Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(airflow): Add OPA support to Airflow #978

Merged
merged 16 commits into from
Feb 7, 2025
Merged

feat(airflow): Add OPA support to Airflow #978

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
1eba0c8
feat: Add initial OpaFabAuthManager
siegfriedweber Nov 27, 2024
a6aecd1
feat(airflow): Call OPA from FabAuthManager
siegfriedweber Dec 13, 2024
69fdd3d
feat(airflow): Add cache and configuration options for OPA and implem…
siegfriedweber Jan 10, 2025
016586e
fix(airflow): Fix call to OPA
siegfriedweber Jan 14, 2025
2fd74e6
test(airflow): Test OpaFabAuthManager configuration and caching
siegfriedweber Jan 15, 2025
a5bd8c4
chore: Update changelog
siegfriedweber Jan 17, 2025
649403f
feat(airflow): Add metric opa_cache_limit_reached
siegfriedweber Jan 28, 2025
55cc4dd
Merge branch 'main' into feat/airflow-opa
siegfriedweber Jan 28, 2025
0884f38
docs(airflow): Add a README to the opa-auth-manager
siegfriedweber Jan 28, 2025
5e2d02b
chore(airflow): Reformat Python code
siegfriedweber Jan 28, 2025
c2851e0
docs(airflow): Fix markdown linter warning
siegfriedweber Jan 28, 2025
a0e608b
chore(airflow): Fix Dockerfile linter warning
siegfriedweber Jan 28, 2025
33bcbf5
docs(airflow): Fix a typo
siegfriedweber Jan 29, 2025
61d0304
chore: Merge branch 'main' into feat/airflow-opa
siegfriedweber Jan 29, 2025
c00774a
chore: Merge branch 'main' into feat/airflow-opa
siegfriedweber Feb 3, 2025
b040898
Merge branch 'main' into feat/airflow-opa
siegfriedweber Feb 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.

### Added

- airflow: Add OPA support to Airflow ([#978]).
- nifi: Activate `include-hadoop` profile for NiFi version 2.* ([#958]).
- nifi: Add NiFi hadoop Azure and GCP libraries ([#943]).
- base: Add containerdebug tool ([#928], [#959]).
Expand Down Expand Up @@ -42,6 +43,7 @@ All notable changes to this project will be documented in this file.
[#959]: https://github.com/stackabletech/docker-images/pull/959
[#935]: https://github.com/stackabletech/docker-images/pull/935
[#962]: https://github.com/stackabletech/docker-images/pull/962
[#978]: https://github.com/stackabletech/docker-images/pull/978
[#980]: https://github.com/stackabletech/docker-images/pull/980
[#981]: https://github.com/stackabletech/docker-images/pull/981
[#982]: https://github.com/stackabletech/docker-images/pull/982
Expand Down
16 changes: 16 additions & 0 deletions airflow/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,19 @@ FROM oci.stackable.tech/sdp/git-sync/git-sync:${GIT_SYNC} AS gitsync-image

FROM stackable/image/statsd_exporter AS statsd_exporter-builder

FROM python:3.12-bookworm AS opa-auth-manager-builder

COPY airflow/opa-auth-manager/ /tmp/opa-auth-manager

WORKDIR /tmp/opa-auth-manager

RUN <<EOF
pip install --no-cache-dir poetry
poetry build
poetry install
poetry run pytest
EOF

FROM stackable/image/vector AS airflow-build-image

ARG PRODUCT
Expand All @@ -17,6 +30,7 @@ ARG PYTHON
ARG TARGETARCH

COPY airflow/constraints-${PRODUCT}-python${PYTHON}.txt /tmp/constraints.txt
COPY --from=opa-auth-manager-builder /tmp/opa-auth-manager/dist/opa_auth_manager-0.1.0-py3-none-any.whl /tmp/

# The mysql provider is currently excluded.
# Requires implementation of https://github.com/apache/airflow/blob/2.2.5/scripts/docker/install_mysql.sh
Expand Down Expand Up @@ -57,6 +71,8 @@ pip install --no-cache-dir s3fs==2024.9.0 cyclonedx-bom==5.0.0
# Needed for OIDC
pip install --no-cache-dir Flask_OIDC==2.2.0 Flask-OpenID==1.3.1

pip install --no-cache-dir /tmp/opa_auth_manager-0.1.0-py3-none-any.whl

# Create the SBOM for Airflow
# Important: All `pip install` commands must be above this line, otherwise the SBOM will be incomplete
cyclonedx-py environment --schema-version 1.5 --outfile /tmp/sbom.json
Expand Down
2 changes: 2 additions & 0 deletions airflow/opa-auth-manager/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
*.pytest_cache/
dist/
12 changes: 12 additions & 0 deletions airflow/opa-auth-manager/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Airflow OPA auth manager

Auth manager for Airflow which delegates the authorization to an Open Policy
Agent

[Poetry](https://python-poetry.org/) is used to build the project:

poetry build

The unit tests can be run as follows:

poetry run pytest
Empty file added airflow/opa-auth-manager/opa_auth_manager/__init__.py
View file
Open in desktop
Empty file.
Loading