apache · vincbeck · Apr 15, 2024 · Apr 15, 2024
diff --git a/airflow/providers/amazon/aws/auth_manager/aws_auth_manager.py b/airflow/providers/amazon/aws/auth_manager/aws_auth_manager.py
@@ -24,7 +24,6 @@
 from flask import session, url_for
 
 from airflow.cli.cli_config import CLICommand, DefaultHelpParser, GroupCommand
-from airflow.configuration import conf
 from airflow.exceptions import AirflowOptionalProviderFeatureException
 from airflow.providers.amazon.aws.auth_manager.avp.entities import AvpEntities
 from airflow.providers.amazon.aws.auth_manager.avp.facade import (
@@ -34,10 +33,6 @@
 from airflow.providers.amazon.aws.auth_manager.cli.definition import (
     AWS_AUTH_MANAGER_COMMANDS,
 )
-from airflow.providers.amazon.aws.auth_manager.constants import (
-    CONF_ENABLE_KEY,
-    CONF_SECTION_NAME,
-)
 from airflow.providers.amazon.aws.auth_manager.security_manager.aws_security_manager_override import (
     AwsSecurityManagerOverride,
 )
@@ -87,12 +82,7 @@ class AwsAuthManager(BaseAuthManager):
 
     def __init__(self, appbuilder: AirflowAppBuilder) -> None:
         super().__init__(appbuilder)
-        enable = conf.getboolean(CONF_SECTION_NAME, CONF_ENABLE_KEY)
         self._check_avp_schema_version()
-        if not enable:
-            raise NotImplementedError(
-                "The AWS auth manager is currently being built. It is not finalized. It is not intended to be used yet."
-            )
 
     @cached_property
     def avp_facade(self):

diff --git a/airflow/providers/amazon/aws/auth_manager/constants.py b/airflow/providers/amazon/aws/auth_manager/constants.py
@@ -18,7 +18,6 @@
 # Configuration keys
 from __future__ import annotations
 
-CONF_ENABLE_KEY = "enable"
 CONF_SECTION_NAME = "aws_auth_manager"
 CONF_CONN_ID_KEY = "conn_id"
 CONF_REGION_NAME_KEY = "region_name"

diff --git a/docs/apache-airflow-providers-amazon/auth-manager/manage/index.rst b/docs/apache-airflow-providers-amazon/auth-manager/manage/index.rst
@@ -19,9 +19,9 @@
 Manage Airflow environment with AWS auth manager
 ================================================
 
-When the AWS auth manager is used, all users and their permissions are no longer managed by
-Airflow itself but by AWS through two different services: AWS IAM Identity Center (users) and Amazon Verified
-Permissions (permissions).
+When the AWS auth manager is used, all users and their permissions are no longer managed by the Flask auth manager,
+which is default in Airflow, but by AWS-based authorization integration through two different services:
+AWS IAM Identity Center (users) and Amazon Verified Permissions (permissions).
 
 Manage users through AWS IAM Identity Center
 ============================================
@@ -55,7 +55,7 @@ Assign users and groups to the Airflow environment
 --------------------------------------------------
 
 .. note::
-  All users and groups defined in AWS IAM Identity Center do not have automatically access to the Airflow environment.
+  All users and groups defined in AWS IAM Identity Center do not have automatic access to the Airflow environment.
   You need to manually assign which user can access to Airflow.
 
 To assign users and groups to Airflow, please follow the steps below.
@@ -102,7 +102,7 @@ In cedar language, a policy is composed of three elements:
 * **Action**. What operation does the principal want to perform?
 * **Resource**. What does the principal want to perform the action on?
 
-Each of these three elements can have limited values in the context of the Airflow environment.
+Each of these three elements allow only a specific set of values in the context of the Airflow environment.
 You can see the list of principals, actions and resources in the policy store schema by following the steps below.
 
 1. Open the `Amazon Verified Permissions console <https://console.aws.amazon.com/verifiedpermissions>`_.
@@ -113,8 +113,7 @@ Example of policies
 -------------------
 
 Here are some example of policies you can define in Amazon Verified Permissions.
-You can use them as-is if they fit exactly your use case.
-You can also modify and/or combine them to create your owned tailor made policies.
+You can modify and/or combine them to create your owned tailor made policies.
 
