):
def init_api_auth(app):
"""Load authentication backends."""
- auth_backends = "airflow.api.auth.backend.default"
- try:
- auth_backends = conf.get("api", "auth_backends")
- except AirflowConfigException:
- pass
+ auth_backends = conf.get("api", "auth_backends")
app.api_auth = []
try:
diff --git a/newsfragments/43096.significant.rst
b/newsfragments/43096.significant.rst
new file mode 100644
index 0000000000..b252e39916
--- /dev/null
+++ b/newsfragments/43096.significant.rst
@@ -0,0 +1 @@
+Removed auth backend ``airflow.api.auth.backend.default``
diff --git a/tests/core/test_configuration.py b/tests/core/test_configuration.py
index 20109c6cd2..096b55e0f8 100644
--- a/tests/core/test_configuration.py
+++ b/tests/core/test_configuration.py
@@ -664,7 +664,7 @@ AIRFLOW_HOME = /root/airflow
test_conf.validate()
assert (
test_conf.get("api", "auth_backends")
- ==
"airflow.providers.fab.auth_manager.api.auth.backend.basic_auth,airflow.api.auth.backend.session"
+ ==
"airflow.providers.fab.auth_manager.api.auth.backend.basic_auth,airflow.providers.fab.auth_manager.api.auth.backend.session"
)
def test_command_from_env(self):
