Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify _auth_manager_is_authorized_map function #40803

Merged
merged 1 commit into from
Jul 16, 2024
Merged

Simplify _auth_manager_is_authorized_map function #40803

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
104 changes: 35 additions & 69 deletions airflow/www/security_manager.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,16 +229,21 @@ def get_variable_key(resource_pk):
raise AirflowException("Variable not found")
return variable.key

return {
RESOURCE_AUDIT_LOG: lambda action, resource_pk, user: auth_manager.is_authorized_dag(
method=methods[action],
access_entity=DagAccessEntity.AUDIT_LOG,
def _is_authorized_view(view_):
return lambda action, resource_pk, user: auth_manager.is_authorized_view(
access_view=view_,
user=user,
),
RESOURCE_CLUSTER_ACTIVITY: lambda action, resource_pk, user: auth_manager.is_authorized_view(
access_view=AccessView.CLUSTER_ACTIVITY,
)

def _is_authorized_dag(entity_=None, details_func_=None):
return lambda action, resource_pk, user: auth_manager.is_authorized_dag(
method=methods[action],
access_entity=entity_,
details=DagDetails(id=details_func_(resource_pk)) if details_func_ else None,
user=user,
),
)

mapping = {
RESOURCE_CONFIG: lambda action, resource_pk, user: auth_manager.is_authorized_configuration(
method=methods[action],
user=user,
Expand All @@ -248,82 +253,43 @@ def get_variable_key(resource_pk):
details=ConnectionDetails(conn_id=get_connection_id(resource_pk)),
user=user,
),
RESOURCE_DAG: lambda action, resource_pk, user: auth_manager.is_authorized_dag(
method=methods[action],
user=user,
),
RESOURCE_DAG_CODE: lambda action, resource_pk, user: auth_manager.is_authorized_dag(
method=methods[action],
access_entity=DagAccessEntity.CODE,
user=user,
),
RESOURCE_DAG_DEPENDENCIES: lambda action, resource_pk, user: auth_manager.is_authorized_dag(
method=methods[action],
access_entity=DagAccessEntity.DEPENDENCIES,
user=user,
),
RESOURCE_DAG_RUN: lambda action, resource_pk, user: auth_manager.is_authorized_dag(
method=methods[action],
access_entity=DagAccessEntity.RUN,
details=DagDetails(id=get_dag_id_from_dagrun_id(resource_pk)),
user=user,
),
RESOURCE_DATASET: lambda action, resource_pk, user: auth_manager.is_authorized_dataset(
method=methods[action],
user=user,
),
RESOURCE_DOCS: lambda action, resource_pk, user: auth_manager.is_authorized_view(
access_view=AccessView.DOCS,
user=user,
),
RESOURCE_PLUGIN: lambda action, resource_pk, user: auth_manager.is_authorized_view(
access_view=AccessView.PLUGINS,
user=user,
),
RESOURCE_JOB: lambda action, resource_pk, user: auth_manager.is_authorized_view(
access_view=AccessView.JOBS,
user=user,
),
RESOURCE_POOL: lambda action, resource_pk, user: auth_manager.is_authorized_pool(
method=methods[action],
details=PoolDetails(name=get_pool_name(resource_pk)),
user=user,
),
RESOURCE_PROVIDER: lambda action, resource_pk, user: auth_manager.is_authorized_view(
access_view=AccessView.PROVIDERS,
user=user,
),
RESOURCE_SLA_MISS: lambda action, resource_pk, user: auth_manager.is_authorized_dag(
method=methods[action],
access_entity=DagAccessEntity.SLA_MISS,
user=user,
),
RESOURCE_TASK_INSTANCE: lambda action, resource_pk, user: auth_manager.is_authorized_dag(
method=methods[action],
access_entity=DagAccessEntity.TASK_INSTANCE,
details=DagDetails(id=get_dag_id_from_task_instance(resource_pk)),
user=user,
),
RESOURCE_TASK_RESCHEDULE: lambda action, resource_pk, user: auth_manager.is_authorized_dag(
method=methods[action],
access_entity=DagAccessEntity.TASK_RESCHEDULE,
user=user,
),
RESOURCE_TRIGGER: lambda action, resource_pk, user: auth_manager.is_authorized_view(
access_view=AccessView.TRIGGERS,
user=user,
),
RESOURCE_VARIABLE: lambda action, resource_pk, user: auth_manager.is_authorized_variable(
method=methods[action],
details=VariableDetails(key=get_variable_key(resource_pk)),
user=user,
),
RESOURCE_XCOM: lambda action, resource_pk, user: auth_manager.is_authorized_dag(
method=methods[action],
access_entity=DagAccessEntity.XCOM,
user=user,
),
}
for resource, entity, details_func in [
(RESOURCE_DAG, None, None),
(RESOURCE_AUDIT_LOG, DagAccessEntity.AUDIT_LOG, None),
(RESOURCE_DAG_CODE, DagAccessEntity.CODE, None),
(RESOURCE_DAG_DEPENDENCIES, DagAccessEntity.DEPENDENCIES, None),
(RESOURCE_SLA_MISS, DagAccessEntity.SLA_MISS, None),
(RESOURCE_TASK_RESCHEDULE, DagAccessEntity.TASK_RESCHEDULE, None),
(RESOURCE_XCOM, DagAccessEntity.XCOM, None),
(RESOURCE_DAG_RUN, DagAccessEntity.RUN, get_dag_id_from_dagrun_id),
(RESOURCE_TASK_INSTANCE, DagAccessEntity.TASK_INSTANCE, get_dag_id_from_task_instance),
]:
mapping[resource] = _is_authorized_dag(entity, details_func)
for resource, view in [
(RESOURCE_CLUSTER_ACTIVITY, AccessView.CLUSTER_ACTIVITY),
(RESOURCE_DOCS, AccessView.DOCS),
(RESOURCE_PLUGIN, AccessView.PLUGINS),
(RESOURCE_JOB, AccessView.JOBS),
(RESOURCE_PROVIDER, AccessView.PROVIDERS),
(RESOURCE_TRIGGER, AccessView.TRIGGERS),
]:
mapping[resource] = _is_authorized_view(view)
return mapping

def _get_auth_manager_is_authorized_method(self, fab_resource_name: str) -> Callable:
is_authorized_method = self._auth_manager_is_authorized_map.get(fab_resource_name)
Expand Down