 Give all permissions to specific user
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff --git a/tests/providers/amazon/aws/auth_manager/test_aws_auth_manager.py b/tests/providers/amazon/aws/auth_manager/test_aws_auth_manager.py
@@ -83,7 +83,6 @@ def auth_manager():
                 "core",
                 "auth_manager",
             ): "airflow.providers.amazon.aws.auth_manager.aws_auth_manager.AwsAuthManager",
-            ("aws_auth_manager", "enable"): "True",
         }
     ):
         with patch.object(AwsAuthManager, "_check_avp_schema_version"):
@@ -100,7 +99,6 @@ def auth_manager_with_appbuilder():
                 "core",
                 "auth_manager",
             ): "airflow.providers.amazon.aws.auth_manager.aws_auth_manager.AwsAuthManager",
-            ("aws_auth_manager", "enable"): "True",
         }
     ):
         with patch.object(AwsAuthManager, "_check_avp_schema_version"):
@@ -120,7 +118,6 @@ def client_admin():
                 "core",
                 "auth_manager",
             ): "airflow.providers.amazon.aws.auth_manager.aws_auth_manager.AwsAuthManager",
-            ("aws_auth_manager", "enable"): "True",
             ("aws_auth_manager", "region_name"): "us-east-1",
             ("aws_auth_manager", "saml_metadata_url"): "/saml/metadata",
             ("aws_auth_manager", "avp_policy_store_id"): "avp_policy_store_id",

diff --git a/tests/providers/amazon/aws/auth_manager/test_constants.py b/tests/providers/amazon/aws/auth_manager/test_constants.py
@@ -19,17 +19,13 @@
 from airflow.providers.amazon.aws.auth_manager.constants import (
     CONF_AVP_POLICY_STORE_ID_KEY,
     CONF_CONN_ID_KEY,
-    CONF_ENABLE_KEY,
     CONF_REGION_NAME_KEY,
     CONF_SAML_METADATA_URL_KEY,
     CONF_SECTION_NAME,
 )
 
 
 class TestAwsAuthManagerConstants:
-    def test_conf_enable_key(self):
-        assert CONF_ENABLE_KEY == "enable"
-
     def test_conf_section_name(self):
         assert CONF_SECTION_NAME == "aws_auth_manager"
 

diff --git a/tests/providers/amazon/aws/auth_manager/views/test_auth.py b/tests/providers/amazon/aws/auth_manager/views/test_auth.py
@@ -54,7 +54,6 @@ def aws_app():
                 "core",
                 "auth_manager",
             ): "airflow.providers.amazon.aws.auth_manager.aws_auth_manager.AwsAuthManager",
-            ("aws_auth_manager", "enable"): "True",
             ("aws_auth_manager", "saml_metadata_url"): SAML_METADATA_URL,
         }
     ):
@@ -95,7 +94,6 @@ def test_login_callback_set_user_in_session(self):
                     "core",
                     "auth_manager",
                 ): "airflow.providers.amazon.aws.auth_manager.aws_auth_manager.AwsAuthManager",
-                ("aws_auth_manager", "enable"): "True",
                 ("aws_auth_manager", "saml_metadata_url"): SAML_METADATA_URL,
             }
         ):
@@ -134,7 +132,6 @@ def test_login_callback_raise_exception_if_errors(self):
                     "core",
                     "auth_manager",
                 ): "airflow.providers.amazon.aws.auth_manager.aws_auth_manager.AwsAuthManager",
-                ("aws_auth_manager", "enable"): "True",
                 ("aws_auth_manager", "saml_metadata_url"): SAML_METADATA_URL,
             }
         ):

diff --git a/tests/system/providers/amazon/aws/tests/test_aws_auth_manager.py b/tests/system/providers/amazon/aws/tests/test_aws_auth_manager.py
@@ -121,7 +121,6 @@ def base_app(region_name, avp_policy_store_id):
                 "core",
                 "auth_manager",
             ): "airflow.providers.amazon.aws.auth_manager.aws_auth_manager.AwsAuthManager",
-            ("aws_auth_manager", "enable"): "True",
             ("aws_auth_manager", "region_name"): region_name,
             ("aws_auth_manager", "saml_metadata_url"): SAML_METADATA_URL,
             ("aws_auth_manager", "avp_policy_store_id"): avp_policy_store_id,