Skip to content

AIP-81 | AIP-84 | Include Token Generation Endpoints in FAB #47043

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vincbeck merged 12 commits into from
Mar 3, 2025
Merged

AIP-81 | AIP-84 | Include Token Generation Endpoints in FAB #47043

vincbeck merged 12 commits into from
Mar 3, 2025

Conversation

@bugraoz93
Copy link
Contributor

@bugraoz93 bugraoz93 commented Feb 24, 2025
edited
Loading

closes: #46916
relates: #47055

Remaining Work:

  • In between making this global and implementing custom expiration logic for fab. - Done
  • Move it to a new structure with FastAPI routes, datamodels. - Done
  • Unit tests. - Done

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.

@bugraoz93 bugraoz93 changed the title [WIP] Include CLI Token Renewal endpoint in FAB [WIP] AIP-81 Include CLI Token Renewal endpoint in FAB Feb 24, 2025
@bugraoz93 bugraoz93 mentioned this pull request Feb 25, 2025
Closed
1 task
vincbeck
vincbeck reviewed Feb 25, 2025
View reviewed changes
Copy link
Contributor

@vincbeck vincbeck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might miss some context here but do we need to make these changes in all auth managers in regards to AIP-81? I thought we were going to use simple auth manager as auth manager for AIP-81 but from this PR I guess we want to use the auth manager configured in the environment?

@bugraoz93
Copy link
Contributor Author

bugraoz93 commented Feb 25, 2025

I might miss some context here but do we need to make these changes in all auth managers in regards to AIP-81? I thought we were going to use simple auth manager as auth manager for AIP-81 but from this PR I guess we want to use the auth manager configured in the environment?

Thanks a lot for the early feedback! :)

For AIP-81, in the end, people will get their tokens from profile pages but if they are using FAB, they won't be able to use CLI. Since the integration with FastAPI is now happening in FAB, I thought, why not support both if we can at the same time.

@bugraoz93 bugraoz93 force-pushed the feat/46916/expiration-config-cli-fab branch from b78c71a to 00a2416 Compare February 25, 2025 22:30
@bugraoz93
Copy link
Contributor Author

bugraoz93 commented Feb 25, 2025
edited
Loading

The skeleton is here now. Please check when you have time Vincent.
If it looks good, I will move on with integrating into FastAPI. Otherwise (preferably), I can do it in the next PR maybe, it would be cleaner and easier to review.

@bugraoz93 bugraoz93 changed the title [WIP] AIP-81 Include CLI Token Renewal endpoint in FAB [WIP] AIP-81 Include Token Renewal endpoints in FAB Feb 25, 2025
@bugraoz93 bugraoz93 changed the title [WIP] AIP-81 Include Token Renewal endpoints in FAB AIP-81 Include Token Renewal endpoints in FAB Feb 25, 2025
@bugraoz93 bugraoz93 marked this pull request as ready for review February 25, 2025 22:37
@bugraoz93 bugraoz93 force-pushed the feat/46916/expiration-config-cli-fab branch from 00a2416 to 8bfd861 Compare February 25, 2025 23:15
@bugraoz93
Copy link
Contributor Author

bugraoz93 commented Feb 25, 2025

I will check the tests

vincbeck
vincbeck reviewed Feb 26, 2025
View reviewed changes
@bugraoz93 bugraoz93 force-pushed the feat/46916/expiration-config-cli-fab branch 2 times, most recently from 29629a2 to 24703c0 Compare February 27, 2025 02:04
vincbeck
vincbeck reviewed Feb 27, 2025
View reviewed changes
Copy link
Contributor

@vincbeck vincbeck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A doc in FAB provider would super useful to explain to users how to use this API in order to get a token. This will be the only way for users to call Rest API so it will be definitely super useful!

@bugraoz93
Copy link
Contributor Author

bugraoz93 commented Feb 27, 2025

A doc in FAB provider would super useful to explain to users how to use this API in order to get a token. This will be the only way for users to call Rest API so it will be definitely super useful!

Thanks for the quick reviews! I will address them soon. I agree, it would be really useful, I will also include documentation. This will be kind of a breaking change in the API usage. Should we include newsfragments too? That would be also useful to point users to check the documentation.

I am surprised that the unit tests are fine in my local and not in the CI. I need to check the environment and dependencies and maybe image rebuild.

@vincbeck
Copy link
Contributor

vincbeck commented Feb 27, 2025

A doc in FAB provider would super useful to explain to users how to use this API in order to get a token. This will be the only way for users to call Rest API so it will be definitely super useful!

