You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/04/29 23:13:06 UTC
[GitHub] [airflow] anmtan opened a new issue #15601: Access is denied alert after successfully login using OIDC
anmtan opened a new issue #15601:
URL: https://github.com/apache/airflow/issues/15601
<!--
Welcome to Apache Airflow! For a smooth issue process, try to answer the following questions.
Don't worry if they're not all applicable; just try to include what you can :-)
If you need to include code snippets or logs, please put them in fenced code
blocks. If they're super-long, please use the details tag like
<details><summary>super-long log</summary> lots of stuff </details>
Please delete these comment blocks before submitting the issue.
-->
<!--
IMPORTANT!!!
PLEASE CHECK "SIMILAR TO X EXISTING ISSUES" OPTION IF VISIBLE
NEXT TO "SUBMIT NEW ISSUE" BUTTON!!!
PLEASE CHECK IF THIS ISSUE HAS BEEN REPORTED PREVIOUSLY USING SEARCH!!!
Please complete the next sections or the issue will be closed.
These questions are the first thing we need to know to understand the context.
-->
**Apache Airflow version**: 2.0.1
**Kubernetes version (if you are using kubernetes)** (use `kubectl version`): 1.19
**Environment**: Kubernetes Executor, Okta OIDC
- **Cloud provider or hardware configuration**: EKS 1.19, RDS Postrgres DB
- **OS** (e.g. from /etc/os-release): Centos inside docker
- **Kernel** (e.g. `uname -a`):
- **Install tools**: helm
- **Others**: using official docker image apache/airflow:2.0.1-python3.7, flask-oidc, fab-oidc2
**What happened**:
We have integrated airflow 2 with Okta OIDC authentication/authorization using flask-oidc and fab-oidc2. When user login to Airflow console, user will be redirected to Okta login. Once user successful login to Okta, it will redirect back to airflow. On the airflow home page, there is an alert "Access is denied". If you refresh the page, the Alert will disappear. Even though the the alert says access is denied, but the user can do everything. Self registration is enabled, all user will have admin privileges. I've checked the user table and role table, both looks right to me and user should have admin privilege. The alert is just a false alarm and it only appears when login.
<!-- (please include exact error messages if you can) -->
**What you expected to happen**: User login successful without alert
<!-- What do you think went wrong? -->
**How to reproduce it**: Airflow 2.0.1 Integrate with Okta OIDC, login to airflow console. After user successfully login to airflow, the landing page will have "Access is denied".
<!---
As minimally and precisely as possible. Keep in mind we do not have access to your cluster or dags.
If you are using kubernetes, please attempt to recreate the issue using minikube or kind.
## Install minikube/kind
- Minikube https://minikube.sigs.k8s.io/docs/start/
- Kind https://kind.sigs.k8s.io/docs/user/quick-start/
If this is a UI bug, please provide a screenshot of the bug or a link to a youtube video of the bug in action
You can include images using the .md style of
To record a screencast, mac users can use QuickTime and then create an unlisted youtube video with the resulting .mov file.
--->
**Anything else we need to know**:
<!--
How often does this problem occur? Once? Every time etc?
Any relevant logs to include? Put them here in side a detail tag:
<details><summary>x.log</summary> lots of stuff </details>
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
potiuk commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-886201507
I can confirm this is the same for me for latest version of Airflow with Google Oauth2. I am not too familiar with the FAB authentication flows and what could be the reason, but maybe someone who knows a bit better @thesuperzapper @kaxil @dpgaspar could help ? I have now working configuration with Google OAuth2 that I can use to quickly test any solution (and happy to implement a fix) - but I need some guidance on it and possibly brainstorming where it could come from?
I saw this happening when I enabled - self-registration via Google Oauth as an Admin user (I think the oauth flow somehow puts the "Access Denied" message when you first try to connect and have no auth cookies set yet/never connected and instead of just redirecting to oauth to check it, the "Access Denied" message is immediately added to the error list.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] Shivamtayal99 commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
Shivamtayal99 commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-886609788
We are also facing similar issue in airflow 1.10.14 with OpenID connect.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] schwartzmx commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
schwartzmx commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-900000556
Hitting the same issue in airflow 2.1.2 using Google OAuth2.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] ClassyLion edited a comment on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
ClassyLion edited a comment on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-908313305
#12237 seems related
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] yakimetsd commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
yakimetsd commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-909052210
The same issue is still present in v2.1.3 coupled to Azure AD OAuth2
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
potiuk commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-1030828147
Look at changes to Flask App Builder between the two versions. Google Oauth integration and configuration is provided by Flask App Builder, it's not something that AIrflow does.
