You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by ka...@apache.org on 2020/12/20 01:22:49 UTC

[airflow] branch master updated: Add documentation about webserver_config.py (#13155)

This is an automated email from the ASF dual-hosted git repository.

kamilbregula pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/master by this push:
     new 81fed80  Add documentation about webserver_config.py (#13155)
81fed80 is described below

commit 81fed8072d1462ab43818bb7757ade4b67982976
Author: André Amaral <am...@gmail.com>
AuthorDate: Sat Dec 19 22:21:49 2020 -0300

    Add documentation about webserver_config.py (#13155)
    
    Co-authored-by: Andre Amaral <aa...@bionexo.com>
---
 .../config_templates/default_webserver_config.py   | 11 +++++
 docs/apache-airflow/security/webserver.rst         | 47 ++++++++++++++++++++--
 2 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/airflow/config_templates/default_webserver_config.py b/airflow/config_templates/default_webserver_config.py
index 27f6891..7f19ff1 100644
--- a/airflow/config_templates/default_webserver_config.py
+++ b/airflow/config_templates/default_webserver_config.py
@@ -55,6 +55,17 @@ AUTH_TYPE = AUTH_DB
 # Will allow user self registration
 # AUTH_USER_REGISTRATION = True
 
+# The recaptcha it's automatically enabled for user self registration is active and the keys are necessary
+# RECAPTCHA_PRIVATE_KEY = PRIVATE_KEY
+# RECAPTCHA_PUBLIC_KEY = PUBLIC_KEY
+
+# Config for Flask-Mail necessary for user self registration
+# MAIL_SERVER = 'smtp.gmail.com'
+# MAIL_USE_TLS = True
+# MAIL_USERNAME = 'yourappemail@gmail.com'
+# MAIL_PASSWORD = 'passwordformail'
+# MAIL_DEFAULT_SENDER = 'sender@gmail.com'
+
 # The default user self registration role
 # AUTH_USER_REGISTRATION_ROLE = "Public"
 
diff --git a/docs/apache-airflow/security/webserver.rst b/docs/apache-airflow/security/webserver.rst
index 93c1824..ac248e5 100644
--- a/docs/apache-airflow/security/webserver.rst
+++ b/docs/apache-airflow/security/webserver.rst
@@ -47,6 +47,8 @@ to extend this list by using the following configurations option:
     [admin]
     hide_sensitive_variable_fields = comma_separated_sensitive_variable_fields_list
 
+.. _web-authentication:
+
 Web Authentication
 ------------------
 
@@ -85,9 +87,48 @@ Please use command line interface ``airflow users create`` to create accounts, o
 Other Methods
 '''''''''''''
 
-Standing on the shoulder of underlying framework Flask-AppBuilder, Airflow also supports authentication methods like
-OAuth, OpenID, LDAP, REMOTE_USER. You can configure in ``$AIRFLOW_HOME/webserver_config.py``.
-For details, please refer to
+Since the Airflow 2.0, the default UI is the Flask App Builder RBAC. A ``webserver_config.py`` configuration file
+it's automatically generated and can be used to configure the Airflow to support authentication
+methods like OAuth, OpenID, LDAP, REMOTE_USER.
+
+For previous versions from Airflow, the ``$AIRFLOW_HOME/airflow.cfg`` following entry needs to be set to enable
+the Flask App Builder RBAC UI.
+
+.. code-block:: ini
+
+    rbac = True
+
+The default authentication option described in the :ref:`Web Authentication <web-authentication>` section it's related
+with the following entry in the ``$AIRFLOW_HOME/webserver_config.py``.
+
+.. code-block:: ini
+
+    AUTH_TYPE = AUTH_DB
+
+Another way to create users it's in the UI login page, allowing user self registration through a "Register" button.
+The following entries in the ``$AIRFLOW_HOME/webserver_config.py`` can be edited to make it possible:
+
+.. code-block:: ini
+
+    AUTH_USER_REGISTRATION = True
+    AUTH_USER_REGISTRATION_ROLE = "Desired Role For The Self Registered User"
+    RECAPTCHA_PRIVATE_KEY = 'private_key'
+    RECAPTCHA_PUBLIC_KEY = 'public_key'
+
+    MAIL_SERVER = 'smtp.gmail.com'
+    MAIL_USE_TLS = True
+    MAIL_USERNAME = 'yourappemail@gmail.com'
+    MAIL_PASSWORD = 'passwordformail'
+    MAIL_DEFAULT_SENDER = 'sender@gmail.com'
+
+The package ``Flask-Mail`` needs to be installed through pip to allow user self registration since it is a
+feature provided by the framework Flask-AppBuilder.
+
+To support authentication through a third-party provider, the ``AUTH_TYPE`` entry needs to be updated with the
+desired option like OAuth, OpenID, LDAP, and the lines with references for the chosen option need to have
+the comments removed and configured in the ``$AIRFLOW_HOME/webserver_config.py``.
+
+For more details, please refer to
 `Security section of FAB documentation <https://flask-appbuilder.readthedocs.io/en/latest/security.html>`_.
 
 SSL