This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new e99cfbbd51 Upgrade to FAB 4.3.11 (#37233)
e99cfbbd51 is described below
commit e99cfbbd51515fa947c16912acebbaa7ed816e8a
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Wed Feb 7 22:43:10 2024 +0100
Upgrade to FAB 4.3.11 (#37233)
---
.../fab/auth_manager/security_manager/override.py | 22 ++++++++++++++++++++--
airflow/providers/fab/provider.yaml | 2 +-
generated/provider_dependencies.json | 2 +-
pyproject.toml | 2 +-
4 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/airflow/providers/fab/auth_manager/security_manager/override.py
b/airflow/providers/fab/auth_manager/security_manager/override.py
index 61a6573e26..9fe89f8a69 100644
--- a/airflow/providers/fab/auth_manager/security_manager/override.py
+++ b/airflow/providers/fab/auth_manager/security_manager/override.py
@@ -1845,6 +1845,13 @@ class
FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
log.error(const.LOGMSG_ERR_SEC_DEL_PERMROLE, e)
self.get_session.rollback()
+ def get_oid_identity_url(self, provider_name: str) -> str | None:
+ """Returns the OIDC identity provider URL."""
+ for provider in self.openid_providers:
+ if provider.get("name") == provider_name:
+ return provider.get("url")
+ return None
+
@staticmethod
def get_user_roles(user=None):
"""
@@ -2169,10 +2176,21 @@ class
FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
data = me.json()
log.debug("User info from Okta: %s", data)
return {
- "username": "okta_" + data.get("sub", ""),
+ "username": f"{provider}_{data['sub']}",
"first_name": data.get("given_name", ""),
"last_name": data.get("family_name", ""),
- "email": data.get("email", ""),
+ "email": data["email"],
+ "role_keys": data.get("groups", []),
+ }
+ # for Auth0
+ if provider == "auth0":
+ data = self.appbuilder.sm.oauth_remotes[provider].userinfo()
+ log.debug("User info from Auth0: %s", data)
+ return {
+ "username": f"{provider}_{data['sub']}",
+ "first_name": data.get("given_name", ""),
+ "last_name": data.get("family_name", ""),
+ "email": data["email"],
"role_keys": data.get("groups", []),
}
# for Keycloak
diff --git a/airflow/providers/fab/provider.yaml
b/airflow/providers/fab/provider.yaml
index 5ed04981b8..9f6ddbb54f 100644
--- a/airflow/providers/fab/provider.yaml
+++ b/airflow/providers/fab/provider.yaml
@@ -41,7 +41,7 @@ dependencies:
# Every time we update FAB version here, please make sure that you review
the classes and models in
# `airflow/providers/fab/auth_manager/security_manager/override.py` with
their upstream counterparts.
# In particular, make sure any breaking changes, for example any new
methods, are accounted for.
- - flask-appbuilder==4.3.10
+ - flask-appbuilder==4.3.11
- flask-login>=0.6.2
- google-re2>=1.0
diff --git a/generated/provider_dependencies.json
b/generated/provider_dependencies.json
index d69a2ab0c8..f916a2d2ab 100644
--- a/generated/provider_dependencies.json
+++ b/generated/provider_dependencies.json
@@ -463,7 +463,7 @@
"fab": {
"deps": [
"apache-airflow>=2.9.0",
- "flask-appbuilder==4.3.10",
+ "flask-appbuilder==4.3.11",
"flask-login>=0.6.2",
"flask>=2.2,<2.3",
"google-re2>=1.0"
diff --git a/pyproject.toml b/pyproject.toml
index a260458aeb..e3a73c67cf 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -678,7 +678,7 @@ exasol = [ # source: airflow/providers/exasol/provider.yaml
"pyexasol>=0.5.1",
]
fab = [ # source: airflow/providers/fab/provider.yaml
- "flask-appbuilder==4.3.10",
+ "flask-appbuilder==4.3.11",
"flask-login>=0.6.2",
"flask>=2.2,<2.3",
"google-re2>=1.0",
