mattusifer commented on code in PR #30193:
URL: https://github.com/apache/airflow/pull/30193#discussion_r1191526309
##########
airflow/api_connexion/openapi/v1.yaml:
##########
@@ -2159,6 +2159,34 @@ paths:
'404':
$ref: '#/components/responses/NotFound'
+ /roles/{role_name}/actions/revoke:
+ parameters:
+ - $ref: '#/components/parameters/RoleName'
+ post:
Review Comment:
> I think it may be prone to race conditions
Can you expand on this a bit? I would think that we could achieve this
atomically.
One reason that the proposed **`PUT`** is useful is because it describes
exactly the desired state, and more relevantly to this PR, it doesn't require
that you know which permissions you need to revoke in order to get to your
desired end state.
If I want a user to only have "a, b, c" permissions, but didn't know which
permissions they already had, in order to use this POST endpoint I would need
to:
1. `GET` all of the user's permissions
2. `POST` here to revoke the ones I don't want
This is a clearer race condition to me, since there is no way for me as the
caller to know that the permissions had not changed between step 1 and 2. A PUT
endpoint is in a much better position to be able to do this atomically.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
