zach-overflow commented on code in PR #52586: URL: https://github.com/apache/airflow/pull/52586#discussion_r2176187398
########## airflow-core/docs/core-concepts/auth-manager/index.rst: ########## @@ -122,17 +135,20 @@ These authorization methods are: Also, ``is_authorized_dag`` is called for any entity related to dags (e.g. task instances, dag runs, ...). This information is passed in ``access_entity``. Example: ``auth_manager.is_authorized_dag(method="GET", access_entity=DagAccessEntity.Run, details=DagDetails(id="dag-1"))`` asks whether the user has permission to read the Dag runs of the dag "dag-1". -* ``is_authorized_dataset``: Return whether the user is authorized to access Airflow datasets. Some details about the dataset can be provided (e.g. the dataset uri). +* ``is_authorized_backfill``: Return whether the user is authorized to access Airflow backfills. Some details about the backfill can be provided (e.g. the backfill ID). +* ``is_authorized_asset``: Return whether the user is authorized to access Airflow assets. Some details about the asset can be provided (e.g. the asset ID). +* ``is_authorized_asset_alias``: Return whether the user is authorized to access Airflow asset aliases. Some details about the asset alias can be provided (e.g. the asset alias ID). * ``is_authorized_pool``: Return whether the user is authorized to access Airflow pools. Some details about the pool can be provided (e.g. the pool name). * ``is_authorized_variable``: Return whether the user is authorized to access Airflow variables. Some details about the variable can be provided (e.g. the variable key). * ``is_authorized_view``: Return whether the user is authorized to access a specific view in Airflow. The view is specified through ``access_view`` (e.g. ``AccessView.CLUSTER_ACTIVITY``). * ``is_authorized_custom_view``: Return whether the user is authorized to access a specific view not defined in Airflow. This view can be provided by the auth manager itself or a plugin defined by the user. +* ``filter_authorized_menu_items``: Given the list of menu items in the UI, return the list of menu items the user has access to. JWT token management by auth managers ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The auth manager is responsible for creating the JWT token needed to interact with Airflow public API. -To achieve this, the auth manager **must** provide an endpoint to create this JWT token. This endpoint must be -available at ``POST /auth/token`` +To achieve this, the auth manager **must** provide an endpoint to create this JWT token. This endpoint is usually Review Comment: If the token generation endpoint path doesn't strictly have to be at `/auth/token`, it might be worth clarifying if what dictates how Airflow determines which custom auth manager endpoint to use for token generation. ########## airflow-core/docs/core-concepts/auth-manager/index.rst: ########## @@ -91,14 +91,27 @@ Some reasons you may want to write a custom auth manager include: * You'd like to use an auth manager that leverages an identity provider from your preferred cloud provider. * You have a private user management tool that is only available to you or your organization. -Authentication related BaseAuthManager methods -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +User representation +^^^^^^^^^^^^^^^^^^^ + +:class:`~airflow.api_fastapi.auth.managers.base_auth_manager.BaseAuthManager` defines an authentication manager, +parameterized by a user class T representing the authenticated user type. +Auth manager implementations (subclasses of :class:`~airflow.api_fastapi.auth.managers.base_auth_manager.BaseAuthManager`) +should specify the associated concrete user type. Each auth manager has its own user type definition. Review Comment: maybe worth noting that the concrete user type should be a subclass of `airflow.api_fastapi.auth.managers.models.base_user.BaseUser` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
