Skip to content

auth_manager

AppPermission

Bases: StrEnum

Permissions for the app resource.

Source code in spark_on_k8s/api/auth/auth_manager.py
31
32
33
34
35
36
class AppPermission(StrEnum):
    """Permissions for the app resource."""
    LIST = "LIST"
    GET = "GET"
    KILL = "KILL"
    DELETE = "DELETE"

BaseAuthManager

Bases: ABC, Generic[UserInfo]

Base class for the authentication manager.

Source code in spark_on_k8s/api/auth/auth_manager.py
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
class BaseAuthManager(ABC, Generic[UserInfo]):
    """
    Base class for the authentication manager.
    """
    @abstractmethod
    async def authenticate(self, request: Request) -> UserInfo | None:
        """Parse the request and authenticate the user."""
        raise NotImplementedError()

    @abstractmethod
    async def is_authorized(self, user: UserInfo, resource: str, actions: list[PermissionActions]) -> bool:
        """Check if the user is authorized to perform the actions on the resource."""
        raise NotImplementedError()

    @final
    async def check_permissions(self, request: Request, security_scopes: SecurityScopes):
        print(security_scopes.scopes)
        user = await self.authenticate(request)
        if not user:
            raise HTTPException(status_code=401, detail="Unauthorized")
        # TODO: get the resource and actions from the request
        if not await self.is_authorized(user, "test_resource", [PermissionActions.GET]):
            raise HTTPException(status_code=403, detail="Forbidden")
        return True

authenticate(request) abstractmethod async

Parse the request and authenticate the user.

Source code in spark_on_k8s/api/auth/auth_manager.py
56
57
58
59
@abstractmethod
async def authenticate(self, request: Request) -> UserInfo | None:
    """Parse the request and authenticate the user."""
    raise NotImplementedError()

is_authorized(user, resource, actions) abstractmethod async

Check if the user is authorized to perform the actions on the resource.

Source code in spark_on_k8s/api/auth/auth_manager.py
61
62
63
64
@abstractmethod
async def is_authorized(self, user: UserInfo, resource: str, actions: list[PermissionActions]) -> bool:
    """Check if the user is authorized to perform the actions on the resource."""
    raise NotImplementedError()

HttpBasicAuthManager

Bases: BaseAuthManager[BaseUser]

HTTP basic authentication manager.

Source code in spark_on_k8s/api/auth/auth_manager.py
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
class HttpBasicAuthManager(BaseAuthManager[BaseUser]):
    """HTTP basic authentication manager."""

    def __init__(self):
        super().__init__()
        self.authenticator = HTTPBasic()

    async def authenticate(self, request: Request) -> HTTPBasicCredentials | None:
        credentials = await self.authenticator(request)
        if not credentials:
            return None
        return credentials

    async def is_authorized(self, user: HTTPBasicCredentials, resource: str, actions: list[PermissionActions]) -> bool:
        return False

PermissionActions

Bases: StrEnum

Permission actions.

Source code in spark_on_k8s/api/auth/auth_manager.py
18
19
20
21
22
23
24
25
class PermissionActions(StrEnum):
    """Permission actions."""
    GET = "GET"
    PUT = "PUT"
    POST = "POST"
    DELETE = "DELETE"
    PATCH = "PATCH"
    ALL = "ALL"

Resource

Bases: StrEnum

Spark on K8s resources API resources.

Source code in spark_on_k8s/api/auth/auth_manager.py
27
28
29
class Resource(StrEnum):
    """Spark on K8s resources API resources."""
    APP = "APP"