`airflow.providers.amazon.aws.auth_manager.aws_auth_manager`¶

Module Contents¶

Classes¶

AwsAuthManager

AWS auth manager.

Functions¶

get_parser()

Generate documentation; used by Sphinx argparse.

class airflow.providers.amazon.aws.auth_manager.aws_auth_manager.AwsAuthManager(appbuilder)[source]¶

Bases: airflow.auth.managers.base_auth_manager.BaseAuthManager

AWS auth manager.

Leverages AWS services such as Amazon Identity Center and Amazon Verified Permissions to perform authentication and authorization in Airflow.

Parameters: appbuilder (airflow.www.extensions.init_appbuilder.AirflowAppBuilder) – the flask app builder

avp_facade()[source]¶

get_user()[source]¶

Return the user associated to the user in session.

is_logged_in()[source]¶

Return whether the user is logged in.

is_authorized_configuration(*, method, details=None, user=None)[source]¶

Return whether the user is authorized to perform a given action on configuration.

Parameters

method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.ConfigurationDetails | None) – optional details about the configuration
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_connection(*, method, details=None, user=None)[source]¶

Return whether the user is authorized to perform a given action on a connection.

Parameters

method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.ConnectionDetails | None) – optional details about the connection
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_dag(*, method, access_entity=None, details=None, user=None)[source]¶

Return whether the user is authorized to perform a given action on a DAG.

Parameters

method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
access_entity (airflow.auth.managers.models.resource_details.DagAccessEntity | None) – the kind of DAG information the authorization request is about. If not provided, the authorization request is about the DAG itself
details (airflow.auth.managers.models.resource_details.DagDetails | None) – optional details about the DAG
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_dataset(*, method, details=None, user=None)[source]¶

Return whether the user is authorized to perform a given action on a dataset.

Parameters

method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.DatasetDetails | None) – optional details about the dataset
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_pool(*, method, details=None, user=None)[source]¶

Return whether the user is authorized to perform a given action on a pool.

Parameters

method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.PoolDetails | None) – optional details about the pool
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_variable(*, method, details=None, user=None)[source]¶

Return whether the user is authorized to perform a given action on a variable.

Parameters

method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
details (airflow.auth.managers.models.resource_details.VariableDetails | None) – optional details about the variable
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_view(*, access_view, user=None)[source]¶

Return whether the user is authorized to access a read-only state of the installation.

Parameters

access_view (airflow.auth.managers.models.resource_details.AccessView) – the specific read-only view/state the authorization request is about.
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

is_authorized_custom_view(*, method, resource_name, user=None)[source]¶

Return whether the user is authorized to perform a given action on a custom view.

A custom view can be a view defined as part of the auth manager. This view is then only available when the auth manager is used as part of the environment. It can also be a view defined as part of a plugin defined by a user.

Parameters

method (airflow.auth.managers.base_auth_manager.ResourceMethod) – the method to perform
resource_name (str) – the name of the resource
user (airflow.auth.managers.models.base_user.BaseUser | None) – the user to perform the action on. If not provided (or None), it uses the current user

batch_is_authorized_connection(requests)[source]¶

Batch version of is_authorized_connection.

Parameters: requests (Sequence[airflow.auth.managers.models.batch_apis.IsAuthorizedConnectionRequest]) – a list of requests containing the parameters for is_authorized_connection

batch_is_authorized_dag(requests)[source]¶

Batch version of is_authorized_dag.

Parameters: requests (Sequence[airflow.auth.managers.models.batch_apis.IsAuthorizedDagRequest]) – a list of requests containing the parameters for is_authorized_dag

batch_is_authorized_pool(requests)[source]¶

Batch version of is_authorized_pool.

Parameters: requests (Sequence[airflow.auth.managers.models.batch_apis.IsAuthorizedPoolRequest]) – a list of requests containing the parameters for is_authorized_pool

batch_is_authorized_variable(requests)[source]¶

Batch version of is_authorized_variable.

Parameters: requests (Sequence[airflow.auth.managers.models.batch_apis.IsAuthorizedVariableRequest]) – a list of requests containing the parameters for is_authorized_variable

filter_permitted_dag_ids(*, dag_ids, methods=None, user=None)[source]¶

Filter readable or writable DAGs for user.

Parameters

dag_ids (set[str]) – the list of DAG ids
methods (Container[airflow.auth.managers.base_auth_manager.ResourceMethod] | None) – whether filter readable or writable
user – the current user

filter_permitted_menu_items(menu_items)[source]¶

Filter menu items based on user permissions.

Parameters: menu_items (list[flask_appbuilder.menu.MenuItem]) – list of all menu items

get_url_login(**kwargs)[source]¶

Return the login page url.

get_url_logout()[source]¶

Return the logout page url.

security_manager()[source]¶

Return the security manager.

By default, Airflow comes with the default security manager airflow.www.security_manager.AirflowSecurityManagerV2. The auth manager might need to extend this default security manager for its own purposes.

By default, return the default AirflowSecurityManagerV2.

static get_cli_commands()[source]¶

Vends CLI commands to be included in Airflow CLI.

airflow.providers.amazon.aws.auth_manager.aws_auth_manager.get_parser()[source]¶

Generate documentation; used by Sphinx argparse.

airflow.providers.amazon.aws.auth_manager.aws_auth_manager¶

Module Contents¶

Classes¶

Functions¶

`airflow.providers.amazon.aws.auth_manager.aws_auth_manager`¶