airflow-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luangsay Sourygna <luang...@gmail.com>
Subject How to handle Group filtering in RBAC?
Date Tue, 31 Jul 2018 10:18:18 GMT
Hi all,


I've just tested the last version of Aiflow with the new RBAC feature. It
looks great.

However, I miss the possibility to do "Group filtering".

That is: I only want users to be able to auto register if they belong to a
specific (ldap) group.


I have been able to add this feature by modifying a bit the code:


[root@18bc31801cc3 airflow]# diff
/usr/lib/python2.7/site-packages/Flask_AppBuilder-1.11.1-py2.7.egg/flask_appbuilder/security/manager.py
/tmp/manager.py

290,297d289

<     def auth_ldap_group_field(self):

<         return self.appbuilder.get_app.config['AUTH_LDAP_GROUP_FIELD']

<

<     @property

<     def auth_ldap_allowed_group_auto_registration_field(self):

<         return
self.appbuilder.get_app.config['AUTH_LDAP_ALLOWED_GROUP_AUTO_REGISTRATION']

<

<     @property

610d601

<                              self.auth_ldap_group_field,

706,708d697

<                         if not
self.auth_ldap_allowed_group_auto_registration_field in
ldap_user_info[self.auth_ldap_group_field]:

<                             log.warning(username + " cannot auto register
because it does not belong to the group " +
self.auth_ldap_allowed_group_auto_registration_field)

<                             return None




However, before proposing to push this upstream, I would like to know if
some of you have some better ideas about how to handle this group problem?

What is more, in my changes I modify Flask and not Airflow, so maybe I
should look at another way to solve my requirement.


Regards,


Sourygna

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message