airflow-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Weise <...@apache.org>
Subject Re: Airflow user management
Date Thu, 06 Apr 2017 19:04:54 GMT
Hi,

I finally found that with username/password authentication, the superuser
setting in the database is ignored and everyone is a superuser...  See diff
below after which the filtering behaves as expected.

Thanks


*diff --git a/airflow/contrib/auth/backends/password_auth.py
b/airflow/contrib/auth/backends/password_auth.py*

*index 000b9861..7fe00197 100644*

*--- a/airflow/contrib/auth/backends/password_auth.py*

*+++ b/airflow/contrib/auth/backends/password_auth.py*

@@ -89,7 +89,7 @@ class PasswordUser(models.User):



     def is_superuser(self):

         '''Access all the things'''

-        return True

+        return False


On Mon, Apr 3, 2017 at 5:42 PM, Thomas Weise <thw@apache.org> wrote:

> I was able to set a password from the command line, now I can login with
> the user that was created through the UI.
>
> Filtering by owner doesn't work though. I confirmed that the user also has
> superuser = False, but still it can see DAGs of other users.
>
> Any suggestions what to look for?
>
> I tried to put some debug statements into www/views.py but they don't see
> to take effect. How do I rebuild the installation (under
> /usr/local/lib/python2.7/dist-packages/airflow) after making changes?
>
> Thanks
>
>
> On Fri, Mar 31, 2017 at 3:10 PM, Thomas Weise <thw@apache.org> wrote:
>
>> Hi,
>>
>> I would like to create a few users that only can see their respective
>> DAGs and have no global access like user administration.
>> I have enabled password authentication and created the initial user as
>> instructed here:
>>
>> https://airflow.incubator.apache.org/security.html?highlight
>> =multi%20tenancy#web-authentication
>>
>> My airflow.cfg has the following settings:
>>
>> # Set to true to turn on authentication:
>>
>> # http://pythonhosted.org/airflow/security.html#web-authentication
>>
>> authenticate = True
>>
>> auth_backend = airflow.contrib.auth.backends.password_auth
>>
>> # Filter the list of dags by owner name (requires authentication to be
>> enabled)
>>
>> filter_by_owner = True
>>
>> The (admin?) user that I created will after login see all DAGs (even
>> though filtering was enabled) and is able to create other users. However,
>> while creating new users through the UI, there seems to be no way to
>> specify a password?
>>
>> Thanks,
>>
>> Thomas
>>
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message