Move config related to FAB auth manager to FAB provider

apache · Dec 14, 2023 · 97cd99b · 97cd99b
1 parent 01fd0d3
commit 97cd99b
Show file tree

Hide file tree

Showing 10 changed files with 72 additions and 13 deletions.
diff --git a/airflow/config_templates/config.yml b/airflow/config_templates/config.yml
@@ -1741,6 +1741,8 @@ webserver:
       type: string
       example: ~
       default: "True"
+      version_deprecated: 2.9.0
+      deprecation_reason: This config has been moved to fab provider. Please use the config from fab provider.
     session_lifetime_minutes:
       description: |
         The UI cookie lifetime in minutes. User will be logged out from UI after
@@ -1817,13 +1819,17 @@ webserver:
       type: boolean
       example: ~
       default: "True"
+      version_deprecated: 2.9.0
+      deprecation_reason: This config has been moved to fab provider. Please use the config from fab provider.
     auth_rate_limit:
       description: |
         Rate limit for authentication endpoints.
       version_added: 2.6.0
       type: string
       example: ~
       default: "5 per 40 second"
+      version_deprecated: 2.9.0
+      deprecation_reason: This config has been moved to fab provider. Please use the config from fab provider.
     caching_hash_method:
       description: |
         The caching algorithm used by the webserver. Must be a valid hashlib function name.

diff --git a/airflow/providers/fab/auth_manager/fab_auth_manager.py b/airflow/providers/fab/auth_manager/fab_auth_manager.py
@@ -508,5 +508,7 @@ def _sync_appbuilder_roles(self):
         # Otherwise, when the name of a view or menu is changed, the framework
         # will add the new Views and Menus names to the backend, but will not
         # delete the old ones.
-        if conf.getboolean("webserver", "UPDATE_FAB_PERMS"):
+        if conf.getboolean(
+            "fab", "UPDATE_FAB_PERMS", fallback=conf.getboolean("webserver", "UPDATE_FAB_PERMS")
+        ):
             self.security_manager.sync_roles()
diff --git a/airflow/providers/fab/provider.yaml b/airflow/providers/fab/provider.yaml
@@ -36,3 +36,30 @@ dependencies:
   - flask-appbuilder==4.3.10
   - flask-login>=0.6.2
   - google-re2>=1.0
+
+config:
+  fab:
+    description: This section contains configs specific to FAB provider.
+    options:
+      auth_rate_limited:
+        description: |
+          Boolean for enabling rate limiting on authentication endpoints.
+        version_added: 1.0.0
+        type: boolean
+        example: ~
+        default: "True"
+      auth_rate_limit:
+        description: |
+          Rate limit for authentication endpoints.
+        version_added: 2.6.0
+        type: string
+        example: ~
+        default: "5 per 40 second"
+      update_fab_perms:
+        description: |
+          Update FAB permissions and sync security manager roles
+          on webserver startup
+        version_added: 1.10.7
+        type: string
+        example: ~
+        default: "True"
diff --git a/airflow/www/extensions/init_appbuilder.py b/airflow/www/extensions/init_appbuilder.py
@@ -131,9 +131,19 @@ def __init__(
         base_template="airflow/main.html",
         static_folder="static/appbuilder",
         static_url_path="/appbuilder",
-        update_perms=conf.getboolean("webserver", "UPDATE_FAB_PERMS"),
-        auth_rate_limited=conf.getboolean("webserver", "AUTH_RATE_LIMITED", fallback=True),
-        auth_rate_limit=conf.get("webserver", "AUTH_RATE_LIMIT", fallback="5 per 40 second"),
+        update_perms=conf.getboolean(
+            "fab", "UPDATE_FAB_PERMS", fallback=conf.getboolean("webserver", "UPDATE_FAB_PERMS")
+        ),
+        auth_rate_limited=conf.getboolean(
+            "fab",
+            "AUTH_RATE_LIMITED",
+            fallback=conf.getboolean("webserver", "AUTH_RATE_LIMITED", fallback=True),
+        ),
+        auth_rate_limit=conf.get(
+            "fab",
+            "AUTH_RATE_LIMIT",
+            fallback=conf.get("webserver", "AUTH_RATE_LIMIT", fallback="5 per 40 second"),
+        ),
     ):
         """
         App-builder constructor.
@@ -659,7 +669,4 @@ def init_appbuilder(app: Flask) -> AirflowAppBuilder:
         app=app,
         session=settings.Session,
         base_template="airflow/main.html",
-        update_perms=conf.getboolean("webserver", "UPDATE_FAB_PERMS"),
-        auth_rate_limited=conf.getboolean("webserver", "AUTH_RATE_LIMITED", fallback=True),
-        auth_rate_limit=conf.get("webserver", "AUTH_RATE_LIMIT", fallback="5 per 40 second"),
     )
diff --git a/docs/apache-airflow-providers-fab/configurations-ref.rst b/docs/apache-airflow-providers-fab/configurations-ref.rst
@@ -0,0 +1,18 @@
+ .. Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+ ..   http://www.apache.org/licenses/LICENSE-2.0
+
+ .. Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+.. include:: ../exts/includes/providers-configurations-ref.rst
diff --git a/docs/apache-airflow-providers-fab/index.rst b/docs/apache-airflow-providers-fab/index.rst
@@ -34,6 +34,7 @@
     :maxdepth: 1
     :caption: Guides
 
+    Configuration <configurations-ref>
     Auth manager <auth-manager>
 
 .. toctree::

diff --git a/tests/conftest.py b/tests/conftest.py
@@ -602,7 +602,7 @@ def fake_sleep(seconds):
 def app():
     from tests.test_utils.config import conf_vars
 
-    with conf_vars({("webserver", "auth_rate_limited"): "False"}):
+    with conf_vars({("fab", "auth_rate_limited"): "False"}):
         from airflow.www import app
 
         yield app.create_app(testing=True)

diff --git a/tests/www/views/conftest.py b/tests/www/views/conftest.py
@@ -63,7 +63,7 @@ def app(examples_dag_bag):
         ]
     )
     def factory():
-        with conf_vars({("webserver", "auth_rate_limited"): "False"}):
+        with conf_vars({("fab", "auth_rate_limited"): "False"}):
             return create_app(testing=True)
 
     app = factory()

diff --git a/tests/www/views/test_views_log.py b/tests/www/views/test_views_log.py
@@ -79,7 +79,7 @@ def log_app(backup_modules, log_path):
     @conf_vars(
         {
             ("logging", "logging_config_class"): "airflow_local_settings.LOGGING_CONFIG",
-            ("webserver", "auth_rate_limited"): "False",
+            ("fab", "auth_rate_limited"): "False",
         }
     )
     def factory():

diff --git a/tests/www/views/test_views_rate_limit.py b/tests/www/views/test_views_rate_limit.py
@@ -43,9 +43,7 @@ def app_with_rate_limit_one(examples_dag_bag):
         ]
     )
     def factory():
-        with conf_vars(
-            {("webserver", "auth_rate_limited"): "True", ("webserver", "auth_rate_limit"): "1 per 20 second"}
-        ):
+        with conf_vars({("fab", "auth_rate_limited"): "True", ("fab", "auth_rate_limit"): "1 per 20 second"}):
             return create_app(testing=True)
 
     app = factory()