You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by po...@apache.org on 2024/02/07 20:52:02 UTC
(airflow) branch v2-8-test updated: Upgrade to FAB 4.3.11
This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch v2-8-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/v2-8-test by this push:
new c080754770 Upgrade to FAB 4.3.11
c080754770 is described below
commit c080754770a07c88169ad3d190d097b2e4ea53ac
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Wed Feb 7 21:20:12 2024 +0100
Upgrade to FAB 4.3.11
(cherry picked from commit 80d8e389fe98d10fe2130ffcf9bdb8a1ff2a9443)
---
.../auth/managers/fab/security_manager/override.py | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/airflow/auth/managers/fab/security_manager/override.py b/airflow/auth/managers/fab/security_manager/override.py
index 2936bb3036..37c07d956b 100644
--- a/airflow/auth/managers/fab/security_manager/override.py
+++ b/airflow/auth/managers/fab/security_manager/override.py
@@ -1839,6 +1839,13 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
log.error(const.LOGMSG_ERR_SEC_DEL_PERMROLE, e)
self.get_session.rollback()
+ def get_oid_identity_url(self, provider_name: str) -> str | None:
+ """Returns the OIDC identity provider URL."""
+ for provider in self.openid_providers:
+ if provider.get("name") == provider_name:
+ return provider.get("url")
+ return None
+
@staticmethod
def get_user_roles(user=None):
"""
@@ -2163,10 +2170,21 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
data = me.json()
log.debug("User info from Okta: %s", data)
return {
- "username": "okta_" + data.get("sub", ""),
+ "username": f"{provider}_{data['sub']}",
"first_name": data.get("given_name", ""),
"last_name": data.get("family_name", ""),
- "email": data.get("email", ""),
+ "email": data["email"],
+ "role_keys": data.get("groups", []),
+ }
+ # for Auth0
+ if provider == "auth0":
+ data = self.appbuilder.sm.oauth_remotes[provider].userinfo()
+ log.debug("User info from Auth0: %s", data)
+ return {
+ "username": f"{provider}_{data['sub']}",
+ "first_name": data.get("given_name", ""),
+ "last_name": data.get("family_name", ""),
+ "email": data["email"],
"role_keys": data.get("groups", []),
}
# for Keycloak