Implement login and logout in AWS auth manager #35488
Conversation
vincbeck
requested review from
ashb,
bbovenzi,
eladkal,
o-nikolas,
pierrejeambrun,
potiuk and
ryanahamilton
as code owners
boring-cyborg
bot
added
area:dev-tools
area:production-image
There was a problem hiding this comment.
For now, returns whether the user is logged-in. The actual authorization will be implemented in a separate PR. This is true for all the authorization APIs
vincbeck
changed the title
vincbeck
force-pushed
the
vincbeck/aws_auth_manager
branch
2 times, most recently
from
74e587b to
17d1cea
Compare
vincbeck
force-pushed
the
vincbeck/aws_auth_manager
branch
from
17d1cea to
fab6e97
Compare
vincbeck
force-pushed
the
vincbeck/aws_auth_manager
branch
from
dd1caa9 to
8f5aaf1
Compare
o-nikolas
left a comment
o-nikolas
left a comment
There was a problem hiding this comment.
Builds are still going, but other than that, the changes look good to me
|
|
||
| return redirect(saml_auth.logout()) | ||
|
|
||
| @csrf.exempt |
There was a problem hiding this comment.
Nitpick, maybe this is obvious to someone with a better background in auth backends, but I have no clue what CSRF is without looking it up, or why this method should be exempt. A comment might be helpful here.
There was a problem hiding this comment.
Just added a very simple comment. I only know I need to disable CSRF otherwise Identity center redirection wont work :)
| if not user: | ||
| self.log.error("Calling 'get_user_name()' but the user is not signed in.") | ||
| raise AirflowException("The user must be signed in.") | ||
| return user.get_name() |
There was a problem hiding this comment.
@vincbeck This looks like a breaking change since get_name() method was just defined in the BaseUser class. WDYT?
There was a problem hiding this comment.
No because the auth manager interface is not public interface YET. It will become in the near future but work in auth manager is still in progress. It is not documented anywhere how to build an auth manager or even how to use it so I assume nobody uses it
ephraimbuddy
added
the
changelog:skip
6 participants
This PR introduces the AWS auth manager. The target is to create an auth manager using AWS services: AWS Identity center and Amazon Verified Permissions. This PR handles the login and logout mechanism. Other features such as authorization will come in a separate PR. The auth manager wont be usable as such because of missing feature but since it is not documented anywhere, it should not be used by users.
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named
{pr_number}.significant.rstor{issue_number}.significant.rst, in newsfragments.