potiuk commented on code in PR #33213: URL: https://github.com/apache/airflow/pull/33213#discussion_r1306123985
########## airflow/auth/managers/models/resource_details.py: ########## @@ -0,0 +1,31 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +from __future__ import annotations + +from dataclasses import dataclass + + +@dataclass +class ResourceDetails: + """ + Represents the details of a resource. + + All fields must be optional. These details can be used in authorization decision. + """ + + id: str | None = None Review Comment: Yeah. It's really the matter where you pass the resource type you ask for. There are two ways: a) you pass the resource type as parameter of the method (or in some cases convention for resource type specification such as "connection:aws_default_connection" - this is really what URI/URL is all about) b) you make it inherently part of the "method" you call (so basically resource type is encoded in "which method you call") My assumption is that in every place you want to check for resource is a python code where you already know what resource type you want to check. So it's perfectly fine by the python code to choose which method you call rather than specify parameter which resource type you want or building the right "URI" In our case we have both "caller" and "calee" a Python code (caller is our own "auth" framework, calee is the "authmanager" implementation). And we are in full control of the caller -> calee interface. Somehow it seems that having "one method" with "generic resource" adds overhead for no particular reason. It would force the "caller" to conver the "busines logic" it wants into a generic method os that the "calee" would again convert it back to the "use case". That seems like unnecessary overhead. We already have 'Python methods" as a transport layer for our intent - we do not need to map it to another generic construct. It just seems more natural to expres it * Caller wants to ask if the variable can be accessed by the user * Callee is asked "is the variable accessible by the user" Rather than: * Caller wants to ask if the variable can be accessed by the user * Caller converts this to "resource-type = variable" where "id=x" * Callee converts the "resource-type" to variable check and "id" to "variable_id" * Callee is asked "is the variable accessible by the user" We can cut the two middle steps by explicitly asking for specific resource type via the choice of method call we make. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
