https://github.com/ridwanbejo/terraform-airflow-user

Terraform module for managing Airflow Users and Roles
https://github.com/ridwanbejo/terraform-airflow-user

airflow automation devops hashicorp hcl iac infrastructure-as-code terraform terraform-module

Last synced: 8 months ago
JSON representation

Terraform module for managing Airflow Users and Roles

Host: GitHub
URL: https://github.com/ridwanbejo/terraform-airflow-user
Owner: ridwanbejo
License: bsd-3-clause
Created: 2023-11-11T06:17:21.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2023-11-11T17:26:56.000Z (about 2 years ago)
Last Synced: 2025-02-01T16:12:17.090Z (10 months ago)
Topics: airflow, automation, devops, hashicorp, hcl, iac, infrastructure-as-code, terraform, terraform-module
Language: HCL
Homepage:
Size: 10.7 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

          # Terraform Airflow User

This is a Terraform module for managing Users and Roles at Apache Airflow. You can use this module both for commercial or non-commercial purposes.

Currently, you can manage these resources in Airflow by using this module:

- Users

- Roles

- Connect to Airflow API with Basic Auth

Tested in:

- Apache Airflow ✅

- Astronomer ❌

## A. Prerequisites

Requirements:

- Terraform with version >= 1.4

- DrFaust92/airflow

- Hashicorp/random

- Airflow hostname

- Airflow username -> `TF_VAR_airflow_username`

- Airflow password -> `TF_VAR_airflow_password`

## B. How to use this module for your Terraform project ?

- Copy `example` project from this module. You can extend it as per your requirements

- Configure Airflow hostname by modifying the `providers.tf`. For example `http://localhost:8080/`

- Configure `TF_VAR_airflow_username` and `TF_VAR_airflow_username` as environment variables. For example:

```

$ export TF_VAR_airflow_username=airflow

$ export TF_VAR_airflow_password=airflow

```

- Create `terraform.tfvars` inside the Project. Then copy this sample terraform.tfvars into the file:

```

airflow_roles = [

  {

    name    = "custom-role-1"

    actions = [

      {

        name     = "can_read"

        resource = "Audit Logs"

      }

    ]

  },

  {

    name    = "custom-role-2"

    actions = [

      {

        name     = "can_read"

        resource = "Audit Logs"

      },

      {

        name     = "can_read"

        resource = "DAGs"

      }

    ]

  },

  {

    name    = "custom-role-3"

    actions = [

      {

        name     = "can_read"

        resource = "Variables"

      }

    ]

  },

]

airflow_users = [

  {

    email      = "ridwanbejo@gmail.com"

    first_name = "Ridwan"

    last_name  = "Bejo"

    username   = "ridwanbejo"

    roles      = ["Viewer"]

  },

  {

    email      = "sakura.machiya@gmail.com"

    first_name = "Sakura"

    last_name  = "Machiya"

    username   = "sakuramachi"

    roles      = ["Viewer"]

  },

  {

    email      = "peter.dart@gmail.com"

    first_name = "Peter"

    last_name  = "Dart"

    username   = "peterdart"

    roles      = ["custom-role-1"]

  },

  {

    email      = "eliza.fangerbau@gmail.com"

    first_name = "Eliza"

    last_name  = "Fangerbau"

    username   = "elizafang"

    roles      = ["custom-role-2"]

  },

  {

    email      = "michelle.wang@gmail.com"

    first_name = "Michelle"

    last_name  = "Wang"

    username   = "michwang"

    roles      = ["custom-role-2", "custom-role-3"]

  }

]

 ```

- Adjust the tfvars based on your requirements. The tfvars above is just example. Then, Save it

- Run these commands:

```

$ terraform init

$ terraform plan

```

This is the output when you run terraform plan successfully:

```

...

 # module.tf_airflow_users.random_password.password["sakuramachi"] will be created

  + resource "random_password" "password" {

      + bcrypt_hash      = (sensitive value)

      + id               = (known after apply)

      + length           = 16

      + lower            = true

      + min_lower        = 0

      + min_numeric      = 0

      + min_special      = 0

      + min_upper        = 0

      + number           = true

      + numeric          = true

      + override_special = "!#$%&*()-_=+[]{}<>:?"

      + result           = (sensitive value)

      + special          = true

      + upper            = true

    }

Plan: 13 to add, 0 to change, 0 to destroy.

Changes to Outputs:

  + airflow_users = {

      + elizafang   = "eliza.fangerbau@gmail.com"

      + michwang    = "michelle.wang@gmail.com"

      + peterdart   = "peter.dart@gmail.com"

      + ridwanbejo  = "ridwanbejo@gmail.com"

      + sakuramachi = "sakura.machiya@gmail.com"

    }

```

After you feel confidence with the terraform plan output, let's apply it.

```

$ terraform apply -auto-approve

