• Home
• airflow.providers.amazon
• airflow.providers.amazon.aws
• airflow.providers.amazon.aws.auth_manager
• airflow.providers.amazon.aws.auth_manager.aws_auth_manager

airflow.providers.amazon.aws.auth_manager.aws_auth_manager

Classes

AwsAuthManager

AWS auth manager.

Functions

get_parser()

Generate documentation; used by Sphinx argparse.

Module Contents

class airflow.providers.amazon.aws.auth_manager.aws_auth_manager.AwsAuthManager

Bases: airflow.api_fastapi.auth.managers.base_auth_manager.BaseAuthManager[airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser]

AWS auth manager.

Leverages AWS services such as Amazon Identity Center and Amazon Verified Permissions to perform authentication and authorization in Airflow.

property avp_facade

property apiserver_endpoint: str

deserialize_user(token)

Create a user object from dict.

serialize_user(user)

Create a subject and extra claims dict from a user object.

is_authorized_configuration(*, method, user, details=None)

Return whether the user is authorized to perform a given action on configuration.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

• details (airflow.api_fastapi.auth.managers.models.resource_details.ConfigurationDetails | None) – optional details about the configuration

is_authorized_connection(*, method, user, details=None)

Return whether the user is authorized to perform a given action on a connection.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

• details (airflow.api_fastapi.auth.managers.models.resource_details.ConnectionDetails | None) – optional details about the connection

is_authorized_dag(*, method, user, access_entity=None, details=None)

Return whether the user is authorized to perform a given action on a DAG.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

• access_entity (airflow.api_fastapi.auth.managers.models.resource_details.DagAccessEntity | None) – the kind of DAG information the authorization request is about. If not provided, the authorization request is about the DAG itself

• details (airflow.api_fastapi.auth.managers.models.resource_details.DagDetails | None) – optional details about the DAG

is_authorized_backfill(*, method, user, details=None)

Return whether the user is authorized to perform a given action on a backfill.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

• details (airflow.api_fastapi.auth.managers.models.resource_details.BackfillDetails | None) – optional details about the backfill

is_authorized_asset(*, method, user, details=None)

Return whether the user is authorized to perform a given action on an asset.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

• details (airflow.api_fastapi.auth.managers.models.resource_details.AssetDetails | None) – optional details about the asset

is_authorized_asset_alias(*, method, user, details=None)

Return whether the user is authorized to perform a given action on an asset alias.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to perform the action on

• details (airflow.api_fastapi.auth.managers.models.resource_details.AssetAliasDetails | None) – optional details about the asset alias

is_authorized_pool(*, method, user, details=None)

Return whether the user is authorized to perform a given action on a pool.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

• details (airflow.api_fastapi.auth.managers.models.resource_details.PoolDetails | None) – optional details about the pool

is_authorized_variable(*, method, user, details=None)

Return whether the user is authorized to perform a given action on a variable.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to perform

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

• details (airflow.api_fastapi.auth.managers.models.resource_details.VariableDetails | None) – optional details about the variable

is_authorized_view(*, access_view, user)

Return whether the user is authorized to access a read-only state of the installation.

Parameters:

• access_view (airflow.api_fastapi.auth.managers.models.resource_details.AccessView) – the specific read-only view/state the authorization request is about.

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

is_authorized_custom_view(*, method, resource_name, user)

Return whether the user is authorized to perform a given action on a custom view.

A custom view can be a view defined as part of the auth manager. This view is then only available when the auth manager is used as part of the environment. It can also be a view defined as part of a plugin defined by a user.

Parameters:

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod | str) – the method to perform. The method can also be a string if the action has been defined in a plugin. In that case, the action can be anything (e.g. can_do). See https://github.com/apache/airflow/issues/39144

• resource_name (str) – the name of the resource

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

filter_authorized_menu_items(menu_items, *, user)

Filter menu items based on user permissions.

Parameters:

• menu_items (list[airflow.api_fastapi.common.types.MenuItem]) – list of all menu items

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user

batch_is_authorized_connection(requests, *, user)

Batch version of is_authorized_connection.

By default, calls individually the is_authorized_connection API on each item in the list of requests, which can lead to some poor performance. It is recommended to override this method in the auth manager implementation to provide a more efficient implementation.

Parameters:

• requests (collections.abc.Sequence[airflow.api_fastapi.auth.managers.models.batch_apis.IsAuthorizedConnectionRequest]) – a list of requests containing the parameters for is_authorized_connection

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

batch_is_authorized_dag(requests, *, user)

Batch version of is_authorized_dag.

By default, calls individually the is_authorized_dag API on each item in the list of requests. Can lead to some poor performance. It is recommended to override this method in the auth manager implementation to provide a more efficient implementation.

Parameters:

• requests (collections.abc.Sequence[airflow.api_fastapi.auth.managers.models.batch_apis.IsAuthorizedDagRequest]) – a list of requests containing the parameters for is_authorized_dag

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

batch_is_authorized_pool(requests, *, user)

Batch version of is_authorized_pool.

By default, calls individually the is_authorized_pool API on each item in the list of requests. Can lead to some poor performance. It is recommended to override this method in the auth manager implementation to provide a more efficient implementation.

Parameters:

• requests (collections.abc.Sequence[airflow.api_fastapi.auth.managers.models.batch_apis.IsAuthorizedPoolRequest]) – a list of requests containing the parameters for is_authorized_pool

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

batch_is_authorized_variable(requests, *, user)

Batch version of is_authorized_variable.

By default, calls individually the is_authorized_variable API on each item in the list of requests. Can lead to some poor performance. It is recommended to override this method in the auth manager implementation to provide a more efficient implementation.

Parameters:

• requests (collections.abc.Sequence[airflow.api_fastapi.auth.managers.models.batch_apis.IsAuthorizedVariableRequest]) – a list of requests containing the parameters for is_authorized_variable

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user to performing the action

filter_authorized_dag_ids(*, dag_ids, user, method='GET')

Filter DAGs the user has access to.

Parameters:

• dag_ids (set[str]) – the list of DAG ids

• user (airflow.providers.amazon.aws.auth_manager.user.AwsAuthManagerUser) – the user

• method (airflow.api_fastapi.auth.managers.base_auth_manager.ResourceMethod) – the method to filter on

get_url_login(**kwargs)

Return the login page url.

static get_cli_commands()

Vends CLI commands to be included in Airflow CLI.

get_fastapi_app()

Specify a sub FastAPI application specific to the auth manager.

This sub application, if specified, is mounted in the main FastAPI application.

airflow.providers.amazon.aws.auth_manager.aws_auth_manager.get_parser()

Generate documentation; used by Sphinx argparse.

Previous Next

Was this entry helpful?