Move access_denied_message webserver config to fab

pierrejeambrun · pierrejeambrun · commit 34530a7836fc · 2025-05-05T17:05:53.000+02:00
diff --git a/airflow-core/src/airflow/cli/commands/config_command.py b/airflow-core/src/airflow/cli/commands/config_command.py
@@ -379,6 +379,10 @@ def message(self) -> str | None:
         config=ConfigParameter("webserver", "session_lifetime_minutes"),
         renamed_to=ConfigParameter("fab", "session_lifetime_minutes"),
     ),
+    ConfigChange(
+        config=ConfigParameter("webserver", "access_denied_message"),
+        renamed_to=ConfigParameter("fab", "access_denied_message"),
+    ),
     ConfigChange(
         config=ConfigParameter("webserver", "base_url"),
         renamed_to=ConfigParameter("api", "base_url"),
diff --git a/airflow-core/src/airflow/config_templates/config.yml b/airflow-core/src/airflow/config_templates/config.yml
@@ -1684,13 +1684,6 @@ operators:
 webserver:
   description: ~
   options:
-    access_denied_message:
-      description: |
-        The message displayed when a user attempts to execute actions beyond their authorised privileges.
-      version_added: 2.7.0
-      type: string
-      example: ~
-      default: "Access is Denied"
     secret_key:
       description: |
         Secret key used to run your api server. It should be as random as possible. However, when running
diff --git a/providers/fab/provider.yaml b/providers/fab/provider.yaml
@@ -56,6 +56,13 @@ config:
   fab:
     description: This section contains configs specific to FAB provider.
     options:
+      access_denied_message:
+        description: |
+          The message displayed when a user attempts to execute actions beyond their authorised privileges.
+        version_added: 2.0.3
+        type: string
+        example: ~
+        default: "Access is Denied"
       auth_rate_limited:
         description: |
           Boolean for enabling rate limiting on authentication endpoints.
diff --git a/providers/fab/src/airflow/providers/fab/get_provider_info.py b/providers/fab/src/airflow/providers/fab/get_provider_info.py
@@ -30,6 +30,13 @@ def get_provider_info():
             "fab": {
                 "description": "This section contains configs specific to FAB provider.",
                 "options": {
+                    "access_denied_message": {
+                        "description": "The message displayed when a user attempts to execute actions beyond their authorised privileges.\n",
+                        "version_added": "2.0.3",
+                        "type": "string",
+                        "example": None,
+                        "default": "Access is Denied",
+                    },
                     "auth_rate_limited": {
                         "description": "Boolean for enabling rate limiting on authentication endpoints.\n",
                         "version_added": "1.0.2",
diff --git a/providers/fab/src/airflow/providers/fab/www/auth.py b/providers/fab/src/airflow/providers/fab/www/auth.py
@@ -61,7 +61,7 @@
 
 
 def get_access_denied_message():
-    return conf.get("webserver", "access_denied_message")
+    return conf.get("fab", "access_denied_message")
 
 
 def has_access_with_pk(f):
