Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion airflow/config_templates/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -1910,7 +1910,9 @@ webserver:
default: "False"
cookie_samesite:
description: |
Set samesite policy on session cookie
Set samesite policy on session cookies.
As `recommended <https://flask.palletsprojects.com/en/1.1.x/config/#SESSION_COOKIE_SAMESITE>`_
by Flask, the default is set to ``Lax`` and not a empty string.
version_added: 1.10.3
type: string
example: ~
Expand Down
15 changes: 3 additions & 12 deletions airflow/www/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
# under the License.
from __future__ import annotations

import warnings
from datetime import timedelta
from os.path import isabs

Expand All @@ -30,7 +29,7 @@
from airflow import settings
from airflow.api_internal.internal_api_call import InternalApiConfig
from airflow.configuration import conf
from airflow.exceptions import AirflowConfigException, RemovedInAirflow3Warning
from airflow.exceptions import AirflowConfigException
from airflow.logging_config import configure_logging
from airflow.models import import_all_models
from airflow.settings import _ENABLE_AIP_44
Expand Down Expand Up @@ -111,16 +110,8 @@ def create_app(config=None, testing=False):
flask_app.config["SESSION_COOKIE_HTTPONLY"] = True
flask_app.config["SESSION_COOKIE_SECURE"] = conf.getboolean("webserver", "COOKIE_SECURE")

cookie_samesite_config = conf.get("webserver", "COOKIE_SAMESITE")
if cookie_samesite_config == "":
warnings.warn(
"Old deprecated value found for `cookie_samesite` option in `[webserver]` section. "
"Using `Lax` instead. Change the value to `Lax` in airflow.cfg to remove this warning.",
RemovedInAirflow3Warning,
stacklevel=2,
)
cookie_samesite_config = "Lax"
flask_app.config["SESSION_COOKIE_SAMESITE"] = cookie_samesite_config
# Note: Ensure "Lax" is the default if config not specified
flask_app.config["SESSION_COOKIE_SAMESITE"] = conf.get("webserver", "COOKIE_SAMESITE") or "Lax"

# Above Flask 2.0.x, default value of SEND_FILE_MAX_AGE_DEFAULT changed 12 hours to None.
# for static file caching, it needs to set value explicitly.
Expand Down
24 changes: 0 additions & 24 deletions airflow/www/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@

import functools
import logging
import warnings
from functools import wraps
from typing import TYPE_CHECKING, Callable, Sequence, TypeVar, cast

Expand All @@ -39,7 +38,6 @@
VariableDetails,
)
from airflow.configuration import conf
from airflow.exceptions import RemovedInAirflow3Warning
from airflow.utils.net import get_hostname
from airflow.www.extensions.init_auth_manager import get_auth_manager

Expand All @@ -64,28 +62,6 @@ def get_access_denied_message():
return conf.get("webserver", "access_denied_message")


def has_access(permissions: Sequence[tuple[str, str]] | None = None) -> Callable[[T], T]:
"""
Check current user's permissions against required permissions.

Deprecated. Do not use this decorator, use one of the decorator `has_access_*` defined in
airflow/www/auth.py instead.
This decorator will only work with FAB authentication and not with other auth providers.

This decorator is widely used in user plugins, do not remove it. See
https://github.com/apache/airflow/pull/33213#discussion_r1346287224
"""
warnings.warn(
"The 'has_access' decorator is deprecated. Please use one of the decorator `has_access_*`"
"defined in airflow/www/auth.py instead.",
RemovedInAirflow3Warning,
stacklevel=2,
)
from airflow.providers.fab.auth_manager.decorators.auth import _has_access_fab

return _has_access_fab(permissions)


def has_access_with_pk(f):
"""
Check permissions on views.
Expand Down
46 changes: 0 additions & 46 deletions airflow/www/security.py

This file was deleted.

29 changes: 0 additions & 29 deletions airflow/www/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@
from sqlalchemy import delete, func, select, types
from sqlalchemy.ext.associationproxy import AssociationProxy

from airflow.exceptions import RemovedInAirflow3Warning
from airflow.models.dagrun import DagRun
from airflow.models.dagwarning import DagWarning
from airflow.models.errors import ParseImportError
Expand Down Expand Up @@ -217,34 +216,6 @@ def check_dag_warnings(dag_id, session):
flash(dag_warning.message, "warning")


def get_sensitive_variables_fields():
import warnings

from airflow.utils.log.secrets_masker import get_sensitive_variables_fields

warnings.warn(
"This function is deprecated. Please use "
"`airflow.utils.log.secrets_masker.get_sensitive_variables_fields`",
RemovedInAirflow3Warning,
stacklevel=2,
)
return get_sensitive_variables_fields()


def should_hide_value_for_key(key_name):
import warnings

from airflow.utils.log.secrets_masker import should_hide_value_for_key

warnings.warn(
"This function is deprecated. Please use "
"`airflow.utils.log.secrets_masker.should_hide_value_for_key`",
RemovedInAirflow3Warning,
stacklevel=2,
)
return should_hide_value_for_key(key_name)


def get_params(**kwargs):
"""Return URL-encoded params."""
return urlencode({d: v for d, v in kwargs.items() if v is not None}, True)
Expand Down
12 changes: 12 additions & 0 deletions newsfragments/41758.significant.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
Removed deprecated functions and modules from ``airflow.www`` module.

