From a2838418915240eb9a5a270da56700d9555fa959 Mon Sep 17 00:00:00 2001 From: Vincent <97131062+vincbeck@users.noreply.github.com> Date: Wed, 8 Jan 2025 12:57:59 -0500 Subject: [PATCH] Do not use core Airflow Flask related resources in FAB provider (package `security`) (#45471) --- .../role_and_permission_endpoint.py | 2 +- .../api_endpoints/user_endpoint.py | 2 +- .../fab/auth_manager/fab_auth_manager.py | 6 +- .../auth_manager/security_manager/override.py | 4 +- .../fab/auth_manager/views/permissions.py | 2 +- .../fab/auth_manager/views/roles_list.py | 2 +- .../providers/fab/auth_manager/views/user.py | 2 +- .../fab/auth_manager/views/user_edit.py | 2 +- .../fab/auth_manager/views/user_stats.py | 2 +- .../providers/fab/www/security/__init__.py | 17 +++ .../providers/fab/www/security/permissions.py | 123 ++++++++++++++++++ .../providers/fab/www/security_manager.py | 4 +- .../api_endpoints/test_asset_endpoint.py | 2 +- .../api_endpoints/test_dag_endpoint.py | 2 +- .../api_endpoints/test_dag_run_endpoint.py | 2 +- .../api_endpoints/test_dag_source_endpoint.py | 2 +- .../test_dag_warning_endpoint.py | 2 +- .../api_endpoints/test_event_log_endpoint.py | 2 +- .../test_import_error_endpoint.py | 2 +- .../test_role_and_permission_endpoint.py | 2 +- .../test_task_instance_endpoint.py | 2 +- .../api_endpoints/test_user_endpoint.py | 2 +- .../api_endpoints/test_variable_endpoint.py | 2 +- .../api_endpoints/test_xcom_endpoint.py | 2 +- .../cli_commands/test_role_command.py | 2 +- .../test_role_and_permission_schema.py | 2 +- .../fab/auth_manager/test_fab_auth_manager.py | 2 +- .../tests/fab/auth_manager/test_security.py | 6 +- .../auth_manager/views/test_permissions.py | 2 +- .../fab/auth_manager/views/test_roles_list.py | 2 +- .../tests/fab/auth_manager/views/test_user.py | 2 +- .../fab/auth_manager/views/test_user_edit.py | 2 +- .../fab/auth_manager/views/test_user_stats.py | 2 +- 33 files changed, 177 insertions(+), 37 deletions(-) create mode 100644 providers/src/airflow/providers/fab/www/security/__init__.py create mode 100644 providers/src/airflow/providers/fab/www/security/permissions.py diff --git a/providers/src/airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py b/providers/src/airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py index e6eb18214b90c..1200790b89f12 100644 --- a/providers/src/airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py +++ b/providers/src/airflow/providers/fab/auth_manager/api_endpoints/role_and_permission_endpoint.py @@ -37,7 +37,7 @@ from airflow.providers.fab.www.api_connexion.exceptions import AlreadyExists, BadRequest, NotFound from airflow.providers.fab.www.api_connexion.parameters import check_limit, format_parameters from airflow.providers.fab.www.api_connexion.security import requires_access_custom_view -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions if TYPE_CHECKING: from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride diff --git a/providers/src/airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py b/providers/src/airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py index 187ddc3c6a686..ca0fc747e40d3 100644 --- a/providers/src/airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py +++ b/providers/src/airflow/providers/fab/auth_manager/api_endpoints/user_endpoint.py @@ -37,7 +37,7 @@ from airflow.providers.fab.www.api_connexion.exceptions import AlreadyExists, BadRequest, NotFound, Unknown from airflow.providers.fab.www.api_connexion.parameters import check_limit, format_parameters from airflow.providers.fab.www.api_connexion.security import requires_access_custom_view -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions if TYPE_CHECKING: from airflow.providers.fab.auth_manager.models import Role diff --git a/providers/src/airflow/providers/fab/auth_manager/fab_auth_manager.py