Thanks for the quick reviews! I will address them soon. I agree, it would be really useful, I will also include documentation. This will be kind of a breaking change in the API usage. Should we include newsfragments too? That would be also useful to point users to check the documentation.

I am surprised that the unit tests are fine in my local and not in the CI. I need to check the environment and dependencies and maybe image rebuild.

Newsfragment is a good idea :)

@bugraoz93 bugraoz93 changed the title AIP-81 Include Token Renewal endpoints in FAB AIP-81 | AIP-84 | Include Token Generation Endpoints in FAB Feb 28, 2025
@bugraoz93 bugraoz93 force-pushed the feat/46916/expiration-config-cli-fab branch from 24703c0 to 5ebf893 Compare March 2, 2025 18:27
@bugraoz93
Copy link
Contributor Author

bugraoz93 commented Mar 2, 2025

I will fix the static check and test soon. It seems it still needs a couple of touches

@bugraoz93 bugraoz93 force-pushed the feat/46916/expiration-config-cli-fab branch from 5ebf893 to 1d64d2e Compare March 2, 2025 20:08
vincbeck
vincbeck reviewed Mar 3, 2025
View reviewed changes
bugraoz93 added 2 commits March 3, 2025 21:43
@bugraoz93
Include token CLI Token renewal endpoint
615f887
@bugraoz93
Remove added comment, Move to New FastAPI structure, add new openapi …
511f68e 
…specs to pre-commit, exclude openapi specs from licence check, include unit tests
bugraoz93 added 10 commits March 3, 2025 21:43
@bugraoz93
Fix unit tests
c26650c
@bugraoz93
Fix pre-commit changes
c2008f6
@bugraoz93
Accept credentials and authenticate user, update simple auth manager …
4716d23 
…with methods, remove refresh token logic from FAB
@bugraoz93
Run generate openapi specs and include Simple and FAB Auth Manager op…
66163e7 
…enapi specs to pre-commit
@bugraoz93
Fix password comparison logic, use security manager to check password…
f6127db 
… comparison to keep out of API scope, update docstring, update default values directly from conf, remove not necessary imports
@bugraoz93
Update SimpleAuthManager default to auth_jwt_expiration_time conf
dc50a32
@bugraoz93
Initial documentation update and adding newsfragment
24ea93c
@bugraoz93
Fix unit test mock check_password, add datamodel as an exception to t…
82e0b63 
…est checking providers module have tests, fix docs
@bugraoz93
Mark test as db tests
f2cda5f
@bugraoz93
Fix document and include assert in tests
92cbcae
@bugraoz93 bugraoz93 force-pushed the feat/46916/expiration-config-cli-fab branch from e896c77 to 92cbcae Compare March 3, 2025 20:45
@bugraoz93
Copy link
Contributor Author

bugraoz93 commented Mar 3, 2025

Thanks for the review and all the comments, Vincent! :)

vincbeck
vincbeck approved these changes Mar 3, 2025
View reviewed changes
Copy link
Contributor

@vincbeck vincbeck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I think the documentation can be updated and improved based on the discussion I started here. But that can be done in a separate PR

@bugraoz93
Copy link
Contributor Author

bugraoz93 commented Mar 3, 2025

LGTM. I think the documentation can be updated and improved based on the discussion I started here. But that can be done in a separate PR

Thanks! I was thinking about documentation and whether should we wait for the discussion you started or not. I agree, let's improve it iteratively whenever it is needed. I can create follow-ups

@vincbeck
Copy link
Contributor

vincbeck commented Mar 3, 2025

The errors are unrelated to this PR. Merging

@vincbeck vincbeck merged commit 54016ec into apache:main Mar 3, 2025
85 of 88 checks passed
shahar1 pushed a commit to shahar1/airflow that referenced this pull request Mar 5, 2025
@bugraoz93 @shahar1
AIP-81 | AIP-84 | Include Token Generation Endpoints in FAB (apache#4…
f72c135 
…7043)
nailo2c pushed a commit to nailo2c/airflow that referenced this pull request Apr 4, 2025
@bugraoz93 @nailo2c
AIP-81 | AIP-84 | Include Token Generation Endpoints in FAB (apache#4…
a2f676a 
…7043)
This was referenced Apr 6, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vincbeck vincbeck vincbeck approved these changes

@potiuk potiuk Awaiting requested review from potiuk potiuk is a code owner

@ashb ashb Awaiting requested review from ashb ashb is a code owner

@jedcunningham jedcunningham Awaiting requested review from jedcunningham

Assignees

No one assigned

Labels

area:auth provider:fab

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AIP-81 Include CLI Authentication into FAB

2 participants

@bugraoz93 @vincbeck