[GitHub] [airflow] bolkedebruin commented on a diff in pull request #29433: Add dataset update endpoint

Mon, 27 Feb 2023 00:12:33 -0800 


bolkedebruin commented on code in PR #29433:
URL: https://github.com/apache/airflow/pull/29433#discussion_r1118401275


##########
airflow/api_connexion/endpoints/dataset_endpoint.py:
##########
@@ -120,3 +126,39 @@ def get_dataset_events(
     return dataset_event_collection_schema.dump(
         DatasetEventCollection(dataset_events=events, 
total_entries=total_entries)
     )
+
+
[email protected]_access([(permissions.ACTION_CAN_CREATE, 
permissions.RESOURCE_DATASET)])
+@provide_session
+def post_dataset_event(session: Session = NEW_SESSION) -> APIResponse:
+    """Create an external dataset event. This endpoint is useful if you want 
to update a dataset and
+    trigger downstream DAG runs from external services.
+    """
+    try:
+        json_body = dataset_change_schema.load(get_json_request_dict())
+    except ValidationError as err:
+        raise BadRequest(detail=str(err))
+    uri = json_body["dataset_uri"]
+    external_source = json_body["external_source"]
+    external_service_id = json_body["external_service_id"]

Review Comment:
   same as above: this should not be up to the client to decide, but should be 
obtained at a different layer (HTTP, Application, etc)



##########
airflow/api_connexion/endpoints/dataset_endpoint.py:
##########
@@ -120,3 +126,39 @@ def get_dataset_events(
     return dataset_event_collection_schema.dump(
         DatasetEventCollection(dataset_events=events, 
total_entries=total_entries)
     )
+
+
[email protected]_access([(permissions.ACTION_CAN_CREATE, 
permissions.RESOURCE_DATASET)])
+@provide_session
+def post_dataset_event(session: Session = NEW_SESSION) -> APIResponse:
+    """Create an external dataset event. This endpoint is useful if you want 
to update a dataset and
+    trigger downstream DAG runs from external services.
+    """
+    try:
+        json_body = dataset_change_schema.load(get_json_request_dict())
+    except ValidationError as err:
+        raise BadRequest(detail=str(err))
+    uri = json_body["dataset_uri"]
+    external_source = json_body["external_source"]

Review Comment:
   I don't think we should leave this open to the client, we should get this 
from the request, e.g. REMOTE_ADDR or registered api_client. Allowing this to 
be set by the clients puts us at a security risk as its integrity can't be 
verified anymore.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to