Add option in auth manager interface to define FastAPI api

[vincbeck]

Resolves #44882 and #44847.

Today there is an option to extend the Flask Rest API in the auth manager interface. That allows, for instance, the FAB auth manager to extend the Rest API and define users, roles and permissions related APIs.

In Airflow 3, we are moving away from Flask and use FastApi as engine for APIs. As such, the auth manager interface should have an option to extend this API using FastAPI (instead of Flask).

In FAB auth manager, instead of converting all the APIs defined with Flask to FastAPI, we use WSGIMiddleware to embed a minimal Flask application that host the APIs.

With this PR: GET http://localhost:29091/auth/auth/fab/v1/roles return the list of roles. The duplicate auth/auth in the API path will be removed when the legacy Airflow 2 is gone.

---

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.

[Copilot]

Copilot reviewed 5 out of 19 changed files in this pull request and generated no comments.

Files not reviewed (14)

• providers/src/airflow/providers/fab/auth_manager/security_manager/override.py: Evaluated as low risk
• airflow/www/security_manager.py: Evaluated as low risk
• providers/src/airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py: Evaluated as low risk
• providers/src/airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py: Evaluated as low risk
• tests/auth/managers/test_base_auth_manager.py: Evaluated as low risk
• providers/src/airflow/providers/fab/auth_manager/decorators/auth.py: Evaluated as low risk
• providers/src/airflow/providers/fab/auth_manager/api/auth/backend/kerberos_auth.py: Evaluated as low risk
• airflow/www/auth.py: Evaluated as low risk
• airflow/www/decorators.py: Evaluated as low risk
• providers/src/airflow/providers/fab/www/extensions/init_appbuilder.py: Evaluated as low risk
• airflow/api_connexion/security.py: Evaluated as low risk
• providers/src/airflow/providers/fab/www/extensions/init_jinja_globals.py: Evaluated as low risk
• providers/src/airflow/providers/fab/auth_manager/api/auth/backend/basic_auth.py: Evaluated as low risk
• providers/src/airflow/providers/fab/www/app.py: Evaluated as low risk

[vincbeck]

Tests are passing 🥳

[vincbeck]

Let me know if you have more questions/concerns @jedcunningham

[jedcunningham]

Can you also add something into the amazon provider changelog to indicate that the aws auth manager is no longer compatible with af2?

[jedcunningham]

Good to go once we get an entry on the provider changelog. Thanks @vincbeck!