Airflow - How to use security authorization of REST API

Question

Introduction:

Hello everyone, I'm trying to use the REST API of Airflow to active a DAG with external trigger, like:

POST: http://{{url}}:{{port}}/api/experimental/dags/MY_DAG_ID/dag_runs

headers = {
        'Content-Type': 'application/json',
        'Cache-Control': 'no-cache',
    }

---

Problem:

It's work very well (Answer: Status 200), but I need some security because its not can open for public, so I read on API Authentication, that I can be set auth_backend on airflow.cfg that will worked very similar like Password Authentication used for the Web Interface.

[api]
auth_backend = airflow.contrib.auth.backends.password_auth 

But now, the Answer is (401 - Unauthorized) and I don't know how to configure the REST API to use my external trigger with this security.

• Is it necessary to pass my user and password on header to work?

• How I can do this?

• Let's assume that exist a user: admin, pass: admin and permission: Admin

---

Links:

• https://airflow.apache.org/docs/stable/api.html#authentication

Answer 1

You have to pass an authorization header with a base 64 encoded header with the string user:pass

You can check how it happens here: https://github.com/apache/airflow/blob/029c84e5527b6db6bdbdbe026f455da325bedef3/airflow/contrib/auth/backends/password_auth.py#L205

    header = request.headers.get("Authorization")
    if header:
        userpass = ''.join(header.split()[1:])
        username, password = base64.b64decode(userpass).decode("utf-8").split(":", 1)

Example usage:

https://github.com/apache/airflow/blob/7cba83333c5227ce37967c65d189a5e994898c68/tests/www/api/experimental/test_password_endpoints.py

        response = c.post(
            url_template.format('example_bash_operator'),
            data=json.dumps(dict(run_id='my_run' + datetime.now().isoformat())),
            content_type="application/json",
            headers={'Authorization': 'Basic aGVsbG86d29ybGQ='}  # hello:world
        )