You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/06/30 03:35:27 UTC

[GitHub] [airflow] sk2991 opened a new issue #9583: Attach roles to AD groups - Azure OAuth

sk2991 opened a new issue #9583:
URL: https://github.com/apache/airflow/issues/9583


   We have implemented RBAC using Azure OAuth, Is there any way to attach a role to AD group - so that users part of that AD groups/Tenant can get default access to the attached role 
   
   **Apache Airflow version**: 1.10.10
   
   
   **Kubernetes version (if you are using kubernetes)** (use `kubectl version`): 1.15.10
   
   **Environment**: 
   
   - **Cloud provider or hardware configuration**: Azure (AKS)
   - **OS** (e.g. from /etc/os-release): Debian GNU/Linux
   - **Kernel** (e.g. `uname -a`): 4.15.0-1089-azure
   - **Install tools**:
   - **Others**:
   
   **What happened**:
   
   <!-- (please include exact error messages if you can) -->
   
   **What you expected to happen**:
   
   attach a role to AD group (or) Azure tenant
   
   **How to reproduce it**:
   
   
   Helm install stable/airflow
   Implement RBAC using Azure OAuth
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] elwinarens commented on issue #9583: Attach roles to AD groups - Azure OAuth

Posted by GitBox <gi...@apache.org>.

elwinarens commented on issue #9583:
URL: https://github.com/apache/airflow/issues/9583#issuecomment-653483659


   @sk2991  Would you mind sharing your Azure OAuth implementation?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] mik-laj commented on issue #9583: Attach roles to AD groups - Azure OAuth

Posted by GitBox <gi...@apache.org>.

mik-laj commented on issue #9583:
URL: https://github.com/apache/airflow/issues/9583#issuecomment-653522828


   Is this helpful for you?  I don't use Azure OAuth, so I'm not sure this change applies here.
   https://github.com/dpgaspar/Flask-AppBuilder/pull/1410


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] sk2991 commented on issue #9583: Attach roles to AD groups - Azure OAuth

Posted by GitBox <gi...@apache.org>.

sk2991 commented on issue #9583:
URL: https://github.com/apache/airflow/issues/9583#issuecomment-820386313


   @hussainsaify I was not able to find any other way.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] hussainsaify commented on issue #9583: Attach roles to AD groups - Azure OAuth

Posted by GitBox <gi...@apache.org>.

hussainsaify commented on issue #9583:
URL: https://github.com/apache/airflow/issues/9583#issuecomment-816533008


   @sk2991 were you able to solve this using a more cleaner method than shared above?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] sk2991 commented on issue #9583: Attach roles to AD groups - Azure OAuth

Posted by GitBox <gi...@apache.org>.

sk2991 commented on issue #9583:
URL: https://github.com/apache/airflow/issues/9583#issuecomment-653920847


   @elwinarens @rafaelpierre  - I have used this [link](https://github.com/dpgaspar/Flask-AppBuilder/blob/master/examples/oauth/config.py) to configure Azure OAuth. 
   Other useful links:
   https://github.com/apache/airflow/pull/3015
   https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-oauth


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] sk2991 commented on issue #9583: Attach roles to AD groups - Azure OAuth

Posted by GitBox <gi...@apache.org>.

sk2991 commented on issue #9583:
URL: https://github.com/apache/airflow/issues/9583#issuecomment-653924470


   @mik-laj  It does help to some extent. Is there anyway to extend this? Instead of declaring "AUTH_USER_REGISTRATION_ROLE_JMESPATH = "contains(['alice@example.com', 'celine@example.com'], email) && 'Admin' || 'Public'"" this manually in config file - can we assign it dynamically?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] boring-cyborg[bot] commented on issue #9583: Attach roles to AD groups - Azure OAuth

Posted by GitBox <gi...@apache.org>.

boring-cyborg[bot] commented on issue #9583:
URL: https://github.com/apache/airflow/issues/9583#issuecomment-651507634


   Thanks for opening your first issue here! Be sure to follow the issue template!
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] rafaelpierre commented on issue #9583: Attach roles to AD groups - Azure OAuth

Posted by GitBox <gi...@apache.org>.

rafaelpierre commented on issue #9583:
URL: https://github.com/apache/airflow/issues/9583#issuecomment-653499207


   @sk2991 +1
   
   > @sk2991 Would you mind sharing your Azure OAuth implementation?
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org