def add_user(username: Optional[str] = None,
email: Optional[str] = None,
password: Optional[str] = None) -> None:
"""
Create the admin user. If user already exists, the process will ignore the error.
:param username: airflow admin ui's username
:param email: email of admin
:param password: admin's password
"""
user = PasswordUser(models.User())
user.username = username if username else os.environ[
AIRFLOW_WEBSERVER_USER_ENV_VAR]
user.email = email if email else os.environ[AIRFLOW_WEBSERVER_EMAIL_ENV_VAR]
user.password = password if password else os.environ[
AIRFLOW_WEBSERVER_PASSWORD_ENV_VAR]
session = settings.Session()
try:
session.add(user)
session.commit()
except IntegrityError as error_object:
print(error_object)
finally:
session.close()
def create_superuser():
"""
Creates a superuser (admin level) for accessing the web UI for Airflow
:return: None
"""
# get path to config file relative to this file
current_dir = os.path.dirname(__file__)
filepath = os.path.join(current_dir, 'config.ini')
# read config.ini file
config = ConfigParser()
config.read(filepath)
# create User object
user = PasswordUser(models.User())
user.username = config['web_authentication']['username']
user.email = config['web_authentication']['email']
user.password = config['web_authentication']['password']
user.superuser = True
# Add user to Airflow session
session = settings.Session()
session.add(user)
session.commit()
session.close()
def create_user(username: str,
password: str,
email: str,
is_superuser: bool = True):
"""
Method to create Airflow user
:param username: (str) - Airflow User name
:param password: (str) - Airflow Password
:param email: (str) - Email of the user
:param is_superuser: (str) - Is super user - True/False
Note:
Modified date: 10-04-2021
Author: TB
"""
user = PasswordUser(models.User())
user.username = username
user.email = email
user.password = password
user.superuser = is_superuser
session = settings.Session()
session.add(user)
session.commit()
session.close()
def create_admin_user(admin_user):
"""
Create a user in Airflow metadata database to allow login with password_auth backend.
:param admin_user: User properties as dictionary.
:return: Job done.
"""
print('Creating admin user...')
user = PasswordUser(models.User())
user.username = admin_user['username']
user.password = admin_user['password']
user.email = admin_user['email']
session = settings.Session()
try:
existing = session.query(
models.User).filter_by(username=user.username).first()
if not existing:
session.add(user)
session.commit()
print('\tCREATED: Admin user %s' % user.username)
else:
print('\tSKIPPED: Admin user %s already exists' % user.username)
finally:
session.close()
def load_request(self, request):
'''
Reads the header field that has already been verified on the
nginx side by google auth. Header field is specified by setting
the environment variable AIRFLOW_PROXIED_AUTH_HEADER or else
it's defaulted to X-Email.
'''
session = settings.Session()
header_field = os.getenv('AIRFLOW_PROXIED_AUTH_HEADER', 'X-Email')
user_email = request.headers.get(header_field)
# this shouldn't happen since nginx should take care of it!
if user_email is None:
raise AuthenticationError(
'Airflow failed to get fields from request header')
# insert user into database if doesn't exist
user = session.query(models.User).filter(
models.User.username == user_email).first()
if not user:
user = models.User(
username=user_email,
is_superuser=True)
session.merge(user)
session.commit()
session.close()
return ProxiedUser(user)
def login(self, request):
if current_user.is_authenticated:
flash("You are already logged in")
return redirect(url_for('index'))
if 'Authorization' not in request.headers:
flash("Missing authorization header")
return redirect(url_for('airflow.noaccess'))
jwt_bearer = request.headers.get('Authorization')
try:
authenticate(jwt_bearer)
encoded_jwt = jwt_bearer.split(' ')[1].strip()
decoded_jwt = decode_jwt(encoded_jwt)
username = decoded_jwt[JWT_SUBJECT_KEY]
log.debug("Subject is: {}".format(username))
user = models.User(id=username, username=username, is_superuser=False)
flask_login.login_user(JWTUser(user), force=True)
return redirect(request.args.get("next") or url_for("admin.index"))
except AuthenticationError:
flash("Invalid JWT")
return redirect(url_for('airflow.noaccess'))
def login(u):
session = settings.Session()
role = 'airpal_topsecret.engineering.airbnb.com'
if 'X-Internalauth-Username' not in request.headers:
return redirect(url_for('airflow.noaccess'))
username = request.headers.get('X-Internalauth-Username')
has_access = role in request.headers.get('X-Internalauth-Groups')
d = {k: v for k, v in request.headers}
cookie = urllib2.unquote(d.get('Cookie', ''))
mailsrch = re.compile(r'[\w\-][\w\-\.]+@[\w\-][\w\-\.]+[a-zA-Z]{1,4}')
res = mailsrch.findall(cookie)
email = res[0] if res else ''
if has_access:
user = session.query(
models.User).filter(models.User.username == username).first()
if not user:
user = models.User(username=username)
user.email = email
session.merge(user)
session.commit()
flask_login.login_user(user)
session.commit()
session.close()
return redirect(request.args.get("next") or url_for("index"))
return redirect('/')
def create_user(username, password, email):
# This import depends on flask_bcrypt
# You should get it via installation of: 'apache-airflow[google_auth]'
# More info: http://airflow.apache.org/docs/stable/security.html
from airflow.contrib.auth.backends.password_auth import PasswordUser
from airflow import models
from airflow.settings import Session
# Create user for experimental api users
session = Session()
print("sql_alchemy_conn: %s" % str(session.bind))
try:
user = (
session.query(PasswordUser)
.filter(PasswordUser.username == username)
.one_or_none()
)
if not user:
user = PasswordUser(models.User())
user.username = username
user.password = password
user.email = email
session.add(user)
session.commit()
session.close()
print("User %s created successfully." % username)
except Exception as e:
print("Could not create user. %s" % e)
def oauth_callback(self):
_log.debug('GHE OAuth callback called')
next_url = request.args.get('next') or url_for('admin.index')
resp = self.ghe_oauth.authorized_response()
try:
if resp is None:
raise AuthenticationError(
'Null response from GHE, denying access.')
