Using Airflow 2.0.2, I'm trying to use the airflow API to trigger DAG Runs. When I run a simple GET like
curl -X GET --user "fooUser:passw0rd" "${ENDPOINT_URL}/api/v1/pools"
I get expected results:
{
"pools": [
{
"name": "default_pool",
"occupied_slots": 0,
"open_slots": 128,
"queued_slots": 0,
"running_slots": 0,
"slots": 128
}
],
"total_entries": 1
So the user fooUser
does have some basic access to the API. But, trying to run
curl -X POST -H "Content-Type: application/json" -d '{}' --user "fooUser:passw0rd" "${ENDPOINT_URL}/api/v1/dags/myDag/dagRuns"
I get
{
"detail": null,
"status": 403,
"title": "Forbidden",
"type": "https://airflow.apache.org/docs/2.0.2/stable-rest-api-ref.html#section/Errors/PermissionDenied"
}
If I grant user fooUser
the Admin
role and use the same curl
command, I successfully get
{
"conf": {},
"dag_id": "myDag",
"dag_run_id": "manual__2021-12-13T21:37:42.959274+00:00",
"end_date": null,
"execution_date": "2021-12-13T21:37:42.959274+00:00",
"external_trigger": true,
"start_date": "2021-12-13T21:37:42.964609+00:00",
"state": "running"
}
I don't want this user to have Admin
permissions though. I want just enough to allow them to trigger DAG Runs using the API. But looking at the list of permissions granted to Admin
I can't tell which my fooUser
needs in order to accomplish this.
Which specific permission(s) does a user need in order to be allowed to trigger DAG Runs using the Airflow API?