How to restrict access to airflow.models?

Question

I have an airflow instance with many tenants that have DAGs. They want to extract metadata on their dagruns like DagRun.end_date. However I want to restrict each tenant so they can only access data related to their own dagruns and be unable to access data of other people's dagruns. How can this be done?

This is what I imagine the DAG to look like

# custom macro function
def get_last_dag_run(dag):
    last_dag_run = dag.get_last_dagrun()
    return last_dag_run.end_date

I found these resources which explain how to extract data but not how to restrict it.

• Getting the date of the most recent successful DAG execution
• Apache airflow macro to get last dag run execution time
• How to get last two successful execution dates of Airflow job?
• how to get latest execution time of a dag run in airflow
• How to find the start date and end date of a particular task in dag in airflow?
• How to get dag status like running or success or failure

Answer 1

_{NB: I am a contributor to Airflow.}

This is not possible with the current Airflow architecture.

We are slowly working to make Airflow multi-tenant capable, but for now we are half-way through and it will be several major releases to get there I believe.

Currently the only way to isolate tenants is to give every tenant separate Airflow instance, which is not as bad as you might initially think. If you run them in separate namespaces on the same auto-scaling Kubernetes cluster and add KEDA autoscaling, and use same database server (but give each tenant a separate schema), this might be rather efficient (especially if you use Terraform to setup/teardown such Airflow instances for example).