ghe_token = resp['access_token']
username, email = self.get_ghe_user_profile_info(ghe_token)
except AuthenticationError:
return redirect(url_for('airflow.noaccess'))
session = settings.Session()
user = session.query(
models.User).filter(models.User.username == username).first()
if not user:
user = models.User(username=username,
email=email,
is_superuser=False)
session.merge(user)
session.commit()
login_user(KeyCloakUser(user))
session.commit()
session.close()
return redirect(next_url)
def create_account(name, password):
user = PasswordUser(models.User())
user.username = name
user.password = password
session = settings.Session()
session.add(user)
session.commit()
session.close()
def add_user(username, email, password):
user = PasswordUser(models.User())
user.username = username
user.email = email
user.password = password
session = settings.Session()
session.add(user)
session.commit()
session.close()
def create_user():
user = PasswordUser(models.User())
user.username = '******'
user.email = '*****@*****.**'
user.password = '******'
session = settings.Session()
session.add(user)
session.commit()
session.close()
def userSetUp(apiUser, apiPassword):
session = Session()
user = models.User()
password_user = PasswordUser(user)
password_user.username = apiUser
password_user.password = apiPassword
session.add(password_user)
session.commit()
session.close()
def setUpClass(cls):
super(TestVarImportView, cls).setUpClass()
session = Session()
session.query(models.User).delete()
session.commit()
user = models.User(username='******')
session.add(user)
session.commit()
session.close()
def make_user(username, email):
user = PasswordUser(models.User())
user.username = username
user.email = email
user.superuser = True
user.password = click.prompt("Password")
session = settings.Session()
session.add(user)
session.commit()
session.close()
def generate_admin_user(password):
"""
Creates the new Airflow admin user.
"""
user = PasswordUser(models.User())
user.username = '******'
user.email = get_email_address()
user.password = password
user.superuser = True
return user
def login(self, request, session=None):
user = session.query(
models.User).filter(models.User.username == DEFAULT_USERNAME).first()
if not user:
user = models.User(username=DEFAULT_USERNAME, is_superuser=True)
session.merge(user)
session.commit()
flask_login.login_user(DefaultUser(user))
session.commit()
return redirect(request.args.get("next") or url_for("index"))
def login(self, request):
if current_user.is_authenticated():
flash("You are already logged in")
return redirect(url_for('admin.index'))
username = None
password = None
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
username = request.form.get("username")
password = request.form.get("password")
if not username or not password:
return self.render('airflow/login.html',
title="Airflow - Login",
form=form)
try:
LdapUser.try_login(username, password)
log.info("User %s successfully authenticated", username)
session = settings.Session()
user = session.query(
models.User).filter(models.User.username == username).first()
if not user:
user = models.User(username=username, is_superuser=False)
session.merge(user)
session.commit()
ldap_user = LdapUser(user)
if not ldap_user.is_superuser():
flash("Airflow UI temporarily enabled only to admins")
log.info("Disallowed login for user %s (non-admin)", username)
return self.render('airflow/login.html',
title="Airflow - Login",
form=form)
flask_login.login_user(ldap_user)
session.commit()
session.close()
return redirect(request.args.get("next") or url_for("admin.index"))
except (LdapException, AuthenticationError) as e:
if type(e) == LdapException:
flash(e, "error")
else:
flash("Incorrect login details")
return self.render('airflow/login.html',
title="Airflow - Login",
form=form)
def setUpClass(cls):
super(TestKnownEventView, cls).setUpClass()
session = Session()
session.query(models.KnownEvent).delete()
session.query(models.User).delete()
session.commit()
user = models.User(username='******')
session.add(user)
session.commit()
cls.user_id = user.id
session.close()
def setUp(self):
self.app = application.create_app(testing=True)
session = Session()
user = models.User()
password_user = PasswordUser(user)
password_user.username = '******'
password_user.password = '******'
session.add(password_user)
session.commit()
session.close()
def main():
print(">>>> create airflow user...")
user = PasswordUser(models.User())
user.username = '******'
user.email = '*****@*****.**'
user.password = '******'
session = settings.Session()
session.add(user)
session.commit()
session.close()
print(">>>> create airflow user OK : user_id : user, password : 123")
def oauth_callback(self, session=None):
log.debug('OAuth callback called')
next_url = request.args.get('state') or url_for('admin.index')
if get_config_param('base_url') in next_url:
next_url = url_for('admin.index')
resp = self.oauth.authorized_response()
try:
if resp is None:
raise AuthenticationError(
'Null response from OAuth service, denying access.'
