Hi everyone, I just merged https://github.com/apache/airflow/pull/47691 which sets SimpleAuthManager as the default auth manager in Airflow. If you pull the latest main branch, Airflow will no longer use the FAB auth Manager by default but instead use SimpleAuthManager. This is another step towards removing Flask from Airflow.
*What changed?* Auth managers define authentication (AuthN) and authorization (AuthZ) logic in Airflow. Switching to SimpleAuthManager means changes in how authentication and authorization work: - The FAB login form is no longer used; authentication now follows the method provided by SimpleAuthManager. - Pages previously used to manage users and roles (/auth/users/list, /auth/roles/list, etc.) are no longer available since they are part of the FAB Auth Manager. - SimpleAuthManager manages users and roles through a configuration file instead of a web interface. For more details on SimpleAuthManager, please refer to the documentation: https://github.com/apache/airflow/blob/main/docs/apache-airflow/core-concepts/auth-manager/simple.rst. However, SimpleAuthManager is a minimal auth manager designed for development environments and *should not be used in production*. *Using a different auth manager* This change only updates the default auth manager, no existing options have been removed. You can continue using your preferred auth manager, including FAB, by setting the following in the config `[core] auth_manager = <auth_manager_path>`. For example, to continue using FAB:: `[core] auth_manager = airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager`. *Breeze users* If you are using Breeze, switching between auth managers is now easier. PR #47691 introduces a new `--auth-manager` parameter for `breeze start-airflow`: - Start Airflow with SimpleAuthManager:: `breeze start-airflow --auth-manager SimpleAuthManager` (or simply `breeze start-airflow`, since SimpleAuthManager is now the default) - Start Airflow with FAB auth manager:: `breeze start-airflow --auth-manager FabAuthManager` Simple auth manager auto generates a random password for all users defined in the config. These passwords are stored by default in ``AIRFLOW_HOME/simple_auth_manager_passwords.json.generated``. For convenience, Breeze predefines two default users: - "admin" (password: "admin") -> full access - "viewer" (password: "viewer") -> read-only access If you encounter any issues or have concerns about this change, feel free to discuss on Slack or submit a PR to address them. Thanks, Vincent
