jason810496 commented on code in PR #58292:
URL: https://github.com/apache/airflow/pull/58292#discussion_r2556703579
##########
airflow-core/src/airflow/api_fastapi/core_api/routes/ui/auth.py:
##########
@@ -38,3 +40,27 @@ def get_auth_menus(
authorized_menu_items=authorized_menu_items,
extra_menu_items=extra_menu_items,
)
+
+
+@auth_router.get("/auth/me")
+def get_current_user(
+ user: GetUserDep,
+) -> SimpleAuthenticatedMeResponse | FabAuthenticatedMeResponse:
+ """Get current authenticated user information."""
+ auth_manager = get_auth_manager()
+ if auth_manager.get_auth_manager_type() == "SimpleAuthManager":
+ return SimpleAuthenticatedMeResponse(
+ username=user.username or "",
+ role=user.role or "",
+ )
+
+ if auth_manager.get_auth_manager_type() == "FabAuthManager":
+ return FabAuthenticatedMeResponse(
Review Comment:
> One doubt I have is "roles" - we do NOT have a concept of roles build in
Airflow, we have permissions. Roles are specific for FAB provider Auth manager,
and there is a different definition of Roles in KeyCloak Auth Manger -
completely outside of Airflow "core" and outside of "Auth Manager".
Agree with Jarek that it would be better not to specify explicit Auth
Manager as we have also support
-
https://github.com/apache/airflow/blob/13dc31fc065d0250229bc38b0425bdd1bddcf9a9/providers/keycloak/src/airflow/providers/keycloak/auth_manager/user.py#L22-L23
-
https://github.com/apache/airflow/blob/13dc31fc065d0250229bc38b0425bdd1bddcf9a9/providers/amazon/src/airflow/providers/amazon/aws/auth_manager/user.py#L32-L33
- etc, and might be more in future!
##########
airflow-core/src/airflow/api_fastapi/auth/managers/models/base_user.py:
##########
@@ -18,13 +18,35 @@
from __future__ import annotations
from abc import abstractmethod
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+ from typing import Any
class BaseUser:
- """User model interface."""
+ """User model interface. These attributes/methods should be implemented in
the pluggable auth manager."""
+
+ id: int | str | None
+ first_name: str | None
+ last_name: str | None
+ username: str | None
+ role: str | None
+ email: str | None
+ active: bool | None
+ roles: list[Any] | None
Review Comment:
So maybe we just need `id` and `user` for now.
##########
airflow-core/src/airflow/api_fastapi/core_api/datamodels/ui/auth.py:
##########
@@ -26,3 +26,21 @@ class MenuItemCollectionResponse(BaseModel):
authorized_menu_items: list[MenuItem]
extra_menu_items: list[ExtraMenuItem]
+
+
+class SimpleAuthenticatedMeResponse(BaseModel):
+ """Current User (me) response serializer for SimpleAuth."""
+
+ username: str
+ role: str | None
+
+
+class FabAuthenticatedMeResponse(BaseModel):
+ """Current User (me) response serializer for FAB auth."""
+
+ id: int | str
+ first_name: str
+ last_name: str
+ username: str
+ email: str
+ roles: list[str] | None = None
Review Comment:
```suggestion
```
So maybe we could just return what `BaseUser` interface had supported
currently if `id` and `user` are enough:
https://github.com/apache/airflow/blob/13dc31fc065d0250229bc38b0425bdd1bddcf9a9/airflow-core/src/airflow/api_fastapi/auth/managers/models/base_user.py#L23-L31
Or if we really want to show the additional properties, we could introduce
something like `ui_attributes` (or other better name)on the `BaseUser`
interface and each subclasses are able to specify the additional properties.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