* FAB was 3.1.1 in 2.0.1 https://github.com/apache/airflow/blob/constraints-2.0.1/constraints-3.8.txt#L4
* FAB was 3.3.3 in 2.1.4 https://github.com/apache/airflow/blob/constraints-2.1.4/constraints-3.8.txt#L16
You can also open an issue in FAB's issue tracker or discussion there - maybe you will get help https://github.com/dpgaspar/flask-appbuilder/
I am converting it into discussion in case there will be some solutions you would like to post here for others.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] emilianomoscato commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
emilianomoscato commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-1024181827
Hello, it was not happening in our environment with Airflow 2.0.2 and chart 8.5.3, but after upgrading to Airflow 2.1.4 we start getting this error. We didn't change our Google OAUTH configuration.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] yakimetsd commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
yakimetsd commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-909052210
The same issue is still present in v2.1.3 coupled to Azure AD OAuth2
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk edited a comment on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
potiuk edited a comment on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-886201507
I can confirm this is the same for me for latest version of Airflow with Google Oauth2. I am not too familiar with the FAB authentication flows and what could be the reason, but maybe someone who knows a bit better @thesuperzapper @kaxil @dpgaspar could help ? I have now working configuration with Google OAuth2 that I can use to quickly test any solution (and happy to implement a fix) - but I need some guidance on it and possibly brainstorming where it could come from?
I saw this happening when I enabled - self-registration via Google Oauth as an Admin user. I think the oauth flow somehow puts the "Access Denied" message when you first try to connect and have no auth cookies set yet/never connected and instead of just redirecting to oauth server to perform authentication, the "Access Denied" message is immediately added to the error list.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] iercan commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
iercan commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-931245744
We have same issue with 2.1.4. I'm also not able to log out from airflow. It redirects to login if I try to logout.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] sinhapiyushkr commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
sinhapiyushkr commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-880456132
we are having same issue with Airflow 2.1.1 and Google Oauth2.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] agamjainTW commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
agamjainTW commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-984044342
Same issue with Airflow 2.2.2 and Github Oauth.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] ClassyLion commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
ClassyLion commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-908313305
#12237
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] thesuperzapper commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
thesuperzapper commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-900006721
Can someone please set `AIRFLOW__LOGGING__FAB_LOGGING_LEVEL = DEBUG`, and provide logs from the webserver when this errors happens?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] schwartzmx edited a comment on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
schwartzmx edited a comment on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-900019441
Thanks for the reply, attaching requested info @thesuperzapper.
`webserver_config.py`
```python
import os
import logging
from flask_appbuilder.security.manager import AUTH_OAUTH
basedir = os.path.abspath(os.path.dirname(__file__))
logger = logging.getLogger(__name__)
GOOGLE_CLIENT_ID = os.getenv('GOOGLE_OAUTH2_CLIENT_ID')
GOOGLE_SECRET = os.getenv('GOOGLE_OAUTH2_SECRET')
ADMIN_EMAILS = os.getenv("WEB_ADMIN_EMAILS", "").split(',')
AUTH_TYPE = AUTH_OAUTH
AUTH_ROLE_ADMIN = 'Admin'
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Admin' # Testing with just everyone as admin
OAUTH_PROVIDERS = [{
'name':'google',
'token_key':'access_token',
'icon':'fa-google',
'remote_app': {
'api_base_url':'https://www.googleapis.com/oauth2/v2/',
'client_kwargs':{
'scope': 'email profile'
},
'access_token_url':'https://accounts.google.com/o/oauth2/token',
'authorize_url':'https://accounts.google.com/o/oauth2/auth',
'request_token_url': None,
'client_id': GOOGLE_CLIENT_ID,
'client_secret': GOOGLE_SECRET,
}
}]
# Custom Security Manager in order to get around the `role_keys` missing from Google OAuth response
# See: https://github.com/apache/airflow/issues/16783
from airflow.www.security import AirflowSecurityManager
AUTH_ROLES_MAPPING = {
"devs": ["Viewer"],
"admins": ["Admin"]
}
class GoogleAirflowSecurityManager(AirflowSecurityManager):
def oauth_user_info(self, provider, resp):
assert provider == "google", "Google provider is only supported in this Security Manager"
me = self.appbuilder.sm.oauth_remotes[provider].get("userinfo")
data = me.json()
email = data.get("email", "")