- Config flag default warning ``cookie_samesite`` option in section ``[webserver]`` removed.
- Legacy decorator ``@has_access`` in ``airflow.www.auth``: Please use one of the decorator ``has_access_*``
defined in airflow/www/auth.py instead.
- Removed legacy modules ``airflow.www.security``: Should be inherited from
``airflow.providers.fab.auth_manager.security_manager.override.FabAirflowSecurityManagerOverride`` instead.
The constant value ``EXISTING_ROLES`` should be used from ``airflow.www.security_manager`` module.
- Removed the method ``get_sensitive_variables_fields()`` from ``airflow.www.utils``: Please use
``airflow.utils.log.secrets_masker.get_sensitive_variables_fields`` instead.
- Removed the method ``should_hide_value_for_key()`` from ``airflow.www.utils``: Please use
``airflow.utils.log.secrets_masker.should_hide_value_for_key`` instead.
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
from airflow.security import permissions
from airflow.utils import timezone
from airflow.utils.session import create_session
from airflow.www.security import EXISTING_ROLES
from airflow.www.security_manager import EXISTING_ROLES
from tests.test_utils.api_connexion_utils import create_role, create_user, delete_role, delete_user

pytestmark = [pytest.mark.db_test, pytest.mark.skip_if_database_isolation_mode]
Expand Down
5 changes: 2 additions & 3 deletions tests/www/test_app.py
Original file line number Diff line number Diff line change
Expand Up @@ -230,9 +230,8 @@ def test_should_set_permanent_session_timeout(self):
@conf_vars({("webserver", "cookie_samesite"): ""})
@dont_initialize_flask_app_submodules
def test_correct_default_is_set_for_cookie_samesite(self):
"""An empty 'cookie_samesite' should be corrected to 'Lax' with a deprecation warning."""
with pytest.deprecated_call():
app = application.cached_app(testing=True)
"""An empty 'cookie_samesite' should be corrected to 'Lax'."""
app = application.cached_app(testing=True)
assert app.config["SESSION_COOKIE_SAMESITE"] == "Lax"

@pytest.mark.parametrize(
Expand Down
11 changes: 0 additions & 11 deletions tests/www/test_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,24 +23,13 @@

import airflow.www.auth as auth
from airflow.auth.managers.models.resource_details import DagAccessEntity
from airflow.exceptions import RemovedInAirflow3Warning
from airflow.models import Connection, Pool, Variable
from airflow.www.auth import has_access

mock_call = Mock()

pytestmark = pytest.mark.skip_if_database_isolation_mode


class TestHasAccessDecorator:
def test_has_access_decorator_raises_deprecation_warning(self):
with pytest.warns(RemovedInAirflow3Warning):

@has_access
def test_function():
pass


@pytest.mark.parametrize(
"decorator_name, is_authorized_method_name",
[
Expand Down
32 changes: 0 additions & 32 deletions tests/www/test_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -358,38 +358,6 @@ def test_json_f_webencoder(self):
assert formatter(dagrun) == expected_markup


@pytest.mark.filterwarnings("ignore::DeprecationWarning")
def test_get_sensitive_variables_fields():
with pytest.warns(DeprecationWarning) as warning:
result = utils.get_sensitive_variables_fields()

# assert deprecation warning
assert len(warning) == 1
assert "This function is deprecated." in str(warning[-1].message)

from airflow.utils.log.secrets_masker import get_sensitive_variables_fields

expected_result = get_sensitive_variables_fields()
assert result == expected_result


@pytest.mark.filterwarnings("ignore::DeprecationWarning")
def test_should_hide_value_for_key():
key_name = "key"

with pytest.warns(DeprecationWarning) as warning:
result = utils.should_hide_value_for_key(key_name)

# assert deprecation warning
assert len(warning) == 1
assert "This function is deprecated." in str(warning[-1].message)

from airflow.utils.log.secrets_masker import should_hide_value_for_key

expected_result = should_hide_value_for_key(key_name)
assert result == expected_result


class TestWrappedMarkdown:
def test_wrapped_markdown_with_docstring_curly_braces(self):
rendered = wrapped_markdown("{braces}", css_class="a_class")
Expand Down