Closed 601579263 closed 1 year ago
github评论支持markdown语言功能来美化,
```language ``` 如 ```json ``` ```shell ``` ```Dockerfile ``` ```yaml ``` ……
"""default configuration for the Airflow webserver"""
import os
import sys
sys.path.append(os.getcwd())
from airflow.www.fab_security.manager import AUTH_DB
Closing. Can you please write your problem in English ? This is an official communication language we have here, I am afraid.
Apache Airflow version
2.4.2
What happened
配置oidc的时候,报这个错误, 022-11-01 05:35:48,236] {views.py:671} ERROR - Error returning OAuth user info: 'name' [2022-11-01 05:35:48,236] {views.py:671}
[01/Nov/2022:05:35:48 +0000] "GET /oauth-authorized/hangyeyun?code=lqxDMB&state=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuZXh0IjpbIiJdfQ.hNun3xh75k3JiI-dsKwebFH_yxD1Hkvy7nwlotqKffI HTTP/1.1" 302 201 "http://crust-dev.956eed.grapps.cn/api/auth/oidc/login?response_type=code&client_id=testairflow&redirect_uri=http%3A%2F%2F10.10.181.62%3A8080%2Foauth-authorized%2Fhangyeyun&scope=%2A&state=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuZXh0IjpbIiJdfQ.hNun3xh75k3JiI-dsKwebFH_yxD1Hkvy7nwlotqKffI" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36"
What you think should happen instead
登录界面显示Invalid login. Please try again.
How to reproduce
No response
Operating System
centos7
Versions of Apache Airflow Providers
2.4.2
Deployment
Docker-Compose
Deployment details
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
#
http://www.apache.org/licenses/LICENSE-2.0
#
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
#
Basic Airflow cluster configuration for CeleryExecutor with Redis and PostgreSQL.
#
WARNING: This configuration is for local development. Do not use it in a production deployment.
#
This configuration supports basic configuration using environment variables or an .env file
The following variables are supported:
#
AIRFLOW_IMAGE_NAME - Docker image name used to run Airflow.
Default: apache/airflow:2.4.2
AIRFLOW_UID - User ID in Airflow containers
Default: 50000
Those configurations are useful mostly in case of standalone testing/running Airflow in test/try-out mode
#
_AIRFLOW_WWW_USER_USERNAME - Username for the administrator account (if requested).
Default: airflow
_AIRFLOW_WWW_USER_PASSWORD - Password for the administrator account (if requested).
Default: airflow
_PIP_ADDITIONAL_REQUIREMENTS - Additional PIP requirements to add when starting all containers.
Default: ''
#
Feel free to modify this file to suit your needs.
version: '3' x-airflow-common: &airflow-common
In order to add custom dependencies or upgrade provider packages you can use your extended image.
Comment the image line, place your Dockerfile in the directory where you placed the docker-compose.yaml
and uncomment the "build" line below, Then run
docker-compose build
to build the images.image: apache/airflow:2.4.2
build: .
environment: &airflow-common-env AIRFLOWCOREEXECUTOR: CeleryExecutor AIRFLOWDATABASESQL_ALCHEMY_CONN: postgresql+psycopg2://airflow:airflow@postgres/airflow
For backward compatibility, with Airflow <2.3
_PIP_ADDITIONAL_REQUIREMENTS: 'Authlib:1.1.0'
volumes:
services: postgres: image: postgres:13 environment: POSTGRES_USER: airflow POSTGRES_PASSWORD: airflow POSTGRES_DB: airflow volumes:
postgres-db-volume:/var/lib/postgresql/data healthcheck: test: ["CMD", "pg_isready", "-U", "airflow"] interval: 5s retries: 5 restart: always
redis: image: redis:6.2.6 expose:
6379 healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 5s timeout: 30s retries: 50 restart: always
airflow-webserver: <<: *airflow-common command: webserver ports:
8080:8080 healthcheck: test: ["CMD", "curl", "--fail", "http://localhost:8080/health"] interval: 10s timeout: 10s retries: 5 restart: always depends_on: <<: *airflow-common-depends-on airflow-init: condition: service_completed_successfully
airflow-scheduler: <<: airflow-common command: scheduler healthcheck: test: ["CMD-SHELL", 'airflow jobs check --job-type SchedulerJob --hostname "$${HOSTNAME}"'] interval: 10s timeout: 10s retries: 5 restart: always depends_on: <<: airflow-common-depends-on airflow-init: condition: service_completed_successfully
airflow-worker: <<: *airflow-common command: celery worker healthcheck: test:
Required to handle warm shutdown of the celery workers properly
See https://airflow.apache.org/docs/docker-stack/entrypoint.html#signal-propagation
DUMB_INIT_SETSID: "0" restart: always depends_on: <<: *airflow-common-depends-on airflow-init: condition: service_completed_successfully
airflow-triggerer: <<: airflow-common command: triggerer healthcheck: test: ["CMD-SHELL", 'airflow jobs check --job-type TriggererJob --hostname "$${HOSTNAME}"'] interval: 10s timeout: 10s retries: 5 restart: always depends_on: <<: airflow-common-depends-on airflow-init: condition: service_completed_successfully
airflow-init: <<: *airflow-common entrypoint: /bin/bash
yamllint disable rule:line-length
command:
yamllint enable rule:line-length
environment: <<: *airflow-common-env _AIRFLOW_DB_UPGRADE: 'true' _AIRFLOW_WWW_USER_CREATE: 'true' _AIRFLOW_WWW_USER_USERNAME: ${_AIRFLOW_WWW_USER_USERNAME:-airflow} _AIRFLOW_WWW_USER_PASSWORD: ${_AIRFLOW_WWW_USER_PASSWORD:-airflow} _PIP_ADDITIONAL_REQUIREMENTS: '' user: "0:0" volumes:
.:/sources
airflow-cli: <<: *airflow-common profiles:
Workaround for entrypoint issue. See: https://github.com/apache/airflow/issues/16252
command:
airflow
You can enable flower by adding "--profile flower" option e.g. docker-compose --profile flower up
or by explicitly targeted on the command line e.g. docker-compose up flower.
