Airflow
Configuring Airflow to use Azure as OAuth Provider
# ...
from airflow.www.fab_security.manager import AUTH_DB
from airflow.www.fab_security.manager import AUTH_OAUTH
# ...
AUTH_TYPE = AUTH_OAUTH
OAUTH_PROVIDERS = [
{
'name':'azure',
'token_key':'access_token',
'icon':'fa-windows',
'remote_app': {
"api_base_url": "https://login.microsoftonline.com/__todo_azure_tenant_id__",
"request_token_url": None,
'request_token_params': {
'scope': 'openid email profile'
},
"access_token_url": "https://login.microsoftonline.com/__todo_azure_tenant_id__/oauth2/v2.0/token",
"access_token_params": {
'scope': 'openid email profile'
},
"authorize_url": "https://login.microsoftonline.com/__todo_azure_tenant_id__/oauth2/v2.0/authorize",
"authorize_params": {
'scope': 'openid email profile'
},
'client_id': '__todo_azure_client_id__',
'client_secret': '__todo_azure_client_secret__',
'jwks_uri': 'https://login.microsoftonline.com/common/discovery/v2.0/keys'
}
}
]
AUTH_USER_REGISTRATION_ROLE = "Public"
AUTH_USER_REGISTRATION = True
AUTH_ROLES_SYNC_AT_LOGIN = True
AUTH_ROLES_MAPPING = {
"${ADMIN_GROUP_NAME_IN_AZURE_GROUPS}": ["Admin"],
"${OP_GROUP_NAME_IN_AZURE_GROUPS}": ["Op"],
"${USER_GROUP_NAME_IN_AZURE_GROUPS}": ["User"],
"${VIEWER_GROUP_NAME_IN_AZURE_GROUPS}": ["Viewer"]
}
class AzureCustomSecurity(AirflowSecurityManager, LoggingMixin):
def get_oauth_user_info(self, provider, response=None):
if provider == "azure":
self.log.debug("Azure response received : {0}".format(response))
id_token = response["id_token"]
self.log.debug(str(id_token))
me = self._azure_jwt_token_parse(id_token)
self.log.debug("Parse JWT token : {0}".format(me))
parsed_token = {
"name": me["name"],
"email": me["email"],
"first_name": me["given_name"],
"last_name": me["family_name"],
"id": me["oid"],
"username": me["preferred_username"],
"upn": me["oid"],
"role_keys": me["roles"],
}
return parsed_token
else:
return {}
SECURITY_MANAGER_CLASS = AzureCustomSecurityLast updated