2.1.3-debian-10-r1 release

2021-09-04 01:07:37 +00:00 · 2021-09-04 01:07:37 +00:00 · ff884864a0
parent 6a6a237566
commit ff884864a0
3 changed files with 46 additions and 9 deletions
--- a/bitnami/airflow/2/debian-10/Dockerfile
+++ b/bitnami/airflow/2/debian-10/Dockerfile
@ -27,7 +27,7 @@ RUN /opt/bitnami/scripts/airflow/postunpack.sh
 RUN /opt/bitnami/scripts/locales/add-extra-locales.sh
 ENV AIRFLOW_HOME="/opt/bitnami/airflow" \
    BITNAMI_APP_NAME="airflow" \
-    BITNAMI_IMAGE_VERSION="2.1.3-debian-10-r0" \
+    BITNAMI_IMAGE_VERSION="2.1.3-debian-10-r1" \
    LANG="en_US.UTF-8" \
    LANGUAGE="en_US:en" \
    LD_LIBRARY_PATH="/opt/bitnami/python/lib/:/opt/bitnami/airflow/venv/lib/python3.8/site-packages/numpy.libs/:$LD_LIBRARY_PATH" \
--- a/bitnami/airflow/2/debian-10/rootfs/opt/bitnami/scripts/libairflow.sh
+++ b/bitnami/airflow/2/debian-10/rootfs/opt/bitnami/scripts/libairflow.sh
@ -38,14 +38,26 @@ airflow_validate() {

    # Check LDAP parameters
    if is_boolean_yes "$AIRFLOW_LDAP_ENABLE"; then
+        
        [[ -z "$AIRFLOW_LDAP_URI" ]] && print_validation_error "Missing AIRFLOW_LDAP_URI"
        [[ -z "$AIRFLOW_LDAP_SEARCH" ]] && print_validation_error "Missing AIRFLOW_LDAP_SEARCH"
-        [[ -z "$AIRFLOW_LDAP_BIND_USER" ]] && print_validation_error "Missing AIRFLOW_LDAP_BIND_USER"
        [[ -z "$AIRFLOW_LDAP_UID_FIELD" ]] && print_validation_error "Missing AIRFLOW_LDAP_UID_FIELD"
+        [[ -z "$AIRFLOW_LDAP_BIND_USER" ]] && print_validation_error "Missing AIRFLOW_LDAP_BIND_USER"
        [[ -z "$AIRFLOW_LDAP_BIND_PASSWORD" ]] && print_validation_error "Missing AIRFLOW_LDAP_BIND_PASSWORD"
+        [[ -z "$AIRFLOW_LDAP_USER_REGISTRATION" ]] && print_validation_error "Missing AIRFLOW_LDAP_USER_REGISTRATION"
+        [[ -z "$AIRFLOW_LDAP_USER_REGISTRATION_ROLE" ]] && print_validation_error "Missing AIRFLOW_LDAP_USER_REGISTRATION_ROLE"
+        [[ -z "$AIRFLOW_LDAP_FIRSTNAME_FIELD" ]] && print_validation_error "Missing AIRFLOW_LDAP_FIRSTNAME_FIELD"
+        [[ -z "$AIRFLOW_LDAP_LASTNAME_FIELD" ]] && print_validation_error "Missing AIRFLOW_LDAP_LASTNAME_FIELD"
+        [[ -z "$AIRFLOW_LDAP_EMAIL_FIELD" ]] && print_validation_error "Missing AIRFLOW_LDAP_EMAIL_FIELD"
+        [[ -z "$AIRFLOW_LDAP_ROLES_MAPPING" ]] && print_validation_error "Missing AIRFLOW_LDAP_ROLES_MAPPING"
+        [[ -z "$AIRFLOW_LDAP_GROUP_FIELD" ]] && print_validation_error "Missing AIRFLOW_LDAP_GROUP_FIELD"
+        [[ -z "$AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" ]] && print_validation_error "Missing AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN"
+        [[ -z "$AIRFLOW_LDAP_PERM_SESSION_LIFETIME" ]] && print_validation_error "Missing AIRFLOW_LDAP_PERM_SESSION_LIFETIME"
        if [[ "$AIRFLOW_LDAP_USE_TLS" == "True" ]]; then
            [[ -z "$AIRFLOW_LDAP_TLS_CA_CERTIFICATE" ]] && print_validation_error "Missing AIRFLOW_LDAP_TLS_CA_CERTIFICATE"
+            [[ -z "$AIRFLOW_LDAP_ALLOW_SELF_SIGNED" ]] && print_validation_error "Missing AIRFLOW_LDAP_ALLOW_SELF_SIGNED"
        fi
+
    fi