b/providers/src/airflow/providers/fab/auth_manager/fab_auth_manager.py index 2b789d3ccf55f..6c8bf51b7acf8 100644 --- a/providers/src/airflow/providers/fab/auth_manager/fab_auth_manager.py +++ b/providers/src/airflow/providers/fab/auth_manager/fab_auth_manager.py @@ -62,8 +62,8 @@ from airflow.providers.fab.www.app import create_app from airflow.providers.fab.www.constants import SWAGGER_BUNDLE, SWAGGER_ENABLED from airflow.providers.fab.www.extensions.init_views import _CustomErrorRequestBodyValidator, _LazyResolver -from airflow.security import permissions -from airflow.security.permissions import ( +from airflow.providers.fab.www.security import permissions +from airflow.providers.fab.www.security.permissions import ( ACTION_CAN_ACCESS_MENU, RESOURCE_AUDIT_LOG, RESOURCE_CLUSTER_ACTIVITY, @@ -101,7 +101,7 @@ from airflow.providers.common.compat.assets import AssetDetails from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride from airflow.providers.fab.www.extensions.init_appbuilder import AirflowAppBuilder - from airflow.security.permissions import RESOURCE_ASSET + from airflow.providers.fab.www.security.permissions import RESOURCE_ASSET else: from airflow.providers.common.compat.security.permissions import RESOURCE_ASSET diff --git a/providers/src/airflow/providers/fab/auth_manager/security_manager/override.py b/providers/src/airflow/providers/fab/auth_manager/security_manager/override.py index c74c4f120836d..d0e00b0977ce8 100644 --- a/providers/src/airflow/providers/fab/auth_manager/security_manager/override.py +++ b/providers/src/airflow/providers/fab/auth_manager/security_manager/override.py @@ -107,15 +107,15 @@ CustomUserInfoEditView, ) from airflow.providers.fab.auth_manager.views.user_stats import CustomUserStatsChartView +from airflow.providers.fab.www.security import permissions from airflow.providers.fab.www.security_manager import AirflowSecurityManagerV2 from airflow.providers.fab.www.session import ( AirflowDatabaseSessionInterface as FabAirflowDatabaseSessionInterface, ) -from airflow.security import permissions from airflow.www.session import AirflowDatabaseSessionInterface if TYPE_CHECKING: - from airflow.security.permissions import RESOURCE_ASSET + from airflow.providers.fab.www.security.permissions import RESOURCE_ASSET else: from airflow.providers.common.compat.security.permissions import RESOURCE_ASSET diff --git a/providers/src/airflow/providers/fab/auth_manager/views/permissions.py b/providers/src/airflow/providers/fab/auth_manager/views/permissions.py index 57f9477ea1e4f..3960264a4e71a 100644 --- a/providers/src/airflow/providers/fab/auth_manager/views/permissions.py +++ b/providers/src/airflow/providers/fab/auth_manager/views/permissions.py @@ -23,7 +23,7 @@ ) from flask_babel import lazy_gettext -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions class ActionModelView(PermissionModelView): diff --git a/providers/src/airflow/providers/fab/auth_manager/views/roles_list.py b/providers/src/airflow/providers/fab/auth_manager/views/roles_list.py index 944ef06cd1bfa..029c672060feb 100644 --- a/providers/src/airflow/providers/fab/auth_manager/views/roles_list.py +++ b/providers/src/airflow/providers/fab/auth_manager/views/roles_list.py @@ -18,7 +18,7 @@ from flask_appbuilder.security.views import RoleModelView -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions class CustomRoleModelView(RoleModelView): diff --git a/providers/src/airflow/providers/fab/auth_manager/views/user.py b/providers/src/airflow/providers/fab/auth_manager/views/user.py index 825248e47a947..d65759f19f90d 100644 --- a/providers/src/airflow/providers/fab/auth_manager/views/user.py +++ b/providers/src/airflow/providers/fab/auth_manager/views/user.py @@ -28,7 +28,7 @@ UserRemoteUserModelView, ) -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions class MultiResourceUserMixin: diff --git a/providers/src/airflow/providers/fab/auth_manager/views/user_edit.py b/providers/src/airflow/providers/fab/auth_manager/views/user_edit.py index 88a9776ab385e..dde79cae2c360 100644 --- a/providers/src/airflow/providers/fab/auth_manager/views/user_edit.py +++ b/providers/src/airflow/providers/fab/auth_manager/views/user_edit.py @@ -22,7 +22,7 @@ UserInfoEditView, ) -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions class CustomUserInfoEditView(UserInfoEditView): diff --git a/providers/src/airflow/providers/fab/auth_manager/views/user_stats.py b/providers/src/airflow/providers/fab/auth_manager/views/user_stats.py index 961b9034f5b6d..0431e74cd595c 100644 --- a/providers/src/airflow/providers/fab/auth_manager/views/user_stats.py +++ b/providers/src/airflow/providers/fab/auth_manager/views/user_stats.py @@ -18,7 +18,7 @@ from flask_appbuilder.security.views import UserStatsChartView -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions class CustomUserStatsChartView(UserStatsChartView): diff --git a/providers/src/airflow/providers/fab/www/security/__init__.py b/providers/src/airflow/providers/fab/www/security/__init__.py new file mode 100644 index 0000000000000..217e5db960782 --- /dev/null +++ b/providers/src/airflow/providers/fab/www/security/__init__.py @@ -0,0 +1,17 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. diff --git a/providers/src/airflow/providers/fab/www/security/permissions.py b/providers/src/airflow/providers/fab/www/security/permissions.py new file mode 100644 index 0000000000000..acd245865a4ad --- /dev/null +++ b/providers/src/airflow/providers/fab/www/security/permissions.py @@ -0,0 +1,123 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +from __future__ import annotations + +from typing import TypedDict + +# Resource Constants +RESOURCE_ACTION = "Permissions" +RESOURCE_ADMIN_MENU = "Admin" +RESOURCE_AUDIT_LOG = "Audit Logs" +RESOURCE_BROWSE_MENU = "Browse" +RESOURCE_CONFIG = "Configurations" +RESOURCE_CONNECTION = "Connections" +RESOURCE_DAG = "DAGs" +RESOURCE_DAG_CODE = "DAG Code" +RESOURCE_DAG_DEPENDENCIES = "DAG Dependencies" +RESOURCE_DAG_PREFIX = "DAG:" +RESOURCE_DAG_RUN = "DAG Runs" +RESOURCE_DAG_RUN_PREFIX = "DAG Run:" +RESOURCE_DAG_WARNING = "DAG Warnings" +RESOURCE_CLUSTER_ACTIVITY = "Cluster Activity" +RESOURCE_ASSET = "Assets" +RESOURCE_DOCS = "Documentation" +RESOURCE_DOCS_MENU = "Docs" +RESOURCE_IMPORT_ERROR = "ImportError" +RESOURCE_JOB = "Jobs" +RESOURCE_MY_PASSWORD = "My Password" +RESOURCE_MY_PROFILE = "My Profile" +RESOURCE_PASSWORD = "Passwords" +RESOURCE_PERMISSION = "Permission Views" # Refers to a Perm <-> View mapping, not an MVC View. +RESOURCE_PLUGIN = "Plugins" +RESOURCE_POOL = "Pools" +RESOURCE_PROVIDER = "Providers" +RESOURCE_RESOURCE = "View Menus" +RESOURCE_ROLE = "Roles" +RESOURCE_SLA_MISS = "SLA Misses" +RESOURCE_TASK_INSTANCE = "Task Instances" +RESOURCE_TASK_LOG = "Task Logs" +RESOURCE_TASK_RESCHEDULE = "Task Reschedules" +RESOURCE_TRIGGER = "Triggers" +RESOURCE_USER = "Users" +RESOURCE_USER_STATS_CHART = "User Stats Chart" +RESOURCE_VARIABLE = "Variables" +RESOURCE_WEBSITE = "Website" +RESOURCE_XCOM = "XComs" + +# Action Constants +ACTION_CAN_CREATE = "can_create" +ACTION_CAN_READ = "can_read" +ACTION_CAN_EDIT = "can_edit" +ACTION_CAN_DELETE = "can_delete" +ACTION_CAN_ACCESS_MENU = "menu_access" +DEPRECATED_ACTION_CAN_DAG_READ = "can_dag_read" +DEPRECATED_ACTION_CAN_DAG_EDIT = "can_dag_edit" + + +class ResourceDetails(TypedDict): + """Details of a resource (actions and prefix).""" + + actions: set[str] + prefix: str + + +# Keeping DAG_ACTIONS to keep the compatibility with outdated versions of FAB provider +DAG_ACTIONS = {ACTION_CAN_READ, ACTION_CAN_EDIT, ACTION_CAN_DELETE} + +RESOURCE_DETAILS_MAP = { + RESOURCE_DAG: ResourceDetails( + actions={ACTION_CAN_READ, ACTION_CAN_EDIT, ACTION_CAN_DELETE}, prefix=RESOURCE_DAG_PREFIX + ), + RESOURCE_DAG_RUN: ResourceDetails( + actions={ACTION_CAN_READ, ACTION_CAN_CREATE, ACTION_CAN_DELETE, ACTION_CAN_ACCESS_MENU}, + prefix=RESOURCE_DAG_RUN_PREFIX, + ), +} +PREFIX_LIST = [details["prefix"] for details in RESOURCE_DETAILS_MAP.values()] +PREFIX_RESOURCES_MAP = {details["prefix"]: resource for resource, details in RESOURCE_DETAILS_MAP.items()} + + +def resource_name(root_dag_id: str, resource: str) -> str: + """ + Return the resource name for a DAG id. + + Note that since a sub-DAG should follow the permission of its + parent DAG, you should pass ``DagModel.root_dag_id`` to this function, + for a subdag. A normal dag should pass the ``DagModel.dag_id``. + """ + if root_dag_id in RESOURCE_DETAILS_MAP.keys(): + return root_dag_id + if root_dag_id.startswith(tuple(PREFIX_RESOURCES_MAP.keys())): + return root_dag_id + return f"{RESOURCE_DETAILS_MAP[resource]['prefix']}{root_dag_id}" + + +def resource_name_for_dag(root_dag_id: str) -> str: + """ + Return the resource name for a DAG id. + + Note that since a sub-DAG should follow the permission of its + parent DAG, you should pass ``DagModel.root_dag_id`` to this function, + for a subdag. A normal dag should pass the ``DagModel.dag_id``. + + Note: This function is kept for backwards compatibility. + """ + if root_dag_id == RESOURCE_DAG: + return root_dag_id + if root_dag_id.startswith(RESOURCE_DAG_PREFIX): + return root_dag_id + return f"{RESOURCE_DAG_PREFIX}{root_dag_id}" diff --git a/providers/src/airflow/providers/fab/www/security_manager.py b/providers/src/airflow/providers/fab/www/security_manager.py index 7d54a09cf4b54..15483e415bc8e 100644 --- a/providers/src/airflow/providers/fab/www/security_manager.py +++ b/providers/src/airflow/providers/fab/www/security_manager.py @@ -38,8 +38,7 @@ ) from airflow.exceptions import AirflowException from airflow.models import Connection, DagRun, Pool, TaskInstance, Variable -from airflow.providers.fab.www.utils import CustomSQLAInterface -from airflow.security.permissions import ( +from airflow.providers.fab.www.security.permissions import ( RESOURCE_ADMIN_MENU, RESOURCE_ASSET, RESOURCE_AUDIT_LOG, @@ -64,6 +63,7 @@ RESOURCE_VARIABLE, RESOURCE_XCOM, ) +from airflow.providers.fab.www.utils import CustomSQLAInterface from airflow.utils.log.logging_mixin import LoggingMixin EXISTING_ROLES = { diff --git a/providers/tests/fab/auth_manager/api_endpoints/test_asset_endpoint.py b/providers/tests/fab/auth_manager/api_endpoints/test_asset_endpoint.py index b25fb1f68c8da..29eb85acb0675 100644 --- a/providers/tests/fab/auth_manager/api_endpoints/test_asset_endpoint.py +++ b/providers/tests/fab/auth_manager/api_endpoints/test_asset_endpoint.py @@ -22,7 +22,7 @@ import time_machine from airflow.providers.fab.www.api_connexion.exceptions import EXCEPTIONS_LINK_MAP -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.utils import timezone from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_user, delete_user diff --git a/providers/tests/fab/auth_manager/api_endpoints/test_dag_endpoint.py b/providers/tests/fab/auth_manager/api_endpoints/test_dag_endpoint.py index ac1e16ebfdb7f..9b7ba51f25b08 100644 --- a/providers/tests/fab/auth_manager/api_endpoints/test_dag_endpoint.py +++ b/providers/tests/fab/auth_manager/api_endpoints/test_dag_endpoint.py @@ -21,7 +21,7 @@ from airflow.models import DagModel from airflow.providers.fab.www.api_connexion.exceptions import EXCEPTIONS_LINK_MAP -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.utils.session import provide_session from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_user, delete_user diff --git a/providers/tests/fab/auth_manager/api_endpoints/test_dag_run_endpoint.py b/providers/tests/fab/auth_manager/api_endpoints/test_dag_run_endpoint.py