vincbeck commented on code in PR #47043:
URL: https://github.com/apache/airflow/pull/47043#discussion_r1977662852
##########
providers/fab/docs/auth-manager/api-authentication.rst:
##########
@@ -45,6 +45,36 @@ command as in the example below.
$ airflow config get-value api auth_backends
airflow.providers.fab.auth_manager.api.auth.backend.basic_auth
+.. versionchanged:: 3.0.0
+
+ In Airflow <3.0.0, the default setting is using token based authentication.
Review Comment:
```suggestion
In Airflow >= 3.0.0, the default setting is using token based
authentication.
```
Also, I am wondering if we should mention the Airflow version since the
current FAB version will only be compatible with Airflow 3
##########
providers/fab/docs/auth-manager/api-authentication.rst:
##########
@@ -45,6 +45,36 @@ command as in the example below.
$ airflow config get-value api auth_backends
airflow.providers.fab.auth_manager.api.auth.backend.basic_auth
+.. versionchanged:: 3.0.0
+
+ In Airflow <3.0.0, the default setting is using token based authentication.
+ This approach is independent from which ``auth_backend`` is used.
+ The default setting is using API to create a token (JWT) first and use
this token in the requests to access the API.
+
+
+Token based authentication
Review Comment:
```suggestion
JWT Token based authentication
```
##########
providers/fab/docs/auth-manager/api-authentication.rst:
##########
@@ -45,6 +45,36 @@ command as in the example below.
$ airflow config get-value api auth_backends
airflow.providers.fab.auth_manager.api.auth.backend.basic_auth
+.. versionchanged:: 3.0.0
+
+ In Airflow <3.0.0, the default setting is using token based authentication.
+ This approach is independent from which ``auth_backend`` is used.
+ The default setting is using API to create a token (JWT) first and use
this token in the requests to access the API.
+
+
+Token based authentication
+''''''''''''''''''''''''''
+The token based authentication is the default setting for the API.
Review Comment:
```suggestion
The JWT token based authentication is the default setting for the API.
```
##########
providers/fab/docs/auth-manager/api-authentication.rst:
##########
@@ -45,6 +45,36 @@ command as in the example below.
$ airflow config get-value api auth_backends
airflow.providers.fab.auth_manager.api.auth.backend.basic_auth
+.. versionchanged:: 3.0.0
+
+ In Airflow <3.0.0, the default setting is using token based authentication.
+ This approach is independent from which ``auth_backend`` is used.
+ The default setting is using API to create a token (JWT) first and use
this token in the requests to access the API.
+
+
+Token based authentication
+''''''''''''''''''''''''''
+The token based authentication is the default setting for the API.
+To be able to use the API, you need to create a token first and use this token
in the requests to access the API.
Review Comment:
```suggestion
To be able to use the Airflow public API, you need to create a token first
and use this token in the requests to access the API.
```
##########
providers/fab/tests/unit/fab/auth_manager/api_fastapi/routes/test_login.py:
##########
@@ -0,0 +1,51 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from __future__ import annotations
+
+from unittest.mock import patch
+
+import pytest
+
+from airflow.providers.fab.auth_manager.api_fastapi.datamodels.login import
LoginBody, LoginResponse
+
+
[email protected]_test
+class TestLogin:
+ dummy_login_body = LoginBody(username="dummy", password="dummy")
+
+
@patch("airflow.providers.fab.auth_manager.api_fastapi.routes.login.FABAuthManagerLogin")
+ def test_create_token(self, mock_fab_auth_manager_login, test_client):
+ mock_fab_auth_manager_login.create_token.return_value =
LoginResponse(jwt_token="DUMMY_TOKEN")
+
+ response = test_client.post(
+ "/token",
+ json=self.dummy_login_body.model_dump(),
+ )
+ assert response.status_code == 201
+ assert response.json()["jwt_token"]
+
+
@patch("airflow.providers.fab.auth_manager.api_fastapi.routes.login.FABAuthManagerLogin")
+ def test_create_token_cli(self, mock_fab_auth_manager_login, test_client):
+ mock_fab_auth_manager_login.create_token.return_value =
LoginResponse(jwt_token="DUMMY_TOKEN")
+
+ response = test_client.post(
+ "/token/cli",
+ json=self.dummy_login_body.model_dump(),
+ )
+ assert response.status_code == 201
+ assert response.json()["jwt_token"]
Review Comment:
```suggestion
assert response.json()["jwt_token"] == "DUMMY_TOKEN"
```
##########
providers/fab/docs/auth-manager/api-authentication.rst:
##########
@@ -45,6 +45,36 @@ command as in the example below.
$ airflow config get-value api auth_backends
airflow.providers.fab.auth_manager.api.auth.backend.basic_auth
+.. versionchanged:: 3.0.0
+
+ In Airflow <3.0.0, the default setting is using token based authentication.
+ This approach is independent from which ``auth_backend`` is used.
+ The default setting is using API to create a token (JWT) first and use
this token in the requests to access the API.
+
+
+Token based authentication
+''''''''''''''''''''''''''
+The token based authentication is the default setting for the API.
+To be able to use the API, you need to create a token first and use this token
in the requests to access the API.
+
+Endpoints are populated under ``/auth`` path. These endpoints are mounted to
the Airflow API.
+You should use your username and password, as seen in the example below.
+The token is valid for seconds in ``auth_jwt_expiration_time`` which can be
set from ``airflow.cfg``.
Review Comment:
```suggestion
The token is valid for seconds defined in ``auth_jwt_expiration_time`` which
can be set from ``airflow.cfg``.
```
##########
providers/fab/tests/unit/fab/auth_manager/api_fastapi/routes/test_login.py:
##########
@@ -0,0 +1,51 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from __future__ import annotations
+
+from unittest.mock import patch
+
+import pytest
+
+from airflow.providers.fab.auth_manager.api_fastapi.datamodels.login import
LoginBody, LoginResponse
+
+
[email protected]_test
+class TestLogin:
+ dummy_login_body = LoginBody(username="dummy", password="dummy")
+
+
@patch("airflow.providers.fab.auth_manager.api_fastapi.routes.login.FABAuthManagerLogin")
+ def test_create_token(self, mock_fab_auth_manager_login, test_client):
+ mock_fab_auth_manager_login.create_token.return_value =
LoginResponse(jwt_token="DUMMY_TOKEN")
+
+ response = test_client.post(
+ "/token",
+ json=self.dummy_login_body.model_dump(),
+ )
+ assert response.status_code == 201
+ assert response.json()["jwt_token"]
Review Comment:
```suggestion
assert response.json()["jwt_token"] == "DUMMY_TOKEN"
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
