[
https://issues.apache.org/jira/browse/AIRFLOW-3070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16616705#comment-16616705
]
ASF GitHub Bot commented on AIRFLOW-3070:
-----------------------------------------
kaxil closed pull request #3863: [AIRFLOW-3070] Refine web UI
authentication-related docs
URL: https://github.com/apache/incubator-airflow/pull/3863
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/airflow/bin/cli.py b/airflow/bin/cli.py
index 4ff1ae3679..ce56e79b4b 100644
--- a/airflow/bin/cli.py
+++ b/airflow/bin/cli.py
@@ -2024,7 +2024,7 @@ class CLIFactory(object):
'conn_id', 'conn_uri', 'conn_extra') +
tuple(alternative_conn_specs),
}, {
'func': create_user,
- 'help': "Create an account for the Web UI",
+ 'help': "Create an account for the Web UI (FAB-based)",
'args': ('role', 'username', 'email', 'firstname', 'lastname',
'password', 'use_random_password'),
}, {
diff --git a/airflow/config_templates/default_airflow.cfg
b/airflow/config_templates/default_airflow.cfg
index 18c486cb1e..9a9f3aca61 100644
--- a/airflow/config_templates/default_airflow.cfg
+++ b/airflow/config_templates/default_airflow.cfg
@@ -265,6 +265,9 @@ access_logfile = -
error_logfile = -
# Expose the configuration file in the web server
+# This is only applicable for the flask-admin based web UI (non FAB-based).
+# In the FAB-based web UI with RBAC feature,
+# access to configuration is controlled by role permissions.
expose_config = False
# Set to true to turn on authentication:
diff --git a/docs/security.rst b/docs/security.rst
index 253587afb1..60fe160404 100644
--- a/docs/security.rst
+++ b/docs/security.rst
@@ -16,9 +16,14 @@ Web Authentication
Password
''''''''
+.. note::
+
+ This is for flask-admin based web UI only. If you are using FAB-based web
UI with RBAC feature,
+ please use command line interface ``create_user`` to create accounts, or do
that in the FAB-based UI itself.
+
One of the simplest mechanisms for authentication is requiring users to
specify a password before logging in.
Password authentication requires the used of the ``password`` subpackage in
your requirements file. Password hashing
-uses bcrypt before storing passwords.
+uses ``bcrypt`` before storing passwords.
.. code-block:: bash
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Refine web UI authentication-related docs
> ------------------------------------------
>
> Key: AIRFLOW-3070
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3070
> Project: Apache Airflow
> Issue Type: Improvement
> Components: Documentation
> Reporter: Xiaodong DENG
> Assignee: Xiaodong DENG
> Priority: Minor
>
> Now in Airflow 1.10 we're already providing older version of web UI and new
> FAB-based UI at the same time. But the documentation is not differentiated
> very well. For example,
> * this doc [https://airflow.apache.org/security.html#password] is only
> applicable for old web UI only, but it's not hightlighted.
> * command line tool {{create_user}} is only for new FAB-based UI only, it's
> not highlighted as well.
> This may be confusing to users, especially given not everyone is aware of the
> existence of two UIs.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
