You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@airflow.apache.org by Luangsay Sourygna <lu...@gmail.com> on 2018/07/31 10:18:18 UTC
How to handle Group filtering in RBAC?
Hi all,
I've just tested the last version of Aiflow with the new RBAC feature. It
looks great.
However, I miss the possibility to do "Group filtering".
That is: I only want users to be able to auto register if they belong to a
specific (ldap) group.
I have been able to add this feature by modifying a bit the code:
[root@18bc31801cc3 airflow]# diff
/usr/lib/python2.7/site-packages/Flask_AppBuilder-1.11.1-py2.7.egg/flask_appbuilder/security/manager.py
/tmp/manager.py
290,297d289
< def auth_ldap_group_field(self):
< return self.appbuilder.get_app.config['AUTH_LDAP_GROUP_FIELD']
<
< @property
< def auth_ldap_allowed_group_auto_registration_field(self):
< return
self.appbuilder.get_app.config['AUTH_LDAP_ALLOWED_GROUP_AUTO_REGISTRATION']
<
< @property
610d601
< self.auth_ldap_group_field,
706,708d697
< if not
self.auth_ldap_allowed_group_auto_registration_field in
ldap_user_info[self.auth_ldap_group_field]:
< log.warning(username + " cannot auto register
because it does not belong to the group " +
self.auth_ldap_allowed_group_auto_registration_field)
< return None
However, before proposing to push this upstream, I would like to know if
some of you have some better ideas about how to handle this group problem?
What is more, in my changes I modify Flask and not Airflow, so maybe I
should look at another way to solve my requirement.
Regards,
Sourygna
Re: How to handle Group filtering in RBAC?
Posted by Tao Feng <fe...@gmail.com>.
Hey Sourygna,
I assume you are using airflow 1.10? You could make a change to FAB with a
release and update the dependency in airflow.
On Tue, Jul 31, 2018 at 6:14 PM, Sid Anand <sa...@apache.org> wrote:
> This looks like a great feature.
>
> Another piece of functionality that would be nice on the UI is to filter
> dags by owner, not just by the person logged in. So, if I wanted to see
> Bob's or Bill's DAGs in the main landing page, by typing in Bob or Bill's
> user names, the DAG view would filters DAGs shown.
>
> On Tue, Jul 31, 2018 at 3:18 AM Luangsay Sourygna <lu...@gmail.com>
> wrote:
>
> > Hi all,
> >
> >
> > I've just tested the last version of Aiflow with the new RBAC feature. It
> > looks great.
> >
> > However, I miss the possibility to do "Group filtering".
> >
> > That is: I only want users to be able to auto register if they belong to
> a
> > specific (ldap) group.
> >
> >
> > I have been able to add this feature by modifying a bit the code:
> >
> >
> > [root@18bc31801cc3 airflow]# diff
> >
> > /usr/lib/python2.7/site-packages/Flask_AppBuilder-1.
> 11.1-py2.7.egg/flask_appbuilder/security/manager.py
> > /tmp/manager.py
> >
> > 290,297d289
> >
> > < def auth_ldap_group_field(self):
> >
> > < return self.appbuilder.get_app.config['AUTH_LDAP_GROUP_FIELD']
> >
> > <
> >
> > < @property
> >
> > < def auth_ldap_allowed_group_auto_registration_field(self):
> >
> > < return
> > self.appbuilder.get_app.config['AUTH_LDAP_ALLOWED_
> GROUP_AUTO_REGISTRATION']
> >
> > <
> >
> > < @property
> >
> > 610d601
> >
> > < self.auth_ldap_group_field,
> >
> > 706,708d697
> >
> > < if not
> > self.auth_ldap_allowed_group_auto_registration_field in
> > ldap_user_info[self.auth_ldap_group_field]:
> >
> > < log.warning(username + " cannot auto
> register
> > because it does not belong to the group " +
> > self.auth_ldap_allowed_group_auto_registration_field)
> >
> > < return None
> >
> >
> >
> >
> > However, before proposing to push this upstream, I would like to know if
> > some of you have some better ideas about how to handle this group
> problem?
> >
> > What is more, in my changes I modify Flask and not Airflow, so maybe I
> > should look at another way to solve my requirement.
> >
> >
> > Regards,
> >
> >
> > Sourygna
> >
>
Re: How to handle Group filtering in RBAC?
Posted by Sid Anand <sa...@apache.org>.
This looks like a great feature.
Another piece of functionality that would be nice on the UI is to filter
dags by owner, not just by the person logged in. So, if I wanted to see
Bob's or Bill's DAGs in the main landing page, by typing in Bob or Bill's
user names, the DAG view would filters DAGs shown.
On Tue, Jul 31, 2018 at 3:18 AM Luangsay Sourygna <lu...@gmail.com>
wrote:
> Hi all,
>
>
> I've just tested the last version of Aiflow with the new RBAC feature. It
> looks great.
>
> However, I miss the possibility to do "Group filtering".
>
> That is: I only want users to be able to auto register if they belong to a
> specific (ldap) group.
>
>
> I have been able to add this feature by modifying a bit the code:
>
>
> [root@18bc31801cc3 airflow]# diff
>
> /usr/lib/python2.7/site-packages/Flask_AppBuilder-1.11.1-py2.7.egg/flask_appbuilder/security/manager.py
> /tmp/manager.py
>
> 290,297d289
>
> < def auth_ldap_group_field(self):
>
> < return self.appbuilder.get_app.config['AUTH_LDAP_GROUP_FIELD']
>
> <
>
> < @property
>
> < def auth_ldap_allowed_group_auto_registration_field(self):
>
> < return
> self.appbuilder.get_app.config['AUTH_LDAP_ALLOWED_GROUP_AUTO_REGISTRATION']
>
> <
>
> < @property
>
> 610d601
>
> < self.auth_ldap_group_field,
>
> 706,708d697
>
> < if not
> self.auth_ldap_allowed_group_auto_registration_field in
> ldap_user_info[self.auth_ldap_group_field]:
>
> < log.warning(username + " cannot auto register
> because it does not belong to the group " +
> self.auth_ldap_allowed_group_auto_registration_field)
>
> < return None
>
>
>
>
> However, before proposing to push this upstream, I would like to know if
> some of you have some better ideas about how to handle this group problem?
>
> What is more, in my changes I modify Flask and not Airflow, so maybe I
> should look at another way to solve my requirement.
>
>
> Regards,
>
>
> Sourygna
>