index 52c8bbca185fa..33df2e9bbc407 100644 --- a/providers/tests/fab/auth_manager/api_endpoints/test_dag_run_endpoint.py +++ b/providers/tests/fab/auth_manager/api_endpoints/test_dag_run_endpoint.py @@ -23,7 +23,7 @@ from airflow.models.dag import DAG, DagModel from airflow.models.dagrun import DagRun from airflow.models.param import Param -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.utils import timezone from airflow.utils.session import create_session from airflow.utils.state import DagRunState diff --git a/providers/tests/fab/auth_manager/api_endpoints/test_dag_source_endpoint.py b/providers/tests/fab/auth_manager/api_endpoints/test_dag_source_endpoint.py index 39fd6ed4445b7..8461e5bf0f170 100644 --- a/providers/tests/fab/auth_manager/api_endpoints/test_dag_source_endpoint.py +++ b/providers/tests/fab/auth_manager/api_endpoints/test_dag_source_endpoint.py @@ -23,7 +23,7 @@ import pytest from airflow.models import DagBag -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_user, delete_user from tests_common.test_utils.db import clear_db_dag_code, clear_db_dags, clear_db_serialized_dags diff --git a/providers/tests/fab/auth_manager/api_endpoints/test_dag_warning_endpoint.py b/providers/tests/fab/auth_manager/api_endpoints/test_dag_warning_endpoint.py index e06146a988fe1..34862c6b4c7af 100644 --- a/providers/tests/fab/auth_manager/api_endpoints/test_dag_warning_endpoint.py +++ b/providers/tests/fab/auth_manager/api_endpoints/test_dag_warning_endpoint.py @@ -20,7 +20,7 @@ from airflow.models.dag import DagModel from airflow.models.dagwarning import DagWarning -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.utils.session import create_session from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_user, delete_user diff --git a/providers/tests/fab/auth_manager/api_endpoints/test_event_log_endpoint.py b/providers/tests/fab/auth_manager/api_endpoints/test_event_log_endpoint.py index f5935dcd93c1e..168bcae4b9f38 100644 --- a/providers/tests/fab/auth_manager/api_endpoints/test_event_log_endpoint.py +++ b/providers/tests/fab/auth_manager/api_endpoints/test_event_log_endpoint.py @@ -19,7 +19,7 @@ import pytest from airflow.models import Log -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.utils import timezone from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_user, delete_user diff --git a/providers/tests/fab/auth_manager/api_endpoints/test_import_error_endpoint.py b/providers/tests/fab/auth_manager/api_endpoints/test_import_error_endpoint.py index 84b3cb8ed347d..19509aa558146 100644 --- a/providers/tests/fab/auth_manager/api_endpoints/test_import_error_endpoint.py +++ b/providers/tests/fab/auth_manager/api_endpoints/test_import_error_endpoint.py @@ -19,7 +19,7 @@ import pytest from airflow.models.dag import DagModel -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.utils import timezone from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_user, delete_user diff --git a/providers/tests/fab/auth_manager/api_endpoints/test_role_and_permission_endpoint.py b/providers/tests/fab/auth_manager/api_endpoints/test_role_and_permission_endpoint.py index e9373c6d56e88..6e9840d72aa44 100644 --- a/providers/tests/fab/auth_manager/api_endpoints/test_role_and_permission_endpoint.py +++ b/providers/tests/fab/auth_manager/api_endpoints/test_role_and_permission_endpoint.py @@ -19,7 +19,7 @@ import pytest from airflow.providers.fab.www.api_connexion.exceptions import EXCEPTIONS_LINK_MAP -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import ( create_role, diff --git a/providers/tests/fab/auth_manager/api_endpoints/test_task_instance_endpoint.py b/providers/tests/fab/auth_manager/api_endpoints/test_task_instance_endpoint.py index f146f8f4337d3..24613fe7f2ae6 100644 --- a/providers/tests/fab/auth_manager/api_endpoints/test_task_instance_endpoint.py +++ b/providers/tests/fab/auth_manager/api_endpoints/test_task_instance_endpoint.py @@ -23,7 +23,7 @@ from airflow.models import DagRun, TaskInstance from airflow.providers.fab.www.api_connexion.exceptions import EXCEPTIONS_LINK_MAP -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.utils.session import provide_session from airflow.utils.state import State from airflow.utils.timezone import datetime diff --git a/providers/tests/fab/auth_manager/api_endpoints/test_user_endpoint.py b/providers/tests/fab/auth_manager/api_endpoints/test_user_endpoint.py index 91a7e3749d95b..063a29ec78287 100644 --- a/providers/tests/fab/auth_manager/api_endpoints/test_user_endpoint.py +++ b/providers/tests/fab/auth_manager/api_endpoints/test_user_endpoint.py @@ -22,7 +22,7 @@ from sqlalchemy.sql.functions import count from airflow.providers.fab.www.api_connexion.exceptions import EXCEPTIONS_LINK_MAP -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.utils import timezone from airflow.utils.session import create_session diff --git a/providers/tests/fab/auth_manager/api_endpoints/test_variable_endpoint.py b/providers/tests/fab/auth_manager/api_endpoints/test_variable_endpoint.py index 954a2de130ddb..fcf29ab1af964 100644 --- a/providers/tests/fab/auth_manager/api_endpoints/test_variable_endpoint.py +++ b/providers/tests/fab/auth_manager/api_endpoints/test_variable_endpoint.py @@ -19,7 +19,7 @@ import pytest from airflow.models import Variable -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_user, delete_user from tests_common.test_utils.db import clear_db_variables diff --git a/providers/tests/fab/auth_manager/api_endpoints/test_xcom_endpoint.py b/providers/tests/fab/auth_manager/api_endpoints/test_xcom_endpoint.py index fb46f52a402ed..85f40b7557c11 100644 --- a/providers/tests/fab/auth_manager/api_endpoints/test_xcom_endpoint.py +++ b/providers/tests/fab/auth_manager/api_endpoints/test_xcom_endpoint.py @@ -25,7 +25,7 @@ from airflow.models.taskinstance import TaskInstance from airflow.models.xcom import BaseXCom, XCom from airflow.operators.empty import EmptyOperator -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.utils import timezone from airflow.utils.session import create_session from airflow.utils.types import DagRunType diff --git a/providers/tests/fab/auth_manager/cli_commands/test_role_command.py b/providers/tests/fab/auth_manager/cli_commands/test_role_command.py index e04ad3e586e6e..13db6624ac688 100644 --- a/providers/tests/fab/auth_manager/cli_commands/test_role_command.py +++ b/providers/tests/fab/auth_manager/cli_commands/test_role_command.py @@ -33,7 +33,7 @@ from airflow.providers.fab.auth_manager.cli_commands import role_command from airflow.providers.fab.auth_manager.cli_commands.utils import get_application_builder -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions pytestmark = pytest.mark.db_test diff --git a/providers/tests/fab/auth_manager/schemas/test_role_and_permission_schema.py b/providers/tests/fab/auth_manager/schemas/test_role_and_permission_schema.py index e9488976eee52..24a4de431766b 100644 --- a/providers/tests/fab/auth_manager/schemas/test_role_and_permission_schema.py +++ b/providers/tests/fab/auth_manager/schemas/test_role_and_permission_schema.py @@ -23,7 +23,7 @@ role_collection_schema, role_schema, ) -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_role, delete_role diff --git a/providers/tests/fab/auth_manager/test_fab_auth_manager.py b/providers/tests/fab/auth_manager/test_fab_auth_manager.py index c6c53371223fd..077350ac10c6e 100644 --- a/providers/tests/fab/auth_manager/test_fab_auth_manager.py +++ b/providers/tests/fab/auth_manager/test_fab_auth_manager.py @@ -43,7 +43,7 @@ from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride from airflow.providers.common.compat.security.permissions import