Attach roles to AD groups - Azure OAuth

[sk2991]

We have implemented RBAC using Azure OAuth, Is there any way to attach a role to AD group - so that users part of that AD groups/Tenant can get default access to the attached role

Apache Airflow version: 1.10.10

Kubernetes version (if you are using kubernetes) (use kubectl version): 1.15.10

Environment:

• Cloud provider or hardware configuration: Azure (AKS)
• OS (e.g. from /etc/os-release): Debian GNU/Linux
• Kernel (e.g. uname -a): 4.15.0-1089-azure
• Install tools:
• Others:

What happened:

What you expected to happen:

attach a role to AD group (or) Azure tenant

How to reproduce it:

Helm install stable/airflow
Implement RBAC using Azure OAuth

[boring-cyborg]

Thanks for opening your first issue here! Be sure to follow the issue template!

[elwinarens]

@sk2991 Would you mind sharing your Azure OAuth implementation?

[rafaelpierre]

@sk2991 +1

@sk2991 Would you mind sharing your Azure OAuth implementation?

[mik-laj]

Is this helpful for you? I don't use Azure OAuth, so I'm not sure this change applies here.
dpgaspar/Flask-AppBuilder#1410

[sk2991]

@elwinarens @rafaelpierre - I have used this link to configure Azure OAuth.
Other useful links:
#3015
https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-oauth

[sk2991]

@mik-laj It does help to some extent. Is there anyway to extend this? Instead of declaring "AUTH_USER_REGISTRATION_ROLE_JMESPATH = "contains(['alice@example.com', 'celine@example.com'], email) && 'Admin' || 'Public'"" this manually in config file - can we assign it dynamically?

[hussainsaify]

@sk2991 were you able to solve this using a more cleaner method than shared above?

[sk2991]

@hussainsaify I was not able to find any other way.