```

- If it succeed, you must see this kind of output on your terminal

```

...

module.tf_airflow_users.random_password.password["elizafang"]: Creation complete after 0s [id=none]

module.tf_airflow_users.random_password.password["peterdart"]: Creation complete after 0s [id=none]

module.tf_airflow_users.random_password.password["ridwanbejo"]: Creation complete after 0s [id=none]

module.tf_airflow_users.airflow_role.roles["custom-role-1"]: Creation complete after 0s [id=custom-role-1]

module.tf_airflow_users.airflow_role.roles["custom-role-2"]: Creation complete after 0s [id=custom-role-2]

module.tf_airflow_users.airflow_role.roles["custom-role-3"]: Creation complete after 0s [id=custom-role-3]

module.tf_airflow_users.airflow_user.users["elizafang"]: Creating...

module.tf_airflow_users.airflow_user.users["ridwanbejo"]: Creating...

module.tf_airflow_users.airflow_user.users["sakuramachi"]: Creating...

module.tf_airflow_users.airflow_user.users["michwang"]: Creating...

module.tf_airflow_users.airflow_user.users["peterdart"]: Creating...

module.tf_airflow_users.airflow_user.users["sakuramachi"]: Creation complete after 1s [id=sakuramachi]

module.tf_airflow_users.airflow_user.users["elizafang"]: Creation complete after 1s [id=elizafang]

module.tf_airflow_users.airflow_user.users["michwang"]: Creation complete after 1s [id=michwang]

module.tf_airflow_users.airflow_user.users["ridwanbejo"]: Creation complete after 1s [id=ridwanbejo]

module.tf_airflow_users.airflow_user.users["peterdart"]: Creation complete after 1s [id=peterdart]

Apply complete! Resources: 13 added, 0 changed, 0 destroyed.

Outputs:

airflow_users = {

  "elizafang" = "eliza.fangerbau@gmail.com"

  "michwang" = "michelle.wang@gmail.com"

  "peterdart" = "peter.dart@gmail.com"

  "ridwanbejo" = "ridwanbejo@gmail.com"

  "sakuramachi" = "sakura.machiya@gmail.com"

}

```

Now you can check the Airflow List Roles page and List User page to see the applied changes.

## C. Understanding tfvars scenarios

There are some scenarios that you could choose by using this module. For example:

1. create users without specifying custom role. For example you can choose `Viewer` role and assign it to users.

```

airflow_users = [

  {

    email      = "ridwanbejo@gmail.com"

    first_name = "Ridwan"

    last_name  = "Bejo"

    username   = "ridwanbejo"

    roles      = ["Viewer"]

  },

  {

    email      = "sakura.machiya@gmail.com"

    first_name = "Sakura"

    last_name  = "Machiya"

    username   = "sakuramachi"

    roles      = ["Viewer"]

  }

]

```

> In Airflow, there are some roles by default when you have Airflow fresh installation. Those roles are `Admin`, `Viewer`, `User`, `Op`, `Public`. I use `Viewer` because that was the default role which are provided by Airflow.

2. create users with custom role

```

airflow_users = [

  {

    email      = "peter.dart@gmail.com"

    first_name = "Peter"

    last_name  = "Dart"

    username   = "peterdart"

    roles      = ["custom-role-1"]

  },

  {

    email      = "eliza.fangerbau@gmail.com"

    first_name = "Eliza"

    last_name  = "Fangerbau"

    username   = "elizafang"

    roles      = ["custom-role-2"]

  }

]

```

3. create user with multiple roles

```

airflow_users = [

  {

    email      = "michelle.wang@gmail.com"

    first_name = "Michelle"

    last_name  = "Wang"

    username   = "michwang"

    roles      = ["custom-role-2", "custom-role-3"]

  }

]

```

## D. Ensuring quality

I am trying to follow these approaches for ensuring quality of the tf-module:

- **validate**, ensure my Terraform module is in correct configuration based on Terraform guideline

- **auto-format**, ensure my Terraform script is edited with correct format based on Terraform guideline

- **linter**, ensure my Terraform script is in correct format based on Terraform guideline

- **tests**, ensure my Terraform module is processing correct variables and yield expected outputs

- **security**, ensure my Terraform module is free from CVE and stay compliance

- **automation**, run all above steps by using automation tool to improve development time and keep best quality before or after merging to Git repository

The tools:

- [terraform validate](https://developer.hashicorp.com/terraform/cli/commands)

- [terraform fmt](https://developer.hashicorp.com/terraform/cli/commands)

- [tflint](https://github.com/terraform-lint48ers/tflint)

- [terraform tests](https://developer.hashicorp.com/terraform/language/tests)

- [tfsec](https://github.com/aquasecurity/tfsec)

- [Pre-commit](https://pre-commit.com/)

- Github Action [Setup Terraform pipeline](https://github.com/hashicorp/setup-terraform)

## E. How to contribute ?

If you find any issue, you can raise it here at our [Issue Tracker](https://github.com/ridwanbejo/terraform-airflow-user/issues)

If you have something that you want to merge to this repo, just raise [Pull Requests](https://github.com/ridwanbejo/terraform-airflow-user/pulls)

Ensure that you install all the tools from section D. for development purpose.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/ridwanbejo/terraform-airflow-user

Awesome Lists containing this project

README