# Maps back to AUTH_ROLES_MAPPING keys
role_keys = ["admins"] if email in ADMIN_EMAILS else ["devs"]
return {
"username": "google_" + data.get("id", ""),
"first_name": data.get("given_name", ""),
"last_name": data.get("family_name", ""),
"email": email,
"role_keys": role_keys
}
SECURITY_MANAGER_CLASS = GoogleAirflowSecurityManager
```
`webserver.log`
Logs right as the login process occurs and directly after as the home page is rendered
```
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:29 +0000] "GET /airflow/ HTTP/1.1" 302 233 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:29 +0000] "GET /airflow/home HTTP/1.1" 302 341 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | [2021-08-17 05:46:29,307] {views.py:645} DEBUG - Provider: None
airflow-webserver_1 | [2021-08-17 05:46:29,307] {views.py:661} DEBUG - Going to call authorize for: google
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:29 +0000] "GET /airflow/login/?next=http%3A%2F%2Flocalhost%3A8080%2Fairflow%2Fhome HTTP/1.1" 302 1029 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | [2021-08-17 05:46:32,693] {views.py:694} DEBUG - Authorized init
airflow-webserver_1 | 127.0.0.1 - - [17/Aug/2021:05:46:33 +0000] "GET /airflow/health HTTP/1.1" 200 187 "-" "curl/7.64.0"
airflow-webserver_1 | [2021-08-17 05:46:33,530] {views.py:699} DEBUG - OAUTH Authorized resp: {'access_token': '<redacted>', 'expires_in': 3599, 'scope': 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid', 'token_type': 'Bearer', 'id_token': '<redacted>', 'expires_at': 1629182792}
airflow-webserver_1 | [2021-08-17 05:46:34,371] {views.py:708} DEBUG - User info retrieved from google: {'username': '<redacted>', 'first_name': '<redacted>', 'last_name': '<redacted>', 'email': '<redacted>', 'role_keys': ['admins']}
airflow-webserver_1 | [2021-08-17 05:46:34,371] {views.py:721} DEBUG - No whitelist for OAuth provider
airflow-webserver_1 | [2021-08-17 05:46:34,378] {manager.py:227} INFO - Updated user <redacted>
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/oauth-authorized/google?state=<redacted>&code=<redacted>&scope=email%20profile%20openid%20https://www.googleapis.com/auth/userinfo.profile%20https://www.googleapis.com/auth/userinfo.email&authuser=0&hd=<redacted>&prompt=none HTTP/1.1" 302 275 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/home HTTP/1.1" 200 57650 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/bootstrap.min.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/font-awesome.min.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/datepicker/bootstrap-datepicker.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/select2/select2.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/flags/flags16.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/ab.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/airflowDefaultTheme.3e8bda71892b61b62f94.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/materialIcons.3221294eb511f43d1b15.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/main.e52cf607b64cdcd15089.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/loadingDots.4033edd9abf2750d6f8f.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/bootstrap-datetimepicker.min.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/switch.e97750fdb7423f33656a.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/dags.6c090f6b27d152c78e7a.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/flash.d205b61edc54ed448412.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/jquery-latest.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/ab_filters.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/ab_actions.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/bootstrap.min.css.map HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/bootstrap.min.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/select2/select2.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/datepicker/bootstrap-datepicker.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/ab.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/moment.c1933ee062e9650051f7.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/main.e52cf607b64cdcd15089.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/bootstrap-datetimepicker.min.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "GET /airflow/static/dist/bootstrap3-typeahead.min.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "GET /airflow/static/dist/d3.min.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "GET /airflow/static/dist/dags.6c090f6b27d152c78e7a.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST /airflow/last_dagruns HTTP/1.1" 200 753 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST /airflow/blocked HTTP/1.1" 200 127 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST /airflow/task_stats HTTP/1.1" 200 6723 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST /airflow/dag_stats HTTP/1.1" 200 1804 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
```
Additional info:
airflow version: `2.1.2`
python: `python3.8`
airflow.cfg base_url
```
[webserver]
base_url = http://localhost:8080/airflow
```
Google OAuth2 Dashboard configured URIs:
```
Authorized JavaScript origins:
http://localhost:8080
Authorized redirect URIs:
http://localhost:8080/airflow/oauth-authorized/google
```
As the @anmtan said originally,
>The alert is just a false alarm and it only appears at user login.
