Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MWAA-specific assumed-role/ prefix in Airflow usernames is not compatible with Airflow REST API #127

Open
jaklan opened this issue Aug 2, 2024 · 5 comments
Open

MWAA-specific assumed-role/ prefix in Airflow usernames is not compatible with Airflow REST API #127

jaklan opened this issue Aug 2, 2024 · 5 comments

Comments

@jaklan
Copy link

jaklan commented Aug 2, 2024

The issue is described in details here: apache/airflow#39887

The most important parts are:

MWAA has announced that we can now use Airflow REST API. The goal is to use REST API Patch User to add/remove users' roles programmatically.

MWAA create username with a prefix of assumed-role/ for each user login. Example {username}: assumed-role/user1.

API Template URL: https://airflow.apache.org/auth/fab/v1/users/assumed_role/{username}
Actual URL: https://airflow.apache.org/auth/fab/v1/users/assumed_role/assumed-role/user1

As we call the Airflow REST API https://airflow.apache.org/auth/fab/v1/users/assumed_role/assumed-role/user1 , it will show below error:

{
"detail": "The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.",
"status": 404,
"title": "Not Found",
"type": "about:blank"
}

and:

Hi @Taragolis , yes, I tried to pass in as assumed-role%2Fuser1 but it still parse as / in the url and produce the same error as above

As mentioned in the original issue by @uranusjr:

IIRC this is a restriction in WSGI and shared by many Python web frameworks, including Flask (backing Airflow) pallets/flask#900

There’s probably no good way to resolve this from the webserver level.

That's why I think the simplest solution to mitigate this problem is to simply remove the slash from Airflow usernames and use any other character instead. Alternatively (and even more welcome) - allow the prefix to be configured.
@jaklan
Copy link
Author

jaklan commented Aug 7, 2024

It won't be fix on the Airflow side:
apache/airflow#39887 (comment)
so we definitely need a fix in MWAA

@eladkal eladkal mentioned this issue Sep 18, 2024
Closed
@mayushko26
Copy link

Thanks for raising this issue. I will look into this.

@mayushko26
Copy link

The MWAA team has reviewed this issue, and is something we are taking actively steps to resolve, but cannot currently provide an ETA.

@jaklan
Copy link
Author

jaklan commented Oct 17, 2024

@mayushko26 Thank you for the answer, great to hear! I understand you can't provide exact ETA, but is there at least any estimation like "~month", "~quarter", "~half a year", "~year"?

@mayushko26
Copy link

Tentatively, a quarter. Please note this isn't a firm commitment. I will however make sure to update this thread if any significant changes come up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jaklan @mayushko26