    # Check pool parameters
@ -236,20 +248,45 @@ airflow_configure_webserver_authentication() {

    if is_boolean_yes "$AIRFLOW_LDAP_ENABLE"; then
        info "Enabling LDAP authentication"
-        replace_in_file "$AIRFLOW_WEBSERVER_CONF_FILE" "# AUTH_USER_REGISTRATION = True" "AUTH_USER_REGISTRATION = True"
-        airflow_webserver_conf_set "AUTH_TYPE" "AUTH_LDAP"
        replace_in_file "$AIRFLOW_WEBSERVER_CONF_FILE" "# from flask_appbuilder.security.manager import AUTH_LDAP" "from flask_appbuilder.security.manager import AUTH_LDAP"
+        replace_in_file "$AIRFLOW_WEBSERVER_CONF_FILE" "from flask_appbuilder.security.manager import AUTH_DB" "# from flask_appbuilder.security.manager import AUTH_DB"
+
+        # webserver config
+        airflow_webserver_conf_set "AUTH_TYPE" "AUTH_LDAP"        
        airflow_webserver_conf_set "AUTH_LDAP_SERVER" "'$AIRFLOW_LDAP_URI'"
+        airflow_webserver_conf_set "AUTH_LDAP_USE_TLS" "$AIRFLOW_LDAP_USE_TLS"
+
+        # searches
        airflow_webserver_conf_set "AUTH_LDAP_SEARCH" "'$AIRFLOW_LDAP_SEARCH'"
+        airflow_webserver_conf_set "AUTH_LDAP_UID_FIELD" "'$AIRFLOW_LDAP_UID_FIELD'"
+
+        # Special account for searches
        airflow_webserver_conf_set "AUTH_LDAP_BIND_USER" "'$AIRFLOW_LDAP_BIND_USER'"
        airflow_webserver_conf_set "AUTH_LDAP_BIND_PASSWORD" "'$AIRFLOW_LDAP_BIND_PASSWORD'"
-        airflow_webserver_conf_set "AUTH_LDAP_UID_FIELD" "'$AIRFLOW_LDAP_UID_FIELD'"
-        airflow_webserver_conf_set "AUTH_LDAP_USE_TLS" "$AIRFLOW_LDAP_USE_TLS"
-        airflow_webserver_conf_set "AUTH_LDAP_ALLOW_SELF_SIGNED" "$AIRFLOW_LDAP_ALLOW_SELF_SIGNED"
+        
+        # Registration configs
+        airflow_webserver_conf_set "AUTH_USER_REGISTRATION" "$AIRFLOW_LDAP_USER_REGISTRATION"
+        airflow_webserver_conf_set "AUTH_USER_REGISTRATION_ROLE" "'$AIRFLOW_LDAP_USER_REGISTRATION_ROLE'"
+        airflow_webserver_conf_set "AUTH_LDAP_FIRSTNAME_FIELD" "'$AIRFLOW_LDAP_FIRSTNAME_FIELD'"
+        airflow_webserver_conf_set "AUTH_LDAP_LASTNAME_FIELD" "'$AIRFLOW_LDAP_LASTNAME_FIELD'"
+        airflow_webserver_conf_set "AUTH_LDAP_EMAIL_FIELD" "'$AIRFLOW_LDAP_EMAIL_FIELD'"
+
+        # Mapping from LDAP DN to list of FAB roles
+        airflow_webserver_conf_set "AUTH_ROLES_MAPPING" "$AIRFLOW_LDAP_ROLES_MAPPING"
+
+        # LDAP user attribute which has their role DNs
+        airflow_webserver_conf_set "AUTH_LDAP_GROUP_FIELD" "'$AIRFLOW_LDAP_GROUP_FIELD'"
+
+        # Replace user's roles at login
+        airflow_webserver_conf_set "AUTH_ROLES_SYNC_AT_LOGIN" "$AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN"
+
+        # Force user to re-auth after 30min without activity (to keep roles sync)
+        airflow_webserver_conf_set "AUTH_PERM_SESSION_LIFETIME" "$AIRFLOW_LDAP_PERM_SESSION_LIFETIME"
+        
        if [[ "$AIRFLOW_LDAP_USE_TLS" == "True" ]]; then
+            airflow_webserver_conf_set "AUTH_LDAP_ALLOW_SELF_SIGNED" "$AIRFLOW_LDAP_ALLOW_SELF_SIGNED"
            airflow_webserver_conf_set "AUTH_LDAP_TLS_CACERTFILE" "$AIRFLOW_LDAP_TLS_CA_CERTIFICATE"
        fi
-        airflow_webserver_conf_set "AUTH_USER_REGISTRATION_ROLE" "'$AIRFLOW_USER_REGISTRATION_ROLE'"
    fi
 }

--- a/bitnami/airflow/README.md
+++ b/bitnami/airflow/README.md
@ -33,7 +33,7 @@ $ docker-compose up
 Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/).


-* [`2`, `2-debian-10`, `2.1.3`, `2.1.3-debian-10-r0`, `latest` (2/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-airflow/blob/2.1.3-debian-10-r0/2/debian-10/Dockerfile)
+* [`2`, `2-debian-10`, `2.1.3`, `2.1.3-debian-10-r1`, `latest` (2/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-airflow/blob/2.1.3-debian-10-r1/2/debian-10/Dockerfile)
 * [`1`, `1-debian-10`, `1.10.15`, `1.10.15-debian-10-r139` (1/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-airflow/blob/1.10.15-debian-10-r139/1/debian-10/Dockerfile)

 Subscribe to project updates by watching the [bitnami/airflow GitHub repo](https://github.com/bitnami/bitnami-docker-airflow).