Refresh of the page removes the banner and the user can carry on, but it's just something that is odd and would need to be noted to bring up to users.
<img width="1087" alt="image" src="https://user-images.githubusercontent.com/6064408/129672436-d80eed14-c945-4f1c-ae60-0a14c46de6d0.png">
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] gcalmettes commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
gcalmettes commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-848767761
Hitting the same behavior after successful login via OIDC
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] ClassyLion edited a comment on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
ClassyLion edited a comment on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-908313305
#12237 seems related
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] timothyclarke commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
timothyclarke commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-902549482
If the scope contains `openid`, The custom security manager should and oauth_user_info should not be required.
```
SECURITY_MANAGER_CLASS = GoogleAirflowSecurityManager
class GoogleAirflowSecurityManager(AirflowSecurityManager):
def oauth_user_info(self, provider, resp):
```
The log shows `DEBUG - OAUTH Authorized resp:` ... `'id_token': '<redacted>'` The id token should contain all the user info. Looking at [authlib flask docs](https://docs.authlib.org/en/latest/client/flask.html#flask-openid-connect-client) you can [decode the contents of the `id_token`](https://jwt.io) on many web sites
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] timothyclarke removed a comment on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
timothyclarke removed a comment on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-902549482
If the scope contains `openid`, The custom security manager should and oauth_user_info should not be required.
```
SECURITY_MANAGER_CLASS = GoogleAirflowSecurityManager
class GoogleAirflowSecurityManager(AirflowSecurityManager):
def oauth_user_info(self, provider, resp):
```
The log shows `DEBUG - OAUTH Authorized resp:` ... `'id_token': '<redacted>'` The id token should contain all the user info. Looking at [authlib flask docs](https://docs.authlib.org/en/latest/client/flask.html#flask-openid-connect-client) you can [decode the contents of the `id_token`](https://jwt.io) on many web sites
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] ClassyLion commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
ClassyLion commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-908313305
#12237
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] yakimetsd commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
yakimetsd commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-909052210
The same issue is still present in v2.1.3 coupled to Azure AD OAuth2
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] schwartzmx commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
schwartzmx commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-900019441
Thanks for the reply, attaching requested info @thesuperzapper.
`webserver_config.py`
```python
import os
import logging
from flask_appbuilder.security.manager import AUTH_OAUTH
basedir = os.path.abspath(os.path.dirname(__file__))
logger = logging.getLogger(__name__)
GOOGLE_CLIENT_ID = os.getenv('GOOGLE_OAUTH2_CLIENT_ID')
GOOGLE_SECRET = os.getenv('GOOGLE_OAUTH2_SECRET')
ADMIN_EMAILS = os.getenv("WEB_ADMIN_EMAILS", "").split(',')
AUTH_TYPE = AUTH_OAUTH
AUTH_ROLE_ADMIN = 'Admin'
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Admin'
OAUTH_PROVIDERS = [{
'name':'google',
'token_key':'access_token',
'icon':'fa-google',
'remote_app': {
'api_base_url':'https://www.googleapis.com/oauth2/v2/',
'client_kwargs':{
'scope': 'email profile'
},
'access_token_url':'https://accounts.google.com/o/oauth2/token',
'authorize_url':'https://accounts.google.com/o/oauth2/auth',
'request_token_url': None,
'client_id': GOOGLE_CLIENT_ID,
'client_secret': GOOGLE_SECRET,
}
}]
# Custom Security Manager in order to get around the `role_keys` missing from Google OAuth response
# See: https://github.com/apache/airflow/issues/16783
from airflow.www.security import AirflowSecurityManager
AUTH_ROLES_MAPPING = {
"devs": ["Viewer"],
"admins": ["Admin"]
}
class GoogleAirflowSecurityManager(AirflowSecurityManager):
def oauth_user_info(self, provider, resp):
assert provider == "google", "Google provider is only supported in this Security Manager"
me = self.appbuilder.sm.oauth_remotes[provider].get("userinfo")
data = me.json()
email = data.get("email", "")
# Maps back to AUTH_ROLES_MAPPING keys
role_keys = ["admins"] if email in ADMIN_EMAILS else ["devs"]
return {
"username": "google_" + data.get("id", ""),
"first_name": data.get("given_name", ""),
"last_name": data.get("family_name", ""),
"email": email,
"role_keys": role_keys
}
SECURITY_MANAGER_CLASS = GoogleAirflowSecurityManager
```
`webserver.log`
Logs right as the login process occurs and directly after as the home page is rendered