)
access_token = resp['access_token']
user_info = self.get_user_profile_info(access_token)
username_key = get_config_param("username_key")
email_key = get_config_param("email_key")
username = self.dict_get(user_info, username_key)
email = self.dict_get(user_info, email_key)
authorized, superuser = self.authorize(resp, user_info)
except AuthenticationError:
return redirect(url_for('airflow.noaccess'))
user = session.query(models.User).filter(
models.User.username == username).first()
if not authorized:
if user:
session.delete(user)
session.commit()
return redirect(url_for('airflow.noaccess'))
if not user:
user = models.User(
username=username,
email=email,
superuser=superuser)
user.superuser = superuser
session.merge(user)
session.commit()
login_user(OAuthUser(user))
session.commit()
return redirect(next_url)
def login(self, request):
session = settings.Session()
user = session.query(
models.User).filter(models.User.username == DEFAULT_USERNAME).first()
if not user:
user = models.User(username=DEFAULT_USERNAME, is_superuser=True)
session.merge(user)
session.expunge_all()
session.commit()
session.close()
flask_login.login_user(user)
return redirect(request.args.get("next") or url_for("index"))
def create(self):
"""
create user
"""
user = PasswordUser(models.User())
user.username = self.params.get('name')
user.email = self.params.get('email')
user.password = self.params.get('password')
session = settings.Session()
session.add(user)
session.commit()
session.close()
def create_user(username, password, email):
"""This programm creates users for airflow."""
user = PasswordUser(models.User())
user.username = username
user.email = email
user.password = password
session = settings.Session()
session.add(user)
session.commit()
session.close()
click.echo(f'Account {username} created successfully!')
def set_user(username, password):
print('Creating user {0}...'.format(username))
user = PasswordUser(models.User())
user.username = username
user.password = password
session = settings.Session()
session.add(user)
session.commit()
session.close()
print('Done.')
exit()
def add_default_user(session=None):
from airflow import models
from airflow.contrib.auth.backends.password_auth import PasswordUser
user = PasswordUser(models.User())
user.username = '******'
user.email = '*****@*****.**'
user.password = '******'
user.superuser = True
session.add(user)
session.commit()
def create_user(opts):
from airflow.contrib.auth.backends.password_auth import PasswordUser
from airflow import models, settings
u = PasswordUser(models.User())
u.username = opts['username']
u.email = opts['email']
u._set_password = opts['password']
s = settings.Session()
s.add(u)
s.commit()
s.close()
def login(self, request):
if current_user.is_authenticated:
flash("You are already logged in")
return redirect(url_for('admin.index'))
username = None
password = None
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
username = request.form.get("username")
password = request.form.get("password")
if not username or not password:
return self.render('airflow/login.html',
title="Airflow - Login",
form=form)
try:
LdapUser.try_login(username, password)
LOG.info("User %s successfully authenticated", username)
session = settings.Session()
user = session.query(
models.User).filter(models.User.username == username).first()
if not user:
mail = LdapUser.user_mail(username)
is_admin = LdapUser.is_admin(username)
user = models.User(username=username,
email=mail,
superuser=is_admin)
session.add(user)
session.commit()
session.merge(user)
flask_login.login_user(LdapUser(user))
session.commit()
session.close()
return redirect(request.args.get("next") or url_for("admin.index"))
except (LdapException, AuthenticationError) as e:
if type(e) == LdapException:
flash(e, "error")
else:
flash("Incorrect login details")
return self.render('airflow/login.html',
title="Airflow - Login",
form=form)
def createuser():
userdata = json.loads(request.data)
username = userdata.get('user') or ''
email = userdata.get('email') or ''
password = userdata.get('password') or username + '123'
superuser = userdata.get('superuser') or False
if not superuser:
superuser = 0
else:
superuser = 1
data = {}
try:
if not username:
data['status'] = '200'
data[
'message'] = "Username has missed, unable to create user in Airflow server"
return jsonify(data)
session = settings.Session()
user = session.query(
models.User).filter(models.User.username == username).first()
if user:
user.superuser = superuser
session.commit()
data['status'] = '200'
data['message'] = 'SuperUser status is updated successfully!'
else:
user = PasswordUser(models.User())
user.username = username
user.email = email
user.password = password
user.superuser = superuser
session.add(user)
session.commit()
data['status'] = '200'
data['message'] = "User Created successfully!"
except Exception as e:
data['status'] = '400'
data['message'] = e.message
return jsonify(data)
