Implement SimpleAuthManager

[vincbeck]

Implement the simple auth manager intended to be used in Airflow 3. For more information about the simple auth manager, see #41683.

Login form

Login form (dark mode)

Error message when wrong credentials

What is not part of this PR and will be done in follow-up PRs:

• The feature in simple auth manager disabling the authentication and allowing everyone with all permissions
• Documentation
• Setting the simple auth manager as default in Airflow
• Update tests to rely on simple auth manager and no longer on FAB auth manager (besides FAB auth manager tests of course)
• Add warning message in the UI letting the user knows this is for development purposes only

This simple auth manager is required for completion of AIP-79.

Other note:

• The simple auth manager uses Flask app builder to register a view to Airflow environment. This is how it is done today in auth managers to register custom views. This will change in the future and will likely leverage the mechanism provided by AIP-68 to create new views in the Airflow environment through plugins

---

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.

[ferruzzi]

I'm not great with front-end yet, but it all appears to be in order. +0 (binding) :P

[potiuk]

LGTM (but also no UI / View experience enough to make constructive comments - so maybe others (@bbovenzi @pierrejeambrun might comment how this will fit in the future as well).

I like how indeed "simple" it is now. Probably we should figure out the way how you could set (and override) the user/role mappoing. I am not 100% convinced if webserver config is the right way - IMHO having a toml-based structured configuration might be better (but it will be future work as you mentioned).

[vincbeck]

I am not 100% convinced if webserver config is the right way - IMHO having a toml-based structured configuration might be better (but it will be future work as you mentioned).

100% agree with you. I dont like it either but it is more a temporary solution. Whenever we switch the Airflow config to TOML, my intention is to leverage it

[jscheffl]

Pure-reading the code looks good - as integration in breeze will come later - what is the esiest way to test (locally)? Would like to see it pre.merge on my laptop once :-D

[vincbeck]

Pure-reading the code looks good - as integration in breeze will come later - what is the esiest way to test (locally)? Would like to see it pre.merge on my laptop once :-D

export AIRFLOW__CORE__AUTH_MANAGER='airflow.auth.managers.simple.simple_auth_manager.SimpleAuthManager' :)

[jscheffl]

Pure-reading the code looks good - as integration in breeze will come later - what is the esiest way to test (locally)? Would like to see it pre.merge on my laptop once :-D

export AIRFLOW__CORE__AUTH_MANAGER='airflow.auth.managers.simple.simple_auth_manager.SimpleAuthManager' :)

RTFM :-D Besides one small nit in the example is working for the legacy UI.
NOT working for the new UI though. But would rather blame the new UI and not the simple login manager?

[vincbeck]

Pure-reading the code looks good - as integration in breeze will come later - what is the esiest way to test (locally)? Would like to see it pre.merge on my laptop once :-D

export AIRFLOW__CORE__AUTH_MANAGER='airflow.auth.managers.simple.simple_auth_manager.SimpleAuthManager' :)

RTFM :-D Besides one small nit in the example is working for the legacy UI. NOT working for the new UI though. But would rather blame the new UI and not the simple login manager?

Yep, waiting for AIP-68 :)

[pierrejeambrun]

Frontend code looks good. Just the form could be improved for better error handling (we have a useErrorToast) and use ReactQuery with an onSubmit, instead of the oldschool action interface. But this will get updated when we move to the new UI anyway, so I don't think it's worth spending more time on that.