See: https://docs.docker.com/compose/profiles/
flower: <<: *airflow-common command: celery flower profiles:
volumes: postgres-db-volume:
Anything else
我新建了一个custom_sso_security_manager.py,内容如下
import logging from airflow.www.security import AirflowSecurityManager
class CustomSsoSecurityManager(AirflowSecurityManager):
还配置了webserver_config.py内容如下; #
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
#
http://www.apache.org/licenses/LICENSE-2.0
#
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
"""Default configuration for the Airflow webserver""" import os import sys
sys.path.append(os.getcwd())
from airflow.www.fab_security.manager import AUTH_DB
from airflow.www.fab_security.manager import AUTH_LDAP
from airflow.www.fab_security.manager import AUTH_OAUTH
from airflow.www.fab_security.manager import AUTH_OID
from airflow.www.fab_security.manager import AUTH_REMOTE_USER
basedir = os.path.abspath(os.path.dirname(file))
Flask-WTF flag for CSRF
WTF_CSRF_ENABLED = True
----------------------------------------------------
AUTHENTICATION CONFIG
----------------------------------------------------
For details on how to set up each of the following authentication, see
http://flask-appbuilder.readthedocs.io/en/latest/security.html# authentication-methods
for details.
The authentication type
AUTH_OID : Is for OpenID
AUTH_DB : Is for database
AUTH_LDAP : Is for LDAP
AUTH_REMOTE_USER : Is for using REMOTE_USER from web server
AUTH_OAUTH : Is for OAuth
AUTH_TYPE = AUTH_OAUTH
引入自定义的 SecurityManager 包
FAB_SECURITY_MANAGER_CLASS='custom_sso_security_manager.CustomSsoSecurityManager'
Uncomment to setup Full admin role name
AUTH_ROLE_ADMIN = 'Admin'
Uncomment to setup Public role name, no authentication needed
AUTH_ROLE_PUBLIC = 'Public'
Will allow user self registration
AUTH_USER_REGISTRATION = True
The recaptcha it's automatically enabled for user self registration is active and the keys are necessary
RECAPTCHA_PRIVATE_KEY = PRIVATE_KEY
RECAPTCHA_PUBLIC_KEY = PUBLIC_KEY
Config for Flask-Mail necessary for user self registration
MAIL_SERVER = 'smtp.gmail.com'
MAIL_USE_TLS = True
MAIL_USERNAME = 'yourappemail@gmail.com'
MAIL_PASSWORD = 'passwordformail'
MAIL_DEFAULT_SENDER = 'sender@gmail.com'
The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"
When using OAuth Auth, uncomment to setup provider(s) info
Google OAuth example:
OAUTH_PROVIDERS = [{
'name':'google',
'token_key':'access_token',
'icon':'fa-google',
'remote_app': {
'api_base_url':'https://www.googleapis.com/oauth2/v2/',
'client_kwargs':{
'scope': 'email profile'
},
'access_token_url':'https://accounts.google.com/o/oauth2/token',
'authorize_url':'https://accounts.google.com/o/oauth2/auth',
'request_token_url': None,
'client_id': GOOGLE_KEY,
'client_secret': GOOGLE_SECRET_KEY,
}
}]
OAUTH_PROVIDERS = [{ 'name':'hangyeyun', 'token_key':'access_token',
图标可以从 https://fontawesome.com/ 找
}]
When using LDAP Auth, setup the ldap server
AUTH_LDAP_SERVER = "ldap://ldapserver.new"
When using OpenID Auth, uncomment to setup OpenID providers.
example for OpenID authentication
OPENID_PROVIDERS = [
{ 'name': 'Yahoo', 'url': 'https://me.yahoo.com' },
{ 'name': 'AOL', 'url': 'http://openid.aol.com/' },
{ 'name': 'Flickr', 'url': 'http://www.flickr.com/' },
{ 'name': 'MyOpenID', 'url': 'https://www.myopenid.com' }]
----------------------------------------------------
Theme CONFIG
----------------------------------------------------
Flask App Builder comes up with a number of predefined themes
that you can use for Apache Airflow.
http://flask-appbuilder.readthedocs.io/en/latest/customizing.html#changing-themes
Please make sure to remove "navbar_color" configuration from airflow.cfg
in order to fully utilize the theme. (or use that property in conjunction with theme)
APP_THEME = "bootstrap-theme.css" # default bootstrap
APP_THEME = "amelia.css"
APP_THEME = "cerulean.css"
APP_THEME = "cosmo.css"
APP_THEME = "cyborg.css"
APP_THEME = "darkly.css"
APP_THEME = "flatly.css"
APP_THEME = "journal.css"
APP_THEME = "lumen.css"
APP_THEME = "paper.css"
APP_THEME = "readable.css"
APP_THEME = "sandstone.css"
APP_THEME = "simplex.css"
APP_THEME = "slate.css"
APP_THEME = "solar.css"
APP_THEME = "spacelab.css"
APP_THEME = "superhero.css"
APP_THEME = "united.css"
APP_THEME = "yeti.css"
Are you willing to submit PR?
Code of Conduct