You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by je...@apache.org on 2022/04/21 16:37:27 UTC
[airflow] branch main updated: Change `[api] auth_backends` to be comma separated (#23138)
This is an automated email from the ASF dual-hosted git repository.
jedcunningham pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new a7bccaacb9 Change `[api] auth_backends` to be comma separated (#23138)
a7bccaacb9 is described below
commit a7bccaacb9a35ed6dcd4c1cadda4b8f294332722
Author: Jed Cunningham <66...@users.noreply.github.com>
AuthorDate: Thu Apr 21 10:37:15 2022 -0600
Change `[api] auth_backends` to be comma separated (#23138)
I could infer that this config accepted more than 1 value, but it wasn't
obvious how it was split. This makes it match our other multi-value
config options, plus adds it to the docs.
This also fixes the docs link referenced in config.
---
airflow/api/__init__.py | 4 ++--
airflow/config_templates/config.yml | 4 ++--
airflow/config_templates/default_airflow.cfg | 4 ++--
airflow/configuration.py | 2 +-
airflow/www/extensions/init_security.py | 2 +-
docs/apache-airflow/security/api.rst | 6 +++---
tests/api_connexion/test_auth.py | 2 +-
tests/core/test_configuration.py | 2 +-
8 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/airflow/api/__init__.py b/airflow/api/__init__.py
index a9c7619e64..da07429869 100644
--- a/airflow/api/__init__.py
+++ b/airflow/api/__init__.py
@@ -34,9 +34,9 @@ def load_auth():
pass
backends = []
- for backend in auth_backends.split():
+ for backend in auth_backends.split(","):
try:
- auth = import_module(backend)
+ auth = import_module(backend.strip())
log.info("Loaded API auth backend: %s", backend)
backends.append(auth)
except ImportError as err:
diff --git a/airflow/config_templates/config.yml b/airflow/config_templates/config.yml
index 15ba71917a..c4898b4555 100644
--- a/airflow/config_templates/config.yml
+++ b/airflow/config_templates/config.yml
@@ -826,8 +826,8 @@
default: "False"
- name: auth_backends
description: |
- How to authenticate users of the API. See
- https://airflow.apache.org/docs/apache-airflow/stable/security.html for possible values.
+ Comma separated list of auth backends to authenticate users of the API. See
+ https://airflow.apache.org/docs/apache-airflow/stable/security/api.html for possible values.
("airflow.api.auth.backend.default" allows all requests for historic reasons)
version_added: ~
type: string
diff --git a/airflow/config_templates/default_airflow.cfg b/airflow/config_templates/default_airflow.cfg
index 68318d4c6e..a6583d8f47 100644
--- a/airflow/config_templates/default_airflow.cfg
+++ b/airflow/config_templates/default_airflow.cfg
@@ -446,8 +446,8 @@ fail_fast = False
# `RELEASE_NOTES.rst <https://github.com/apache/airflow/blob/main/RELEASE_NOTES.rst>`_
enable_experimental_api = False
-# How to authenticate users of the API. See
-# https://airflow.apache.org/docs/apache-airflow/stable/security.html for possible values.
+# Comma separated list of auth backends to authenticate users of the API. See
+# https://airflow.apache.org/docs/apache-airflow/stable/security/api.html for possible values.
# ("airflow.api.auth.backend.default" allows all requests for historic reasons)
auth_backends = airflow.api.auth.backend.session
diff --git a/airflow/configuration.py b/airflow/configuration.py
index 5a5c346aa8..d31933779d 100644
--- a/airflow/configuration.py
+++ b/airflow/configuration.py
@@ -325,7 +325,7 @@ class AirflowConfigParser(ConfigParser):
# handled by deprecated_values
pass
elif old_value.find('airflow.api.auth.backend.session') == -1:
- new_value = old_value + "\nairflow.api.auth.backend.session"
+ new_value = old_value + ",airflow.api.auth.backend.session"
self._update_env_var(section="api", name="auth_backends", new_value=new_value)
warnings.warn(
'The auth_backends setting in [api] has had airflow.api.auth.backend.session added '
diff --git a/airflow/www/extensions/init_security.py b/airflow/www/extensions/init_security.py
index 61b1bf36e5..aece5e9fe3 100644
--- a/airflow/www/extensions/init_security.py
+++ b/airflow/www/extensions/init_security.py
@@ -51,7 +51,7 @@ def init_api_experimental_auth(app):
pass
app.api_auth = []
- for backend in auth_backends.split():
+ for backend in auth_backends.split(','):
try:
auth = import_module(backend.strip())
auth.init_app(app)
diff --git a/docs/apache-airflow/security/api.rst b/docs/apache-airflow/security/api.rst
index 02c9bd0a30..f2ee8487f2 100644
--- a/docs/apache-airflow/security/api.rst
+++ b/docs/apache-airflow/security/api.rst
@@ -34,10 +34,10 @@ check the user session:
In Airflow <1.10.11, the default setting was to allow all API requests without authentication, but this
posed security risks for if the Webserver is publicly accessible.
-.. versionchanged:: 2.3
+.. versionchanged:: 2.3.0
- In Airflow <2.3 this setting was ``auth_backend`` and allowed only one
- value. In 2.3 it was changed to support multiple backends that are tried
+ In Airflow <2.3.0 this setting was ``auth_backend`` and allowed only one
+ value. In 2.3.0 it was changed to support multiple backends that are tried
in turn.
If you want to check which authentication backends are currently set, you can use ``airflow config get-value api auth_backends``
diff --git a/tests/api_connexion/test_auth.py b/tests/api_connexion/test_auth.py
index 60f2a5d0b8..4049e35007 100644
--- a/tests/api_connexion/test_auth.py
+++ b/tests/api_connexion/test_auth.py
@@ -177,7 +177,7 @@ class TestSessionWithBasicAuthFallback(BaseTestAuth):
(
"api",
"auth_backends",
- ): "airflow.api.auth.backend.session\nairflow.api.auth.backend.basic_auth"
+ ): "airflow.api.auth.backend.session,airflow.api.auth.backend.basic_auth"
}
):
init_api_experimental_auth(minimal_app_for_api)
diff --git a/tests/core/test_configuration.py b/tests/core/test_configuration.py
index 839877b8fb..e6c0a1546e 100644
--- a/tests/core/test_configuration.py
+++ b/tests/core/test_configuration.py
@@ -613,7 +613,7 @@ AIRFLOW_HOME = /root/airflow
test_conf.validate()
assert (
test_conf.get('api', 'auth_backends')
- == 'airflow.api.auth.backend.basic_auth\nairflow.api.auth.backend.session'
+ == 'airflow.api.auth.backend.basic_auth,airflow.api.auth.backend.session'
)
@pytest.mark.parametrize(