Closed mdcsaenz closed 3 years ago
AUTH_USER_REGISTRATION_ROLE
only applies if AUTH_USER_REGISTRATION
is true.
Looks like the FAB google oauth provider doesn't support AUTH_ROLE_MAPPING
by default:
https://github.com/dpgaspar/Flask-AppBuilder/blob/95947e84e04a999a474dfe8620fb0f36d71f0467/flask_appbuilder/security/manager.py#L585-L590
You'd need a custom security manager to return role_keys
, for example like is done in the OP of #14829.
(I'm sure FAB would love to have support for this with the google oauth provider, so consider contributing it back if you get it working).
AUTH_USER_REGISTRATION_ROLE
only applies ifAUTH_USER_REGISTRATION
is true.Looks like the FAB google oauth provider doesn't support
AUTH_ROLE_MAPPING
by default: https://github.com/dpgaspar/Flask-AppBuilder/blob/95947e84e04a999a474dfe8620fb0f36d71f0467/flask_appbuilder/security/manager.py#L585-L590You'd need a custom security manager to return
role_keys
, for example like is done in the OP of #14829. (I'm sure FAB would love to have support for this with the google oauth provider, so consider contributing it back if you get it working).
Ah okay, I will see if that works and then close the ticket if that is the case. But it definitely erased the Role even with AUTH_USER_REGISTRATION_ROLE and AUTH_USER_REGISTRATION are both false as well. I made AUTH_USER_ROLE False as well.
But it definitely erased the Role
Yep, that's the behavior with AUTH_ROLES_SYNC_AT_LOGIN
and no matching roles in AUTH_ROLE_MAPPING
. You could also disable AUTH_ROLES_SYNC_AT_LOGIN
and manage the roles yourself.
Is this an Airflow bug, or a FAB bug?
FAB.
This is likely a "wont Fix" from airflow's side I'm afraid then.
I haven't poked around yet, but we may be able to handle the 'no role' scenario more gracefully on our side. Let me take a stab at that before we close this.
@jedcunningham Cool
The issue is similar to this ticket 16587 and 14829 however I have an updated airflow version AND updated packages than the ones suggested here and I am still getting the same outcome. When using google auth in airflow and attempting to sign in, we get an ERR_TOO_MANY_REDIRECTS. I know what causes the symptom of this, but hoping to find a resolution of keeping a Role in place to avoid the REDIRECTS.
Apache Airflow version: Version: v2.1.0 Git Version: .release:2.1.0+304e174674ff6921cb7ed79c0158949b50eff8fe
Kubernetes version (if you are using kubernetes) (use
kubectl version
): Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:23:52Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"darwin/amd64"} Server Version: version.Info{Major:"1", Minor:"19+", GitVersion:"v1.19.10-gke.1600", GitCommit:"7b8e568a7fb4c9d199c2ba29a5f7d76f6b4341c2", GitTreeState:"clean", BuildDate:"2021-05-07T09:18:53Z", GoVersion:"go1.15.10b5", Compiler:"gc", Platform:"linux/amd64"}Environment: Staging
Cloud provider or hardware configuration: GKE on
OS (e.g. from /etc/os-release): PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/"
Kernel (e.g.
uname -a
): Linux margins-scheduler-97b6fb867-fth8p 5.4.89+ #1 SMP Sat Feb 13 19:45:14 PST 2021 x86_64 GNU/LinuxInstall tools: pip freeze below
What happened: When using google auth in airflow and attempting to sign in, we get an ERR_TOO_MANY_REDIRECTS.
What you expected to happen: I expect to log in as my user and it assigns a default Role of Viewer at the very least OR uses our mappings in web_server config python file. But the Role is blank in Database.
We realized that we get stuck in the loop, b/c the user will be in the users table in airflow but without a Role (its literally empty). Therefore it goes from the /login to /home to /login to /home over and over again.
How to reproduce it:
I add the Admin role in the database for my user, and the page that has the redirects refreshes and lets me in to the Airflow UI. However, when I sign out and signin in again, my users Role is then erased and it starts the redirect cycle again.
As you can see there is no Role (this happens when I attempt to login)
I run the command:
airflow users add-role -r Admin -u google_#################
Then the page takes me to the UI and the table now looks like this:
How often does this problem occur? Once? Every time etc? This occurs all the time
Here is the webserver_config.py
Here is the pip freeze:
Thanks in advance.