This is an automated email from the ASF dual-hosted git repository. potiuk pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push: new e99cfbbd51 Upgrade to FAB 4.3.11 (#37233) e99cfbbd51 is described below commit e99cfbbd51515fa947c16912acebbaa7ed816e8a Author: Jarek Potiuk <ja...@potiuk.com> AuthorDate: Wed Feb 7 22:43:10 2024 +0100 Upgrade to FAB 4.3.11 (#37233) --- .../fab/auth_manager/security_manager/override.py | 22 ++++++++++++++++++++-- airflow/providers/fab/provider.yaml | 2 +- generated/provider_dependencies.json | 2 +- pyproject.toml | 2 +- 4 files changed, 23 insertions(+), 5 deletions(-) diff --git a/airflow/providers/fab/auth_manager/security_manager/override.py b/airflow/providers/fab/auth_manager/security_manager/override.py index 61a6573e26..9fe89f8a69 100644 --- a/airflow/providers/fab/auth_manager/security_manager/override.py +++ b/airflow/providers/fab/auth_manager/security_manager/override.py @@ -1845,6 +1845,13 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2): log.error(const.LOGMSG_ERR_SEC_DEL_PERMROLE, e) self.get_session.rollback() + def get_oid_identity_url(self, provider_name: str) -> str | None: + """Returns the OIDC identity provider URL.""" + for provider in self.openid_providers: + if provider.get("name") == provider_name: + return provider.get("url") + return None + @staticmethod def get_user_roles(user=None): """ @@ -2169,10 +2176,21 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2): data = me.json() log.debug("User info from Okta: %s", data) return { - "username": "okta_" + data.get("sub", ""), + "username": f"{provider}_{data['sub']}", "first_name": data.get("given_name", ""), "last_name": data.get("family_name", ""), - "email": data.get("email", ""), + "email": data["email"], + "role_keys": data.get("groups", []), + } + # for Auth0 + if provider == "auth0": + data = self.appbuilder.sm.oauth_remotes[provider].userinfo() + log.debug("User info from Auth0: %s", data) + return { + "username": f"{provider}_{data['sub']}", + "first_name": data.get("given_name", ""), + "last_name": data.get("family_name", ""), + "email": data["email"], "role_keys": data.get("groups", []), } # for Keycloak diff --git a/airflow/providers/fab/provider.yaml b/airflow/providers/fab/provider.yaml index 5ed04981b8..9f6ddbb54f 100644 --- a/airflow/providers/fab/provider.yaml +++ b/airflow/providers/fab/provider.yaml @@ -41,7 +41,7 @@ dependencies: # Every time we update FAB version here, please make sure that you review the classes and models in # `airflow/providers/fab/auth_manager/security_manager/override.py` with their upstream counterparts. # In particular, make sure any breaking changes, for example any new methods, are accounted for. - - flask-appbuilder==4.3.10 + - flask-appbuilder==4.3.11 - flask-login>=0.6.2 - google-re2>=1.0 diff --git a/generated/provider_dependencies.json b/generated/provider_dependencies.json index d69a2ab0c8..f916a2d2ab 100644 --- a/generated/provider_dependencies.json +++ b/generated/provider_dependencies.json @@ -463,7 +463,7 @@ "fab": { "deps": [ "apache-airflow>=2.9.0", - "flask-appbuilder==4.3.10", + "flask-appbuilder==4.3.11", "flask-login>=0.6.2", "flask>=2.2,<2.3", "google-re2>=1.0" diff --git a/pyproject.toml b/pyproject.toml index a260458aeb..e3a73c67cf 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -678,7 +678,7 @@ exasol = [ # source: airflow/providers/exasol/provider.yaml "pyexasol>=0.5.1", ] fab = [ # source: airflow/providers/fab/provider.yaml - "flask-appbuilder==4.3.10", + "flask-appbuilder==4.3.11", "flask-login>=0.6.2", "flask>=2.2,<2.3", "google-re2>=1.0",