Very Cool!
> SimpleAuthManager *should not be used in production*
..haha, this is the successor of SequentialExecutor as minimalization
On 20.03.25 14:33, Jarek Potiuk wrote:
Fantastic! Thanks for all the details Vincent!
And long live SimpleAuthManager!
J.
On Thu, Mar 20, 2025 at 2:17 PM Beck, Vincent<vincb...@amazon.com.invalid>
wrote:
Hi everyone,
I just mergedhttps://github.com/apache/airflow/pull/47691 which sets
SimpleAuthManager as the default auth manager in Airflow. If you pull the
latest main branch, Airflow will no longer use the FAB auth Manager by
default but instead use SimpleAuthManager. This is another step towards
removing Flask from Airflow.
*What changed?*
Auth managers define authentication (AuthN) and authorization (AuthZ)
logic in Airflow. Switching to SimpleAuthManager means changes in how
authentication and authorization work:
- The FAB login form is no longer used; authentication now follows the
method provided by SimpleAuthManager.
- Pages previously used to manage users and roles (/auth/users/list,
/auth/roles/list, etc.) are no longer available since they are part of the
FAB Auth Manager.
- SimpleAuthManager manages users and roles through a configuration file
instead of a web interface.
For more details on SimpleAuthManager, please refer to the documentation:
https://github.com/apache/airflow/blob/main/docs/apache-airflow/core-concepts/auth-manager/simple.rst
.
However, SimpleAuthManager is a minimal auth manager designed for
development environments and *should not be used in production*.
*Using a different auth manager*
This change only updates the default auth manager, no existing options
have been removed. You can continue using your preferred auth manager,
including FAB, by setting the following in the config `[core] auth_manager
= <auth_manager_path>`. For example, to continue using FAB:: `[core]
auth_manager =
airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager`.
*Breeze users*
If you are using Breeze, switching between auth managers is now easier. PR
#47691 introduces a new `--auth-manager` parameter for `breeze
start-airflow`:
- Start Airflow with SimpleAuthManager:: `breeze start-airflow
--auth-manager SimpleAuthManager` (or simply `breeze start-airflow`, since
SimpleAuthManager is now the default)
- Start Airflow with FAB auth manager:: `breeze start-airflow
--auth-manager FabAuthManager`
Simple auth manager auto generates a random password for all users defined
in the config. These passwords are stored by default in
``AIRFLOW_HOME/simple_auth_manager_passwords.json.generated``. For
convenience, Breeze predefines two default users:
- "admin" (password: "admin") -> full access
- "viewer" (password: "viewer") -> read-only access
If you encounter any issues or have concerns about this change, feel free
to discuss on Slack or submit a PR to address them.
Thanks,
Vincent
