rjgoyln opened a new pull request, #65100:
URL: https://github.com/apache/airflow/pull/65100
## Summary
This PR implements the decoupling of Authentication (AuthN) and
Authorization (AuthZ) by introducing a `ComposableAuthManager`. This allows
users to mix and match different providers.
## Changes
### Core Logic
- **Introduced `ComposableAuthManager`**: A new manager that delegates
authentication and authorization tasks to two independent sub-managers.
- **Automatic Split Detection**: Updated `app.py` and `configuration.py` to
determine the manager type at startup:
- If both `core.authn_manager` and `core.authz_manager` are configured,
the system initializes `ComposableAuthManager`.
- If neither is set, the system falls back to the legacy
`core.auth_manager`.
- If only one of the two is configured, the system raises an
`AirflowConfigException` to prevent inconsistent states.
### Configuration & Integration
- **Config Template**: Added `authn_manager` and `authz_manager` keys to
`core` section in `config.yml`.
- **Validation**: Implemented checks to ensure both managers are subclasses
of `BaseAuthManager`.
- **Consistency Guard**: Added logic to prevent initialization if the two
managers return conflicting DB managers, ensuring database integrity.
### Testing & Quality
- **Unit Tests**: Added comprehensive tests in `test_app.py` covering:
- Fallback logic for legacy configurations.
- Successful initialization of `ComposableAuthManager` with split
settings.
- Error handling for partial configurations.
* related: #65089
-->
---
##### Was generative AI tooling used to co-author this PR?
<!--
If generative AI tooling has been used in the process of authoring this PR,
please
change below checkbox to `[X]` followed by the name of the tool, uncomment
the "Generated-by".
-->
- [ ] Yes (please specify the tool below)
<!--
Generated-by: [Tool Name] following [the
guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions)
-->
---
* Read the **[Pull Request
Guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#pull-request-guidelines)**
for more information. Note: commit author/co-author name and email in commits
become permanently public when merged.
* For fundamental code changes, an Airflow Improvement Proposal
([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvement+Proposals))
is needed.
* When adding dependency, check compliance with the [ASF 3rd Party License
Policy](https://www.apache.org/legal/resolved.html#category-x).
* For significant user-facing changes create newsfragment:
`{pr_number}.significant.rst`, in
[airflow-core/newsfragments](https://github.com/apache/airflow/tree/main/airflow-core/newsfragments).
You can add this file in a follow-up commit after the PR is created so you
know the PR number.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
