Merge branch 'airflow-2.7.0' into 'main'

Airflow 2.7.1 See merge request !7

Merge branch 'airflow-2.7.0' into 'main'
8da662d6 · Christian Boettcher · 9971e25b · 51b79d36 · 8da662d6 · 8da662d6
Commit 8da662d6 authored 1 year ago by Christian Boettcher
--- a/dockers/eflows-airflow.docker
+++ b/dockers/eflows-airflow.docker
-FROM apache/airflow:slim-2.5.3-python3.8
+FROM apache/airflow:slim-2.7.1-python3.10
 USER root
 RUN apt update && apt install git -y && apt clean && rm -rf /var/lib/apt/lists/*
-COPY ./templates/main.html /home/airflow/.local/lib/python3.8/site-packages/airflow/www/templates/airflow/main.html
+COPY ./templates/main.html /home/airflow/.local/lib/python3.10/site-packages/airflow/www/templates/airflow/main.html
-COPY ./templates/navbar_right.html /home/airflow/.local/lib/python3.8/site-packages/airflow/www/templates/appbuilder/navbar_right.html
+COPY ./templates/navbar_right.html /home/airflow/.local/lib/python3.10/site-packages/airflow/www/templates/appbuilder/navbar_right.html
-COPY ./templates/img/BMBF_gefoerdert_2017_en.jpg /home/airflow/.local/lib/python3.8/site-packages/airflow/www/static/BMBF_gefoerdert_2017_en.jpg
+COPY ./templates/img/BMBF_gefoerdert_2017_en.jpg /home/airflow/.local/lib/python3.10/site-packages/airflow/www/static/BMBF_gefoerdert_2017_en.jpg
 USER airflow

--- a/plugins/unity_integration.py
+++ b/plugins/unity_integration.py
@@ -25,6 +25,14 @@ oauth.register(
 unity = Blueprint('unity', __name__, url_prefix="/unity")
 class UnityIntegrationView(AppBuilderBaseView):
+    '''
+    This adds the neccessary routes for a oauth2 login support in addition to the basic_auth provided by airflow.
+    This is achieved by handling the oauth2 flow fully via the added routes nad using the basic_auth via internal functions.
+    Once a user has been authenticated, a matching user (via username or email) is either found or created in the airflow basic_auth database.
+    This means that the Oauth2 provider needs to be trusted to the same extent that the local user db is trusted.
+    This can also break on airflow updates without notice, as airflow-internal security functions are used, that are not well-documented and appear to not be intended for this use.
+    '''
    @unity.route('/')
    @unity.route('/login')
@@ -87,6 +95,10 @@ class UnityIntegrationView(AppBuilderBaseView):
            else:
                log.error("User creation unsuccessful.")
                abort(500)
+        else:
+            # set role permissions of that user, if it already exists (just take the role from SSO and assign it)
+            fab_user.role = sec_manager.find_role(role)
+            sec_manager.update_user(fab_user)
        # login as that user
        login_user(fab_user, remember=False)
        return redirect(url_for("Airflow.index"))

--- a/requirements.txt
+++ b/requirements.txt
@@ -3,8 +3,8 @@ urllib3
 plyvel
 webdavclient3
 boto3==1.24.32
-apache-airflow[celery]==2.5.3
+apache-airflow[celery]==2.7.1
-apache-airflow[redis]==2.5.3
+apache-airflow[redis]==2.7.1
 apache-airflow-providers-ssh
 apache-airflow-providers-http
 apache-airflow-providers-sftp

--- a/templates/navbar_right.html
+++ b/templates/navbar_right.html
@@ -63,12 +63,14 @@
   </ul>
 </li>
-   {% if not current_user.is_anonymous %}
+ {% if auth_manager.is_logged_in() %}
   <li class="dropdown">
     <a class="dropdown-toggle" href="#">
-          <span class="navbar-user-icon" title="{{g.user.get_full_name()}}">
+        <span class="navbar-user-icon" title="{{ auth_manager.get_user_name() }}">
-            {% if current_user.first_name and current_user.last_name %}
+          {% set user_name = auth_manager.get_user_name() %}
-              <span>{{ (current_user.first_name[0] + current_user.last_name[0]).upper() }}</span>
+          {% if user_name %}
+           {% set user_names = user_name.split(" ", 1) %}
+           <span>{% for name in user_names %}{{ name[0].upper() }}{% endfor %}</span>
          {% else %}
           <span class="material-icons">person</span>
          {% endif %}
@@ -76,14 +78,17 @@
        <b class="caret"></b>
     </a>
     <ul class="dropdown-menu">
-         <li><a href="{{appbuilder.get_url_for_userinfo}}"><span class="material-icons">account_circle</span>{{_("Your Profile")}}</a></li>
+       {% set user_profile_url = auth_manager.get_url_user_profile() %}
+       {% if user_profile_url %}
+         <li><a href="{{user_profile_url}}"><span class="material-icons">account_circle</span>{{_("Your Profile")}}</a></li>
         <li role="separator" class="divider"></li>
-         <li><a href="{{appbuilder.get_url_for_logout}}"><span class="material-icons">exit_to_app</span>{{_("Log Out")}}</a></li>
+       {% endif %}
+       <li><a href="{{auth_manager.get_url_logout()}}"><span class="material-icons">exit_to_app</span>{{_("Log Out")}}</a></li>
     </ul>
   </li>
 {% else %}
   <li>
-       <a href="{{appbuilder.get_url_for_login}}"><span class="material-icons">login</span>{{_("Log In")}}</a>
+     <a href="{{auth_manager.get_url_login()}}"><span class="material-icons">login</span>{{_("Log In")}}</a>
   </li>
   <li>
     <a href="../unity"><span class="material-icons">login</span>{{_("Log In via SSO")}}</a>