Reputation: 459
Apache Airflow - Google Authentication creating only super users
I am implementing google authentication in airflow (Version- 1.9.0). In google_auth.py, airflow is creating every user as superuser
def is_superuser(self):
'''Access all the things'''
return True
I only want to give superuser rights to only certain team members. So, I edited the function is_superuser() in GoogleUser class as follows:
def is_superuser(self):
'''Access all the things'''
if self.user.email in ["[email protected]","[email protected]"]:
return True
else:
return False
Is there a better way to do it or airflow provides this thing out of the box? I am not able to find anything about creating users with limited rights using google OAuth.
Upvotes: 1
Views: 865
Answers (1)
Reputation: 3267
Prior to newer versions with RBAC, airflow is basically just handling authentication without any authorization layer. So the super user flag is it.
Rather than hardcoding it, I'd make it configurable via airflow.cfg. That way you don't have to modify your code each time you want to update the list, just update the config and restart.
So in your airflow.cfg under say.. the [core] block, add super_users = [email protected],[email protected]
And then make your function
def is_superuser(self):
return self.user.email in configuration.get("core", "super_users").split(",")
Upvotes: 1
Related Questions
- Is there a way to setup Airflow 2 with Google OAuth2 authentication
- Specify GOOGLE APPLICATION CREDENTIALS in Airflow
- Airflow 2.2.5 Authlib 1.0.0 Google Login
- Using airflow with BigQuery and cloud sdk gives error "User must be authenticated when user project is provided"
- Airflow 2.0 GoogleDriveHook upload_file: insufficient authentication scopes
- Airflow 2.0 - Could not automatically determine credentials (GOOGLE_APPLICATION_CREDENTIALS)
- Airflow Google Authentication does not work as expected
- how to add user and login with google oauth
- Airflow with Google Autentication
- Apache Airflow - Adding Google Authentication