From dd9fc47866f2d0e3be05c50c0b370a2393d1e62e Mon Sep 17 00:00:00 2001 From: mbelfares Date: Sun, 7 Jun 2026 17:20:31 +0200 Subject: [PATCH] feat: manual only deployment --- helm/airflow/values.yaml | 25 +------------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/helm/airflow/values.yaml b/helm/airflow/values.yaml index 2b32f81..47c8459 100644 --- a/helm/airflow/values.yaml +++ b/helm/airflow/values.yaml @@ -32,33 +32,10 @@ apiServer: "access_token_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/airflow-realm/protocol/openid-connect/token", "authorize_url": "http://keycloak.49.13.143.254.nip.io/auth/realms/airflow-realm/protocol/openid-connect/auth", "jwks_uri": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/airflow-realm/protocol/openid-connect/certs", - "userinfo_endpoint": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/airflow-realm/protocol/openid-connect/userinfo", "client_kwargs": { "scope": "openid email profile", - "verify": False + "token_endpoint_auth_method": "client_secret_post" } } } ] - - from airflow.www.security import AirflowSecurityManager - from flask_appbuilder.security.manager import AUTH_OAUTH - import jwt - import logging - - class CustomSecurityManager(AirflowSecurityManager): - def oauth_user_info(self, provider, response=None): - if provider == "keycloak": - token = response.get("access_token") - data = jwt.decode(token, options={"verify_signature": False}) - logging.debug("Keycloak user info: %s", data) - return { - "username": data.get("preferred_username", ""), - "first_name": data.get("given_name", ""), - "last_name": data.get("family_name", ""), - "email": data.get("email", ""), - "role_keys": data.get("roles", []), - } - return {} - - SECURITY_MANAGER_CLASS = CustomSecurityManager