我正在尝试使用 Okta(我们的 Idp)和 OAuth2.0/OpenID 对 Airflow 进行身份验证。为此,我将此作为参考:
-
https://tech.scribd.com/blog/2021/integrating-airflow-and-okta.html https://tech.scribd.com/blog/2021/integrating-airflow-and-okta.html
-
https://flask-appbuilder.readthedocs.io/en/latest/security.html https://flask-appbuilder.readthedocs.io/en/latest/security.html
问题是,完成所有配置后,当我尝试使用 Okta 登录时,我收到消息“无效登录。请重试。”
我认为来自 Flask 的唯一日志如下:
172.17.0.1 - - [06/Aug/2021:14:05:01 +0000] "GET /static/pin_32.png HTTP/1.1" 304 0 "http://localhost:8080/login/?next=http%3A%2F%2Flocalhost%3A8080%2Fhome" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
172.17.0.1 - - [06/Aug/2021:14:05:26 +0000] "GET /login/okta?next=http://localhost:8080/home HTTP/1.1" 302 985 "http://localhost:8080/login/?next=http%3A%2F%2Flocalhost%3A8080%2Fhome" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
172.17.0.1 - - [06/Aug/2021:14:05:41 +0000] "GET /oauth-authorized/okta?code=V3YfnQL9IQOIwJLWt1KdALrtRRYM1xtZBDxNP9exlp4&state=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuZXh0IjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9ob21lIl19.GbawEXaz1lpX1nOYuGyHHSstM9b-X36sghlhBoLuot0 HTTP/1.1" 302 221 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
172.17.0.1 - - [06/Aug/2021:14:05:41 +0000] "GET /login/ HTTP/1.1" 200 17174 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
我看没有什么问题..
配置步骤:
1. 配置 Okta:
另外“授权服务器是默认的”
2.完成webserver_config.py
import os
from flask_appbuilder.security.manager import AUTH_OAUTH
AUTH_TYPE = AUTH_OAUTH
OAUTH_PROVIDERS = [
{'name': 'okta', 'icon': 'fa-circle-o',
'token_key': 'access_token',
'remote_app': {
'client_id': '0oa1ceaw9cxc1rXhi5d7',
'client_secret': 'MY CLIENT SECRET',
'api_base_url': 'https://MY OKTA DOMAIN/oauth2/default/v1/',
'client_kwargs': {
'scope': 'openid profile email groups'
},
'access_token_url': 'https://MY OKTA DOMAIN/oauth2/default/v1/token',
'authorize_url': 'https://MY OKTA DOMAIN/oauth2/default/v1/authorize',
}
}
]
3. 创建 Dockerfile:
FROM apache/airflow
enter code here`RUN pip install authlib \
&& pip install flask-appbuilder==3.2.2 \
&& pip install sqlalchemy==1.3.18 \
COPY ./webserver_config.py /opt/airflow/webserver_config.py
4.构建镜像并运行airflow容器:
#docker build -t airflowcustom .
#docker run -d -p 8080:8080 --name airflow airflowcustom webserver
我被困在这里......有人这样做或遇到类似的问题吗?
您知道我可以在哪里看到哪些日志吗?我没有看到气流容器内有任何东西。