```
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:29 +0000] "GET /airflow/ HTTP/1.1" 302 233 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:29 +0000] "GET /airflow/home HTTP/1.1" 302 341 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | [2021-08-17 05:46:29,307] {views.py:645} DEBUG - Provider: None
airflow-webserver_1 | [2021-08-17 05:46:29,307] {views.py:661} DEBUG - Going to call authorize for: google
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:29 +0000] "GET /airflow/login/?next=http%3A%2F%2Flocalhost%3A8080%2Fairflow%2Fhome HTTP/1.1" 302 1029 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | [2021-08-17 05:46:32,693] {views.py:694} DEBUG - Authorized init
airflow-webserver_1 | 127.0.0.1 - - [17/Aug/2021:05:46:33 +0000] "GET /airflow/health HTTP/1.1" 200 187 "-" "curl/7.64.0"
airflow-webserver_1 | [2021-08-17 05:46:33,530] {views.py:699} DEBUG - OAUTH Authorized resp: {'access_token': '<redacted>', 'expires_in': 3599, 'scope': 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid', 'token_type': 'Bearer', 'id_token': '<redacted>', 'expires_at': 1629182792}
airflow-webserver_1 | [2021-08-17 05:46:34,371] {views.py:708} DEBUG - User info retrieved from google: {'username': '<redacted>', 'first_name': '<redacted>', 'last_name': '<redacted>', 'email': '<redacted>', 'role_keys': ['admins']}
airflow-webserver_1 | [2021-08-17 05:46:34,371] {views.py:721} DEBUG - No whitelist for OAuth provider
airflow-webserver_1 | [2021-08-17 05:46:34,378] {manager.py:227} INFO - Updated user <redacted>
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/oauth-authorized/google?state=<redacted>&code=<redacted>&scope=email%20profile%20openid%20https://www.googleapis.com/auth/userinfo.profile%20https://www.googleapis.com/auth/userinfo.email&authuser=0&hd=<redacted>&prompt=none HTTP/1.1" 302 275 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/home HTTP/1.1" 200 57650 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/bootstrap.min.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/font-awesome.min.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/datepicker/bootstrap-datepicker.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/select2/select2.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/flags/flags16.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/ab.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/airflowDefaultTheme.3e8bda71892b61b62f94.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/materialIcons.3221294eb511f43d1b15.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/main.e52cf607b64cdcd15089.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/loadingDots.4033edd9abf2750d6f8f.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/bootstrap-datetimepicker.min.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/switch.e97750fdb7423f33656a.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/dags.6c090f6b27d152c78e7a.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/flash.d205b61edc54ed448412.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/jquery-latest.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/ab_filters.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/ab_actions.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/bootstrap.min.css.map HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/bootstrap.min.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/select2/select2.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/datepicker/bootstrap-datepicker.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/ab.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/moment.c1933ee062e9650051f7.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/main.e52cf607b64cdcd15089.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/bootstrap-datetimepicker.min.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "GET /airflow/static/dist/bootstrap3-typeahead.min.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "GET /airflow/static/dist/d3.min.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "GET /airflow/static/dist/dags.6c090f6b27d152c78e7a.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST /airflow/last_dagruns HTTP/1.1" 200 753 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST /airflow/blocked HTTP/1.1" 200 127 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST /airflow/task_stats HTTP/1.1" 200 6723 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST /airflow/dag_stats HTTP/1.1" 200 1804 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
```
Additional info:
airflow.cfg base_url
```
[webserver]
base_url = http://localhost:8080/airflow
```
Google OAuth2 Dashboard configured URIs:
```
Authorized JavaScript origins:
http://localhost:8080
Authorized redirect URIs:
http://localhost:8080/airflow/oauth-authorized/google
```
As the @anmtan said originally,
>The alert is just a false alarm and it only appears at user login.
Refresh of the page removes the banner and the user can carry on, but it's just something that is odd and would need to be noted to bring up to users.
