[v3-1-test] Create additional users in breeze for testing (#58126)

dev/breeze/doc/03_developer_tasks.rst

@@ -132,12 +132,48 @@ You can connect to these ports/databases using:
 
 If you do not use ``start-airflow`` command. You can use ``tmux`` to multiply terminals.
 You may need to create a user prior to running the API server in order to log in.
-This can be done with the following command:
+
+**Authentication and User Management**
+
+The authentication method depends on which auth manager is configured:
+
+**SimpleAuthManager (Default in Airflow 3.x)**
+
+SimpleAuthManager is the default authentication manager and comes pre-configured with test username and passwords for development:
+
+.. code-block::
+
+    * admin:admin     (Admin role)
+    * viewer:viewer   (Viewer role)
+    * user:user       (User role)
+    * op:op           (Operator role)
+
+These users are automatically available when using SimpleAuthManager and require no additional setup.
+
+**FabAuthManager**
+
+When using FabAuthManager, you can create users manually:
 
 .. code-block:: bash
 
     airflow users create --role Admin --username admin --password admin --email admin@example.com --firstname foo --lastname bar
 
+Or use the ``--create-all-roles`` flag with ``start-airflow`` in dev mode to automatically create test users:
+
+.. code-block:: bash
+
+    breeze start-airflow --dev-mode --create-all-roles --auth-manager FabAuthManager
+
+This will create the following test users:
+
+.. code-block::
+
+    * admin:admin         (Admin role)
+    * viewer:viewer       (Viewer role)
+    * user:user           (User role)
+    * op:op               (Op role)
+    * testadmin:testadmin (Admin role)
+
 .. note::
     ``airflow users`` command is only available when `FAB auth manager <https://airflow.apache.org/docs/apache-airflow-providers-fab/stable/auth-manager/index.html>`_ is enabled.
 

dev/breeze/src/airflow_breeze/files/simple_auth_manager_passwords.json

@@ -1 +1 @@
-{"admin": "admin", "viewer":  "viewer"}
+{"admin": "admin", "viewer": "viewer", "user": "user", "op": "op"}

dev/breeze/src/airflow_breeze/params/shell_params.py

@@ -171,6 +171,7 @@ class ShellParams:
     celery_flower: bool = False
     clean_airflow_installation: bool = False
     collect_only: bool = False
+    create_all_roles: bool = False
     debug_components: tuple[str, ...] = ()
     debugger: str = "debugpy"
     db_reset: bool = False
@@ -561,7 +562,9 @@ def env_variables_for_docker_commands(self) -> dict[str, str]:
         _set_var(_env, "AIRFLOW__CORE__AUTH_MANAGER", self.auth_manager_path)
         _set_var(_env, "AIRFLOW__CORE__EXECUTOR", self.executor)
         if self.auth_manager == SIMPLE_AUTH_MANAGER:
-            _set_var(_env, "AIRFLOW__CORE__SIMPLE_AUTH_MANAGER_USERS", "admin:admin,viewer:viewer")
+            _set_var(
+                _env, "AIRFLOW__CORE__SIMPLE_AUTH_MANAGER_USERS", "admin:admin,viewer:viewer,user:user,op:op"
+            )
         _set_var(
             _env,
             "AIRFLOW__CORE__SIMPLE_AUTH_MANAGER_PASSWORDS_FILE",
@@ -607,6 +610,7 @@ def env_variables_for_docker_commands(self) -> dict[str, str]:
         _set_var(_env, "CI_TARGET_BRANCH", self.airflow_branch)
         _set_var(_env, "CI_TARGET_REPO", self.github_repository)
         _set_var(_env, "COLLECT_ONLY", self.collect_only)
+        _set_var(_env, "CREATE_ALL_ROLES", self.create_all_roles)
         _set_var(_env, "COMMIT_SHA", None, commit_sha())
         _set_var(_env, "COMPOSE_FILE", self.compose_file)
         _set_var(_env, "DB_RESET", self.db_reset)

scripts/in_container/check_environment.sh

@@ -114,8 +114,18 @@ function startairflow_if_requested() {
 
         if airflow config get-value core auth_manager | grep -q "FabAuthManager"; then
             airflow users create -u admin -p admin -f Thor -l Adminstra -r Admin -e admin@email.domain || true
+
+            # Create all roles for testing if CREATE_ALL_ROLES is set
+            if [[ "${CREATE_ALL_ROLES}" == "true" ]]; then
+                echo "Creating all test roles for FabAuthManager..."
+                airflow users create -u viewer -p viewer -f Test -l Viewer -r Viewer -e viewer@email.domain || true
+                airflow users create -u user -p user -f Test -l User -r User -e user@email.domain || true
+                airflow users create -u op -p op -f Test -l Op -r Op -e op@email.domain || true
+                airflow users create -u testadmin -p testadmin -f Test -l TestAdmin -r Admin -e testadmin@email.domain || true
+                echo "All test roles created successfully for FabAuthManager."
+            fi
         else
-            echo "Skipping user creation as auth manager different from Fab is used"
+            echo "SimpleAuthManager detected. All roles (admin, viewer, user, op) are always available via configuration in .dev/breeze/src/airflow_breeze/files/simple_auth_manager_passwords.json"
         fi
     fi
     return $?