diff --git a/airflow/config_templates/config.yml b/airflow/config_templates/config.yml index 059467e4a0c03..3f4b4e131f83a 100644 --- a/airflow/config_templates/config.yml +++ b/airflow/config_templates/config.yml @@ -1741,6 +1741,8 @@ webserver: type: string example: ~ default: "True" + version_deprecated: 2.9.0 + deprecation_reason: This config has been moved to fab provider. Please use the config from fab provider. session_lifetime_minutes: description: | The UI cookie lifetime in minutes. User will be logged out from UI after @@ -1817,6 +1819,8 @@ webserver: type: boolean example: ~ default: "True" + version_deprecated: 2.9.0 + deprecation_reason: This config has been moved to fab provider. Please use the config from fab provider. auth_rate_limit: description: | Rate limit for authentication endpoints. @@ -1824,6 +1828,8 @@ webserver: type: string example: ~ default: "5 per 40 second" + version_deprecated: 2.9.0 + deprecation_reason: This config has been moved to fab provider. Please use the config from fab provider. caching_hash_method: description: | The caching algorithm used by the webserver. Must be a valid hashlib function name. diff --git a/airflow/providers/fab/auth_manager/fab_auth_manager.py b/airflow/providers/fab/auth_manager/fab_auth_manager.py index dba6aca7efd5d..8d6d982a77706 100644 --- a/airflow/providers/fab/auth_manager/fab_auth_manager.py +++ b/airflow/providers/fab/auth_manager/fab_auth_manager.py @@ -499,5 +499,7 @@ def _sync_appbuilder_roles(self): # Otherwise, when the name of a view or menu is changed, the framework # will add the new Views and Menus names to the backend, but will not # delete the old ones. - if conf.getboolean("webserver", "UPDATE_FAB_PERMS"): + if conf.getboolean( + "fab", "UPDATE_FAB_PERMS", fallback=conf.getboolean("webserver", "UPDATE_FAB_PERMS") + ): self.security_manager.sync_roles() diff --git a/airflow/providers/fab/provider.yaml b/airflow/providers/fab/provider.yaml index 80e834fcadd65..48a085ae62155 100644 --- a/airflow/providers/fab/provider.yaml +++ b/airflow/providers/fab/provider.yaml @@ -40,5 +40,32 @@ dependencies: - flask-login>=0.6.2 - google-re2>=1.0 +config: + fab: + description: This section contains configs specific to FAB provider. + options: + auth_rate_limited: + description: | + Boolean for enabling rate limiting on authentication endpoints. + version_added: 1.0.0 + type: boolean + example: ~ + default: "True" + auth_rate_limit: + description: | + Rate limit for authentication endpoints. + version_added: 2.6.0 + type: string + example: ~ + default: "5 per 40 second" + update_fab_perms: + description: | + Update FAB permissions and sync security manager roles + on webserver startup + version_added: 1.10.7 + type: string + example: ~ + default: "True" + auth-managers: - airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager diff --git a/airflow/www/extensions/init_appbuilder.py b/airflow/www/extensions/init_appbuilder.py index bda10d8ddc701..991634c0f6107 100644 --- a/airflow/www/extensions/init_appbuilder.py +++ b/airflow/www/extensions/init_appbuilder.py @@ -131,9 +131,19 @@ def __init__( base_template="airflow/main.html", static_folder="static/appbuilder", static_url_path="/appbuilder", - update_perms=conf.getboolean("webserver", "UPDATE_FAB_PERMS"), - auth_rate_limited=conf.getboolean("webserver", "AUTH_RATE_LIMITED", fallback=True), - auth_rate_limit=conf.get("webserver", "AUTH_RATE_LIMIT", fallback="5 per 40 second"), + update_perms=conf.getboolean( + "fab", "UPDATE_FAB_PERMS", fallback=conf.getboolean("webserver", "UPDATE_FAB_PERMS") + ), + auth_rate_limited=conf.getboolean( + "fab", + "AUTH_RATE_LIMITED", + fallback=conf.getboolean("webserver", "AUTH_RATE_LIMITED", fallback=True), + ), + auth_rate_limit=conf.get( + "fab", + "AUTH_RATE_LIMIT", + fallback=conf.get("webserver", "AUTH_RATE_LIMIT", fallback="5 