You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/08/30 19:42:09 UTC

[GitHub] [airflow] houqp opened a new pull request #10652: add securitySchemes in openapi spec

houqp opened a new pull request #10652:
URL: https://github.com/apache/airflow/pull/10652


   openapi-generator relies on this component to generate auth code in
   some of the clients.
   
   <!--
   Thank you for contributing! Please make sure that your code changes
   are covered with tests. And in case of new features or big changes
   remember to adjust the documentation.
   
   Feel free to ping committers for the review!
   
   In case of existing issue, reference it using one of the following:
   
   closes: #ISSUE
   related: #ISSUE
   
   How to write a good git commit message:
   http://chris.beams.io/posts/git-commit/
   -->
   
   ---
   **^ Add meaningful description above**
   
   Read the **[Pull Request Guidelines](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pull-request-guidelines)** for more information.
   In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed.
   In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
   In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/master/UPDATING.md).
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] mik-laj commented on pull request #10652: add securitySchemes in openapi spec

Posted by GitBox <gi...@apache.org>.
mik-laj commented on pull request #10652:
URL: https://github.com/apache/airflow/pull/10652#issuecomment-683897169


   New sections have appeared in the reference documentation. I think it's worth hiding them because we have other documentation that is more precise.
   ![Screenshot 2020-08-31 at 18 44 30](https://user-images.githubusercontent.com/12058428/91744606-07787280-ebba-11ea-9f69-ffc067724e78.png)
   I think we can do it by `noAuthAuth` option in redoc. 
   https://github.com/Redocly/redoc#redoc-options-object
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] houqp commented on pull request #10652: add securitySchemes in openapi spec

Posted by GitBox <gi...@apache.org>.
houqp commented on pull request #10652:
URL: https://github.com/apache/airflow/pull/10652#issuecomment-683462016


   This only affects documentation for go clients, but for some other languages like typescript and java, it is used a feature gate to generate the actual client code.
   
   The go client documentation right now is not generated correctly, which will be fixed by https://github.com/OpenAPITools/openapi-generator/pull/7312.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] mik-laj commented on pull request #10652: add securitySchemes in openapi spec

Posted by GitBox <gi...@apache.org>.
mik-laj commented on pull request #10652:
URL: https://github.com/apache/airflow/pull/10652#issuecomment-686811482


   @jhtimmins Can I ask for a review?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] mik-laj commented on a change in pull request #10652: add securitySchemes in openapi spec

Posted by GitBox <gi...@apache.org>.
mik-laj commented on a change in pull request #10652:
URL: https://github.com/apache/airflow/pull/10652#discussion_r483865385



##########
File path: docs/conf.py
##########
@@ -553,6 +553,7 @@ def _get_rst_filepath_from_path(filepath: str):
         'spec': OPENAPI_FILE,
         'opts': {
             'hide-hostname': True,
+            'no-auto-auth': True,

Review comment:
       See: https://github.com/apache/airflow/pull/10652#issuecomment-683897169




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] mik-laj commented on a change in pull request #10652: add securitySchemes in openapi spec

Posted by GitBox <gi...@apache.org>.
mik-laj commented on a change in pull request #10652:
URL: https://github.com/apache/airflow/pull/10652#discussion_r480250133



##########
File path: airflow/api_connexion/openapi/v1.yaml
##########
@@ -2716,6 +2716,15 @@ components:
   # Reusable callbacks
   callbacks: {}
 
+  securitySchemes:
+    BasicAuth:
+      type: http
+      scheme: basic
+    GoogleOpenIdAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT

Review comment:
       Should we add kerberos auth?
   ```yaml
       negotiateAuth:
           type: "http"
           name: "Negotiate"
           in: "header"
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] mik-laj merged pull request #10652: Add securitySchemes in openapi spec

Posted by GitBox <gi...@apache.org>.
mik-laj merged pull request #10652:
URL: https://github.com/apache/airflow/pull/10652


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] houqp commented on a change in pull request #10652: add securitySchemes in openapi spec

Posted by GitBox <gi...@apache.org>.
houqp commented on a change in pull request #10652:
URL: https://github.com/apache/airflow/pull/10652#discussion_r480680965



##########
File path: airflow/api_connexion/openapi/v1.yaml
##########
@@ -2716,6 +2716,15 @@ components:
   # Reusable callbacks
   callbacks: {}
 
+  securitySchemes:
+    BasicAuth:
+      type: http
+      scheme: basic
+    GoogleOpenIdAuth:

Review comment:
       I think it makes more sense to define it as openIdConnect type, will update it. we can add JWT auth scheme for future bearer based auth backends.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] mik-laj commented on a change in pull request #10652: add securitySchemes in openapi spec

Posted by GitBox <gi...@apache.org>.
mik-laj commented on a change in pull request #10652:
URL: https://github.com/apache/airflow/pull/10652#discussion_r480262934



##########
File path: airflow/api_connexion/openapi/v1.yaml
##########
@@ -2716,6 +2716,15 @@ components:
   # Reusable callbacks
   callbacks: {}
 
+  securitySchemes:
+    BasicAuth:
+      type: http
+      scheme: basic
+    GoogleOpenIdAuth:

Review comment:
       Should we define it as aa OpenID? However, I am not sure. It may be more practical to define it as a JWT if we can support more flow e.g. gcloud.
   ```
       GoogleOpenId:
         type: openIdConnect
         openIdConnectUrl: https://accounts.google.com/.well-known/openid-configuration
   ```
   




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] jhtimmins commented on a change in pull request #10652: add securitySchemes in openapi spec

Posted by GitBox <gi...@apache.org>.
jhtimmins commented on a change in pull request #10652:
URL: https://github.com/apache/airflow/pull/10652#discussion_r483864689



##########
File path: docs/conf.py
##########
@@ -553,6 +553,7 @@ def _get_rst_filepath_from_path(filepath: str):
         'spec': OPENAPI_FILE,
         'opts': {
             'hide-hostname': True,
+            'no-auto-auth': True,

Review comment:
       What is `no-auto-auth` used for?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org