apache-airflow-providers-keycloak

v0.7.2 safe
3.0
Low Risk

Provider package apache-airflow-providers-keycloak for Apache Airflow

🤖 AI Analysis

Final verdict: SAFE

The package appears safe based on low scores across all risk categories, with no clear signs of malicious activity. The metadata risk score is slightly elevated but does not suggest a supply-chain attack.

  • No network or shell risks detected.
  • Obfuscation and credential handling appear benign.
Per-check LLM notes
  • Network: No network calls detected, which is normal for a library focused on integration with Keycloak.
  • Shell: No shell execution patterns detected, which is expected for a standard Python package.
  • Obfuscation: The detected pattern is a standard practice for extending module search paths and not indicative of malicious obfuscation.
  • Credentials: The detected pattern is likely used for prompting user input securely, which is a common practice when dealing with sensitive information like passwords.
  • Metadata: The package shows some red flags but lacks clear indicators of malicious intent.

📦 Package Quality Overall: Medium (7.8/10)

✦ High Test Suite 9.0

Test suite present — 21 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: conftest.py
  • 21 test file(s) detected (e.g. conftest.py)
✦ High Documentation 9.0

Well-documented package

  • Documentation URL: "Documentation" -> https://airflow.apache.org/docs/apache-airflow-providers-key
  • 1 documentation file(s) (e.g. conf.py)
  • Detailed PyPI description (3476 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 50 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 46 unique contributor(s) across 100 commits in apache/airflow
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • under the License. __path__ = __import__("pkgutil").extend_path(__path__, __name__) # Licensed to the Apache S
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • getpass values = getpass.getpass(prompt="Password: ") setattr(namespace, self.dest, v
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: airflow.apache.org>

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://www.apache.org/licenses/LICENSE-2.0
Git Repository History

Repository apache/airflow appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with apache-airflow-providers-keycloak 
Create a fully-functional mini-application that integrates user authentication and authorization using Keycloak through the 'apache-airflow-providers-keycloak' package within Apache Airflow. Your task is to design a system that allows users to authenticate via Keycloak before they can trigger specific DAGs (Directed Acyclic Graphs) in an Airflow environment. This system should ensure that only authorized users can execute certain tasks or workflows based on their roles defined in Keycloak.

Step 1: Set up an Apache Airflow environment, ensuring it is properly configured with the 'apache-airflow-providers-keycloak' package installed.

Step 2: Configure Keycloak to manage users and roles. Create at least two different roles: 'admin' and 'user'. Each role should have distinct permissions to execute specific DAGs or tasks within the DAGs.

Step 3: Develop a custom operator in Apache Airflow that leverages the 'apache-airflow-providers-keycloak' package to check if the authenticated user has the necessary permissions to execute a particular DAG or task. If the user does not have the required permissions, the task should fail gracefully.

Step 4: Implement a user-friendly interface where users can log in using their Keycloak credentials. Upon successful login, users should be redirected to a dashboard showing all available DAGs and their status. Only DAGs that the user has permission to execute should be visible and executable from this dashboard.

Step 5: Ensure that your application logs all authentication attempts and execution attempts of DAGs, including the time, user ID, and outcome of each attempt.

Suggested Features:
- Role-based access control (RBAC) enforcement for DAG execution.
- Logging of authentication and execution attempts for auditing purposes.
- User-friendly UI for logging in and viewing available DAGs.
- Graceful failure messages when a user tries to execute a DAG without proper permissions.

The 'apache-airflow-providers-keycloak' package will be utilized primarily for authenticating users against Keycloak and checking their roles and permissions. It will also facilitate secure communication between Airflow and Keycloak, ensuring that sensitive information is handled securely.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!