per 40 second"), + ), ): """ App-builder constructor. @@ -654,7 +664,17 @@ def init_appbuilder(app: Flask) -> AirflowAppBuilder: app=app, session=settings.Session, base_template="airflow/main.html", - update_perms=conf.getboolean("webserver", "UPDATE_FAB_PERMS"), - auth_rate_limited=conf.getboolean("webserver", "AUTH_RATE_LIMITED", fallback=True), - auth_rate_limit=conf.get("webserver", "AUTH_RATE_LIMIT", fallback="5 per 40 second"), + update_perms=conf.getboolean( + "fab", "UPDATE_FAB_PERMS", fallback=conf.getboolean("webserver", "UPDATE_FAB_PERMS") + ), + auth_rate_limited=conf.getboolean( + "fab", + "AUTH_RATE_LIMITED", + fallback=conf.getboolean("webserver", "AUTH_RATE_LIMITED", fallback=True), + ), + auth_rate_limit=conf.get( + "fab", + "AUTH_RATE_LIMIT", + fallback=conf.get("webserver", "AUTH_RATE_LIMIT", fallback="5 per 40 second"), + ), ) diff --git a/docs/apache-airflow-providers-fab/configurations-ref.rst b/docs/apache-airflow-providers-fab/configurations-ref.rst new file mode 100644 index 0000000000000..5885c9d91b6e8 --- /dev/null +++ b/docs/apache-airflow-providers-fab/configurations-ref.rst @@ -0,0 +1,18 @@ + .. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + .. http://www.apache.org/licenses/LICENSE-2.0 + + .. Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +.. include:: ../exts/includes/providers-configurations-ref.rst diff --git a/docs/apache-airflow-providers-fab/index.rst b/docs/apache-airflow-providers-fab/index.rst index f196889824568..1e39f27e18ca7 100644 --- a/docs/apache-airflow-providers-fab/index.rst +++ b/docs/apache-airflow-providers-fab/index.rst @@ -34,6 +34,7 @@ :maxdepth: 1 :caption: Guides + Configuration Auth manager .. toctree:: diff --git a/tests/conftest.py b/tests/conftest.py index 646ca322286c3..9550b7d54bc8d 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -602,7 +602,7 @@ def fake_sleep(seconds): def app(): from tests.test_utils.config import conf_vars - with conf_vars({("webserver", "auth_rate_limited"): "False"}): + with conf_vars({("fab", "auth_rate_limited"): "False"}): from airflow.www import app yield app.create_app(testing=True) diff --git a/tests/www/views/conftest.py b/tests/www/views/conftest.py index aa531a8267a51..14822b5eaf5eb 100644 --- a/tests/www/views/conftest.py +++ b/tests/www/views/conftest.py @@ -63,7 +63,7 @@ def app(examples_dag_bag): ] ) def factory(): - with conf_vars({("webserver", "auth_rate_limited"): "False"}): + with conf_vars({("fab", "auth_rate_limited"): "False"}): return create_app(testing=True) app = factory() diff --git a/tests/www/views/test_views_log.py b/tests/www/views/test_views_log.py index 16cfa2b99756c..8d816d7695605 100644 --- a/tests/www/views/test_views_log.py +++ b/tests/www/views/test_views_log.py @@ -79,7 +79,7 @@ def log_app(backup_modules, log_path): @conf_vars( { ("logging", "logging_config_class"): "airflow_local_settings.LOGGING_CONFIG", - ("webserver", "auth_rate_limited"): "False", + ("fab", "auth_rate_limited"): "False", } ) def factory(): diff --git a/tests/www/views/test_views_rate_limit.py b/tests/www/views/test_views_rate_limit.py index ddd28259d7c4c..540a0c9f9a189 100644 --- a/tests/www/views/test_views_rate_limit.py +++ b/tests/www/views/test_views_rate_limit.py @@ -43,9 +43,7 @@ def app_with_rate_limit_one(examples_dag_bag): ] ) def factory(): - with conf_vars( - {("webserver", "auth_rate_limited"): "True", ("webserver", "auth_rate_limit"): "1 per 20 second"} - ): + with conf_vars({("fab", "auth_rate_limited"): "True", ("fab", "auth_rate_limit"): "1 per 20 second"}): return create_app(testing=True) app = factory()