RESOURCE_ASSET -from airflow.security.permissions import ( +from airflow.providers.fab.www.security.permissions import ( ACTION_CAN_ACCESS_MENU, ACTION_CAN_CREATE, ACTION_CAN_DELETE, diff --git a/providers/tests/fab/auth_manager/test_security.py b/providers/tests/fab/auth_manager/test_security.py index 67dd4179b09a5..95c5545d87883 100644 --- a/providers/tests/fab/auth_manager/test_security.py +++ b/providers/tests/fab/auth_manager/test_security.py @@ -45,8 +45,8 @@ from airflow.providers.fab.auth_manager.models.anonymous_user import AnonymousUser from airflow.api_fastapi.app import get_auth_manager -from airflow.security import permissions -from airflow.security.permissions import ACTION_CAN_READ +from airflow.providers.fab.www.security import permissions +from airflow.providers.fab.www.security.permissions import ACTION_CAN_READ from airflow.www import app as application from airflow.www.auth import get_access_denied_message from airflow.www.utils import CustomSQLAInterface @@ -64,7 +64,7 @@ from tests_common.test_utils.permissions import _resource_name if TYPE_CHECKING: - from airflow.security.permissions import RESOURCE_ASSET + from airflow.providers.fab.www.security.permissions import RESOURCE_ASSET else: from airflow.providers.common.compat.security.permissions import RESOURCE_ASSET diff --git a/providers/tests/fab/auth_manager/views/test_permissions.py b/providers/tests/fab/auth_manager/views/test_permissions.py index 1ef8f8d552131..b2eb0b47c5c1f 100644 --- a/providers/tests/fab/auth_manager/views/test_permissions.py +++ b/providers/tests/fab/auth_manager/views/test_permissions.py @@ -19,7 +19,7 @@ import pytest -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.www import app as application from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_user, delete_user diff --git a/providers/tests/fab/auth_manager/views/test_roles_list.py b/providers/tests/fab/auth_manager/views/test_roles_list.py index dd7429339f4f1..e728b2ae32837 100644 --- a/providers/tests/fab/auth_manager/views/test_roles_list.py +++ b/providers/tests/fab/auth_manager/views/test_roles_list.py @@ -19,7 +19,7 @@ import pytest -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.www import app as application from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_user, delete_user diff --git a/providers/tests/fab/auth_manager/views/test_user.py b/providers/tests/fab/auth_manager/views/test_user.py index 3db1bd9e463c3..7dadeeaf525de 100644 --- a/providers/tests/fab/auth_manager/views/test_user.py +++ b/providers/tests/fab/auth_manager/views/test_user.py @@ -19,7 +19,7 @@ import pytest -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.www import app as application from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_user, delete_user diff --git a/providers/tests/fab/auth_manager/views/test_user_edit.py b/providers/tests/fab/auth_manager/views/test_user_edit.py index c28d11e286ba4..afd2e537125d3 100644 --- a/providers/tests/fab/auth_manager/views/test_user_edit.py +++ b/providers/tests/fab/auth_manager/views/test_user_edit.py @@ -19,7 +19,7 @@ import pytest -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.www import app as application from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_user, delete_user diff --git a/providers/tests/fab/auth_manager/views/test_user_stats.py b/providers/tests/fab/auth_manager/views/test_user_stats.py index 8a4fb820635e1..1e08c94dfb719 100644 --- a/providers/tests/fab/auth_manager/views/test_user_stats.py +++ b/providers/tests/fab/auth_manager/views/test_user_stats.py @@ -19,7 +19,7 @@ import pytest -from airflow.security import permissions +from airflow.providers.fab.www.security import permissions from airflow.www import app as application from providers.tests.fab.auth_manager.api_endpoints.api_connexion_utils import create_user, delete_user