airflow-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tao Feng <fengta...@gmail.com>
Subject Re: How to handle Group filtering in RBAC?
Date Wed, 01 Aug 2018 01:35:53 GMT
Hey Sourygna,

I assume you are using airflow 1.10? You could make a change to FAB with a
release and update the dependency in airflow.


On Tue, Jul 31, 2018 at 6:14 PM, Sid Anand <sanand@apache.org> wrote:

> This looks like a great feature.
>
> Another piece of functionality that would be nice on the UI is to filter
> dags by owner, not just by the person logged in. So, if I wanted to see
> Bob's or Bill's DAGs in the main landing page, by typing in Bob or Bill's
> user names, the DAG view would filters DAGs shown.
>
> On Tue, Jul 31, 2018 at 3:18 AM Luangsay Sourygna <luangsay@gmail.com>
> wrote:
>
> > Hi all,
> >
> >
> > I've just tested the last version of Aiflow with the new RBAC feature. It
> > looks great.
> >
> > However, I miss the possibility to do "Group filtering".
> >
> > That is: I only want users to be able to auto register if they belong to
> a
> > specific (ldap) group.
> >
> >
> > I have been able to add this feature by modifying a bit the code:
> >
> >
> > [root@18bc31801cc3 airflow]# diff
> >
> > /usr/lib/python2.7/site-packages/Flask_AppBuilder-1.
> 11.1-py2.7.egg/flask_appbuilder/security/manager.py
> > /tmp/manager.py
> >
> > 290,297d289
> >
> > <     def auth_ldap_group_field(self):
> >
> > <         return self.appbuilder.get_app.config['AUTH_LDAP_GROUP_FIELD']
> >
> > <
> >
> > <     @property
> >
> > <     def auth_ldap_allowed_group_auto_registration_field(self):
> >
> > <         return
> > self.appbuilder.get_app.config['AUTH_LDAP_ALLOWED_
> GROUP_AUTO_REGISTRATION']
> >
> > <
> >
> > <     @property
> >
> > 610d601
> >
> > <                              self.auth_ldap_group_field,
> >
> > 706,708d697
> >
> > <                         if not
> > self.auth_ldap_allowed_group_auto_registration_field in
> > ldap_user_info[self.auth_ldap_group_field]:
> >
> > <                             log.warning(username + " cannot auto
> register
> > because it does not belong to the group " +
> > self.auth_ldap_allowed_group_auto_registration_field)
> >
> > <                             return None
> >
> >
> >
> >
> > However, before proposing to push this upstream, I would like to know if
> > some of you have some better ideas about how to handle this group
> problem?
> >
> > What is more, in my changes I modify Flask and not Airflow, so maybe I
> > should look at another way to solve my requirement.
> >
> >
> > Regards,
> >
> >
> > Sourygna
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message