Every user has to authenticate themselves before using Airflow and there are several ways of doing this.
The default setting is to view and manually set up users via the Webserver UI. Note the blue "+" button where users can be added directly:
Airflow supports authentication of users against an LDAP server. This requires setting up an AuthenticationClass for the LDAP server. The AuthenticationClass is then referenced in the AirflowCluster resource as follows:
apiVersion: airflow.stackable.tech/v1alpha1 kind: AirflowCluster metadata: name: airflow-with-ldap spec: image: productVersion: 2.6.1 stackableVersion: 0.0.0-dev clusterConfig: authenticationConfig: authenticationClass: ldap (1) userRegistrationRole: Admin (2)
|1||The reference to an AuthenticationClass called
|2||The default role that all users are assigned to|
Users that log in with LDAP are assigned to a default Role which is specified with the
The users and roles can be viewed as before in the Webserver UI, but note that the blue "+" button is not available when authenticating against LDAP:
You can view, add to, and assign the roles displayed in the Airflow Webserver UI to existing users.
Airflow supports assigning Roles to users based on their LDAP group membership, though this is not yet supported by the Stackable operator.
All the users logging in via LDAP get assigned to the same role which you can configure via the attribute
authenticationConfig.userRegistrationRole on the
apiVersion: airflow.stackable.tech/v1alpha1 kind: AirflowCluster metadata: name: airflow-with-ldap spec: clusterConfig: authenticationConfig: authenticationClass: ldap userRegistrationRole: Admin (1)
|1||All users are assigned to the