Skip to content

Refactor serve_logs with FastAPI #52581

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Refactor serve_logs with FastAPI #52581

wants to merge 1 commit into from
+99 −78

Conversation

jason810496
Copy link
Member

@jason810496 jason810496 commented Jun 30, 2025
edited
Loading

closes: #52526
related: https://lists.apache.org/thread/hfr8q85rgr6knpp5wblbz301ysnmzhht

Why

  • Move Flask ( or FAB you said ) out of airflow-core dependency

What

Replace Flask's send_from_directory fastapi_app.mount with JWTAuthStaticFiles ( which inherent from FastAPI's StaticFiles and extend the existed authorization. reference from fastapi/fastapi#858 (comment) )

@jason810496 jason810496 self-assigned this Jun 30, 2025
@jason810496 jason810496 added the full tests needed We need to run full set of tests for this PR to merge label Jun 30, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 30, 2025
View reviewed changes
@jason810496 jason810496 force-pushed the refactor/logging/replace-flask-serve-log-with-fastapi branch from 8be599f to 99651ed Compare June 30, 2025 18:00
@jason810496
Refactor serve_logs with FastAPI
b5facdf 
Fix test_invalid_characters_handled

Refactor with StaticFiles
@jason810496 jason810496 force-pushed the refactor/logging/replace-flask-serve-log-with-fastapi branch from 99651ed to b5facdf Compare June 30, 2025 18:02
@jason810496 jason810496 marked this pull request as ready for review June 30, 2025 18:02
jason810496
jason810496 commented Jun 30, 2025
View reviewed changes
Copy link
Member Author

@jason810496 jason810496 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I though there isn't Flask'ssend_from_directory alternative in FastAPI.
So I implement the validation for file path in first try ( and the security check is angry ).

Fortunately I found the gist for having authorization for FastAPI's StaticFiles. ( linked in the PR description )

airflow-core/src/airflow/utils/serve_logs.py
await self.validate_jwt_token(request)
await super().__call__(scope, receive, send)

async def validate_jwt_token(self, request: Request):
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I move the validate_jwt_token to new JWTAuthStaticFiles class.

Also make it as async method, since the unit test will raise some event loop issue related to async_to_sync if I use the original signer.validated_claims(auth) instead of await signer.avalidated_claims(auth).

airflow-core/src/airflow/utils/serve_logs.py
raise ImportError(f"Unable to load {log_config_class} due to error: {e}")

fastapi_app = FastAPI()
fastapi_app.state.signer = JWTValidator(
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have to set the signer instance in app.state just like what we do in core-api for dag_bag to make it singleton.

airflow-core/src/airflow/utils/serve_logs.py
Comment on lines 211 to 219

options = [bind_option, GunicornOption("workers", 2)]
StandaloneGunicornApplication(wsgi_app, options).run()
# Use Uvicorn worker class for ASGI applications
options = [
bind_option,
GunicornOption("workers", 2),
GunicornOption("worker_class", "uvicorn.workers.UvicornWorker"),
]
StandaloneGunicornApplication(asgi_app, options).run()

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO, I'm also think about replace StandaloneGunicornApplication with uvicorn.run. Since the api_server_command use uvicorn.run to start the whole core-api.

Any comment for this ?

airflow/airflow-core/src/airflow/cli/commands/api_server_command.py

Lines 106 to 117 in b5facdf

uvicorn.run(
"airflow.api_fastapi.main:app",
host=args.host,
port=args.port,
workers=num_workers,
timeout_keep_alive=worker_timeout,
timeout_graceful_shutdown=worker_timeout,
ssl_keyfile=ssl_key,
ssl_certfile=ssl_cert,
access_log=access_logfile,
proxy_headers=proxy_headers,
)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pierrejeambrun pierrejeambrun Awaiting requested review from pierrejeambrun

@potiuk potiuk Awaiting requested review from potiuk

At least 1 approving review is required to merge this pull request.

Assignees

@jason810496 jason810496

Labels
full tests needed We need to run full set of tests for this PR to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Convert serve_logs to use fast-api
1 participant
@jason810496