<img width="1087" alt="image" src="https://user-images.githubusercontent.com/6064408/129672436-d80eed14-c945-4f1c-ae60-0a14c46de6d0.png">
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk edited a comment on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
potiuk edited a comment on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-886201507
I can confirm this is the same for me for latest version of Airflow with Google Oauth2. I am not too familiar with the FAB authentication flows and what could be the reason, but maybe someone who knows a bit better @thesuperzapper @kaxil @dpgaspar could help ? I have now working configuration with Google OAuth2 that I can use to quickly test any solution (and happy to implement a fix) - but I need some guidance on it and possibly brainstorming where it could come from?
I saw this happening when I enabled - self-registration via Google Oauth as an Admin user. I think the oauth flow somehow puts the "Access Denied" message when you first try to connect and have no auth cookies set yet/never connected and instead of just redirecting to oauth to check it, the "Access Denied" message is immediately added to the error list.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] boring-cyborg[bot] commented on issue #15601: Access is denied alert after successfully login using OIDC
Posted by GitBox <gi...@apache.org>.
boring-cyborg[bot] commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-829655186
Thanks for opening your first issue here! Be sure to follow the issue template!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] hao-zhang-aurora commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
hao-zhang-aurora commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-871735685
We are having the same issue with Airflow 2.1 and Okta. Is there any updates on this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] omoussa1 commented on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
omoussa1 commented on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-966347465
Hey, has a solution been reached for this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] thesuperzapper edited a comment on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
thesuperzapper edited a comment on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-900006721
Can someone please set `AIRFLOW__LOGGING__FAB_LOGGING_LEVEL = DEBUG`, and provide logs from the webserver when this error happens?
Also, please provide a (sanitized) version of your `webserver_config.py`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] schwartzmx edited a comment on issue #15601: Access is denied alert after successful login using OIDC
Posted by GitBox <gi...@apache.org>.
schwartzmx edited a comment on issue #15601:
URL: https://github.com/apache/airflow/issues/15601#issuecomment-900019441
Thanks for the reply, attaching requested info @thesuperzapper.
`webserver_config.py`
```python
import os
import logging
from flask_appbuilder.security.manager import AUTH_OAUTH
basedir = os.path.abspath(os.path.dirname(__file__))
logger = logging.getLogger(__name__)
GOOGLE_CLIENT_ID = os.getenv('GOOGLE_OAUTH2_CLIENT_ID')
GOOGLE_SECRET = os.getenv('GOOGLE_OAUTH2_SECRET')
ADMIN_EMAILS = os.getenv("WEB_ADMIN_EMAILS", "").split(',')
AUTH_TYPE = AUTH_OAUTH
AUTH_ROLE_ADMIN = 'Admin'
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Admin'
OAUTH_PROVIDERS = [{
'name':'google',
'token_key':'access_token',
'icon':'fa-google',
'remote_app': {
'api_base_url':'https://www.googleapis.com/oauth2/v2/',
'client_kwargs':{
'scope': 'email profile'
},
'access_token_url':'https://accounts.google.com/o/oauth2/token',
'authorize_url':'https://accounts.google.com/o/oauth2/auth',
'request_token_url': None,
'client_id': GOOGLE_CLIENT_ID,
'client_secret': GOOGLE_SECRET,
}
}]
# Custom Security Manager in order to get around the `role_keys` missing from Google OAuth response
# See: https://github.com/apache/airflow/issues/16783
from airflow.www.security import AirflowSecurityManager
AUTH_ROLES_MAPPING = {
"devs": ["Viewer"],
"admins": ["Admin"]
}
class GoogleAirflowSecurityManager(AirflowSecurityManager):
def oauth_user_info(self, provider, resp):
assert provider == "google", "Google provider is only supported in this Security Manager"
me = self.appbuilder.sm.oauth_remotes[provider].get("userinfo")
data = me.json()
email = data.get("email", "")
# Maps back to AUTH_ROLES_MAPPING keys
role_keys = ["admins"] if email in ADMIN_EMAILS else ["devs"]
return {
"username": "google_" + data.get("id", ""),
"first_name": data.get("given_name", ""),
"last_name": data.get("family_name", ""),
"email": email,
"role_keys": role_keys
}
SECURITY_MANAGER_CLASS = GoogleAirflowSecurityManager
```
`webserver.log`
Logs right as the login process occurs and directly after as the home page is rendered
```
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:29 +0000] "GET /airflow/ HTTP/1.1" 302 233 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:29 +0000] "GET /airflow/home HTTP/1.1" 302 341 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | [2021-08-17 05:46:29,307] {views.py:645} DEBUG - Provider: None
