Airflow: Attach roles to AD groups - Azure OAuth
We have implemented RBAC using Azure OAuth, Is there any way to attach a role to AD group - so that users part of that AD groups/Tenant can get default access to the attached role
Apache Airflow version: 1.10.10
Kubernetes version (if you are using kubernetes) (use kubectl version): 1.15.10
Environment:
- Cloud provider or hardware configuration: Azure (AKS)
- OS (e.g. from /etc/os-release): Debian GNU/Linux
- Kernel (e.g.
uname -a): 4.15.0-1089-azure - Install tools:
- Others:
What happened:
What you expected to happen:
attach a role to AD group (or) Azure tenant
How to reproduce it:
Helm install stable/airflow
Implement RBAC using Azure OAuth
sk2991
All 6 comments
Thanks for opening your first issue here! Be sure to follow the issue template!
![boring-cyborg[bot] picture](https://avatars3.githubusercontent.com/in/50386?v=4&s=40)
boring-cyborg[bot]
on 30 Jun 2020
@sk2991 Would you mind sharing your Azure OAuth implementation?
elwinarens
on 3 Jul 2020
@sk2991 +1
@sk2991 Would you mind sharing your Azure OAuth implementation?
rafaelpierre
on 3 Jul 2020
Is this helpful for you? I don't use Azure OAuth, so I'm not sure this change applies here.
https://github.com/dpgaspar/Flask-AppBuilder/pull/1410
mik-laj
on 3 Jul 2020
@elwinarens @rafaelpierre - I have used this link to configure Azure OAuth.
Other useful links:
https://github.com/apache/airflow/pull/3015
https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-oauth
sk2991
on 5 Jul 2020
@mik-laj It does help to some extent. Is there anyway to extend this? Instead of declaring "AUTH_USER_REGISTRATION_ROLE_JMESPATH = "contains(['[email protected]', '[email protected]'], email) && 'Admin' || 'Public'"" this manually in config file - can we assign it dynamically?
sk2991
on 5 Jul 2020
Related issues
d-lee
路
4Comments
mik-laj
路
4Comments
ephraimbuddy
路
3Comments
blackw1ng
路
3Comments
grbinho
路
3Comments