AIP-84 Authentications and Permissions #42360
Comments
pierrejeambrun
added
kind:meta
|
Hi @pierrejeambrun, could you please assign this ticket to me? Thanks! |
|
Hello @jason810496, There has been some update on this one, it is not well scoped and depends on the work that Vincent is doing on the FABAuthManager and JWT backend. I do not recommend to take this one at this point. Removing the |
|
Gotcha, I will take other tickets. Thanks ! |
|
Related PR #42634 |
|
cc: @vincbeck |
pierrejeambrun
removed
the
kind:meta
|
This is now unblocked since #44884 has been implemented. We can start implementing the permissions for different endpoints. |
|
@jason810496 if you still have some interest for this let me know so I can assign you :) |
Sure! I can work on this issue, I will look into the context tomorrow then ask if I not sure about the details. |
|
Great. Don't hesitate to do 1 PR per 'resource'. (for instance for DagRun endpoints, for taskinstance endpoints, connection enpoints etc...). I think @rawwar will provide some help too so you can split the work easily. :) |
|
I will start with the Dag endpoint first and provide an update here before working on the other endpoints. I’ll also list all the necessary endpoints later. Before proceeding further, I’d like to double-check something. Update: |
Endpoints:
|
|
Thanks @jason810496 meta issue updated |
|
@jason810496 , I'll pick asset, pool and variable. I'll work on them this week. |
Then I'll take configuration and connection also, if I am fast enough I can take the rest also ! ( Not sure I have enough time currently )
|
|
I just updated the current status in the descpriont |
|
@jason810496 @rawwar @vatsrahul1001 , are there any other known dependencies in public auths? It would be nice if we could list them so that we know what to do first 🙂 I'll take a look at the non-assigned ones later. as for the format, you can take a look at the UI part. |
except asset_alias,dag_report my rest of the PR's depend on dags |
Still working on fixing the Kubernetes tests. If not resolved today, I’ll continue over the weekend. I have idea of how to fix it but need to test it locally. ( Adapt #47460 idea to k8s system test ) |
|
@pierrejeambrun, dag report is a new endpoint in AF3. What permissions should a user need to access it? Should this be a separate permission or should it be a sub-entity of dags? |
|
@pierrejeambrun, I see that the dag_tags and tasks endpoints are unassigned. I can pick them up. |
|
@vatsrahul1001 just assigned and updated the list. Thanks! |
|
The DAG-related blocker #47433 has just been resolved! |
Great job @jason810496 , @Lee-W |
|
@pierrejeambrun do we need auth for |
I don't think we should have auth for health endpoints, as monitoring tools can use them. Maybe we should have been calling it /monitor to be consistent with others? |
|
Yep, I don't think we should have auth either. as for whether to call it |
Meta issue for Authentications and Permissions for the API.
I Multiple PRs to add back permissions to all endpoints (the ones from the legacy API that were removed during the migration)
Public API
AIP-84 | Add Auth for Dags #47062, AIP-84 | Add Auth for Dags #47433Private / UI API (<=> views.py) @Lee-W
Execution API
misc
test_python_clientafter Adding Permission to API #47388II Additional Tasks
Committer
The text was updated successfully, but these errors were encountered: