New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AIRFLOW-1836] airflow uses OAuth Provider keycloak #2799
Conversation
Codecov Report
@@ Coverage Diff @@
## master #2799 +/- ##
==========================================
- Coverage 76.67% 73.52% -3.15%
==========================================
Files 199 158 -41
Lines 16186 11958 -4228
==========================================
- Hits 12410 8792 -3618
+ Misses 3776 3166 -610
Continue to review full report at Codecov.
|
Hi @fisher-monkey, thanks for contributing. Could you open a Jira ticket and add a description about the implementation that you've did? |
|
||
def get_ghe_user_profile_info(self, ghe_token): | ||
#resp = self.ghe_oauth.get(self.ghe_api_route('/userinfo'),token=(ghe_token, '')) | ||
#resp=self.ghe_oauth.get('http://10.110.13.147:9090/auth/realms/brent/protocol/openid-connect/userinfo',token=(ghe_token,'')) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove the comments
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have create a Jira ticket and simply describe the implementation, and this is the link: https://issues.apache.org/jira/browse/AIRFLOW-1836
the comments have been removed.
|
||
username, email = self.get_ghe_user_profile_info(ghe_token) | ||
except AuthenticationError: | ||
_log.exception('') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An empty log line
from airflow.configuration import AirflowConfigException | ||
|
||
import os | ||
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be disabled by default
@fisher-monkey @Fokko is there any progress with this? |
Would it be possible to make this more generic and support any OpenIDConnect/OAuth2 identity provider? being KeyCloak one of them. |
Very good suggestion @c4milo |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
@Fokko / @fisher-monkey Could you please inform if keycloak is supported in Airflow? |
@weldpua2008 You can configure any OAuth2 provider, but I am working on a Keycloak-proxy integration as it is much more secure. It's not public yet, but I have plans to share it with the community. |
How can i implement keycloak auth with airflow? @fisher-monkey @Fokko is there a simple way for that, any sample code available ? |
this PR refers to the old and unsupported user interface. We support RBAC (Flask AppBuilser based) only now. |
@mik-laj so how can i use it with keycloak using rbac |
Any news? |
Dear Airflow maintainers,
Please accept this PR. I understand that it will not be reviewed until I have checked off all the steps below!
JIRA
Description
Tests
Commits