airflow-webserver_1 | [2021-08-17 05:46:29,307] {views.py:661} DEBUG - Going to call authorize for: google
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:29 +0000] "GET /airflow/login/?next=http%3A%2F%2Flocalhost%3A8080%2Fairflow%2Fhome HTTP/1.1" 302 1029 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | [2021-08-17 05:46:32,693] {views.py:694} DEBUG - Authorized init
airflow-webserver_1 | 127.0.0.1 - - [17/Aug/2021:05:46:33 +0000] "GET /airflow/health HTTP/1.1" 200 187 "-" "curl/7.64.0"
airflow-webserver_1 | [2021-08-17 05:46:33,530] {views.py:699} DEBUG - OAUTH Authorized resp: {'access_token': '<redacted>', 'expires_in': 3599, 'scope': 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid', 'token_type': 'Bearer', 'id_token': '<redacted>', 'expires_at': 1629182792}
airflow-webserver_1 | [2021-08-17 05:46:34,371] {views.py:708} DEBUG - User info retrieved from google: {'username': '<redacted>', 'first_name': '<redacted>', 'last_name': '<redacted>', 'email': '<redacted>', 'role_keys': ['admins']}
airflow-webserver_1 | [2021-08-17 05:46:34,371] {views.py:721} DEBUG - No whitelist for OAuth provider
airflow-webserver_1 | [2021-08-17 05:46:34,378] {manager.py:227} INFO - Updated user <redacted>
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/oauth-authorized/google?state=<redacted>&code=<redacted>&scope=email%20profile%20openid%20https://www.googleapis.com/auth/userinfo.profile%20https://www.googleapis.com/auth/userinfo.email&authuser=0&hd=<redacted>&prompt=none HTTP/1.1" 302 275 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/home HTTP/1.1" 200 57650 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/bootstrap.min.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/font-awesome.min.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/datepicker/bootstrap-datepicker.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/select2/select2.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/flags/flags16.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/ab.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/airflowDefaultTheme.3e8bda71892b61b62f94.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/materialIcons.3221294eb511f43d1b15.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/main.e52cf607b64cdcd15089.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/loadingDots.4033edd9abf2750d6f8f.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/bootstrap-datetimepicker.min.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/switch.e97750fdb7423f33656a.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/dags.6c090f6b27d152c78e7a.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/flash.d205b61edc54ed448412.css HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/jquery-latest.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/ab_filters.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/ab_actions.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/css/bootstrap.min.css.map HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/bootstrap.min.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/select2/select2.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/datepicker/bootstrap-datepicker.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/appbuilder/js/ab.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/moment.c1933ee062e9650051f7.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/main.e52cf607b64cdcd15089.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:34 +0000] "GET /airflow/static/dist/bootstrap-datetimepicker.min.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "GET /airflow/static/dist/bootstrap3-typeahead.min.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "GET /airflow/static/dist/d3.min.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "GET /airflow/static/dist/dags.6c090f6b27d152c78e7a.js HTTP/1.1" 304 0 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST /airflow/last_dagruns HTTP/1.1" 200 753 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST /airflow/blocked HTTP/1.1" 200 127 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST /airflow/task_stats HTTP/1.1" 200 6723 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
airflow-webserver_1 | <ip> - - [17/Aug/2021:05:46:35 +0000] "POST /airflow/dag_stats HTTP/1.1" 200 1804 "http://localhost:8080/airflow/home" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
```
Additional info:
airflow version: `2.1.2`
python: `python3.8`
airflow.cfg base_url
```
[webserver]
base_url = http://localhost:8080/airflow
```
Google OAuth2 Dashboard configured URIs:
```
Authorized JavaScript origins:
http://localhost:8080
Authorized redirect URIs:
http://localhost:8080/airflow/oauth-authorized/google
```
As the @anmtan said originally,
>The alert is just a false alarm and it only appears at user login.
Refresh of the page removes the banner and the user can carry on, but it's just something that is odd and would need to be noted to bring up to users.
<img width="1087" alt="image" src="https://user-images.githubusercontent.com/6064408/129672436-d80eed14-c945-4f1c-ae60-0a14c46de6d0.png">
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org