This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new e6f5d454b2 Move some FAB related tests to provider (#37549)
e6f5d454b2 is described below
commit e6f5d454b24cda6d347276cc148f07f3d223684a
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Mon Feb 19 19:44:28 2024 +0100
Move some FAB related tests to provider (#37549)
There are still some tests that are really FAB provider Auth Manager
tests but they were left in the core (which is kind-of expected
remnant of the past. We will eventually find and move all of them but
for now let's just move some of them we are aware of.
---
.../fab/auth_manager}/test_security.py | 64 +++++++++++++++++++++
tests/www/test_auth.py | 66 ----------------------
2 files changed, 64 insertions(+), 66 deletions(-)
diff --git a/tests/www/test_security.py
b/tests/providers/fab/auth_manager/test_security.py
similarity index 94%
rename from tests/www/test_security.py
rename to tests/providers/fab/auth_manager/test_security.py
index fb24aae905..ea28de4a99 100644
--- a/tests/www/test_security.py
+++ b/tests/providers/fab/auth_manager/test_security.py
@@ -19,6 +19,7 @@ from __future__ import annotations
import contextlib
import datetime
+import json
import logging
import os
from unittest import mock
@@ -1139,3 +1140,66 @@ def test_custom_access_denied_message():
):
initialize_config()
assert get_access_denied_message() == "My custom access denied message"
+
+
+@pytest.mark.db_test
+class TestHasAccessDagDecorator:
+ @pytest.mark.parametrize(
+ "dag_id_args, dag_id_kwargs, dag_id_form, dag_id_json, fail",
+ [
+ ("a", None, None, None, False),
+ (None, "b", None, None, False),
+ (None, None, "c", None, False),
+ (None, None, None, "d", False),
+ ("a", "a", None, None, False),
+ ("a", "a", "a", None, False),
+ ("a", "a", "a", "a", False),
+ (None, "a", "a", "a", False),
+ (None, None, "a", "a", False),
+ ("a", None, None, "a", False),
+ ("a", None, "a", None, False),
+ ("a", None, "c", None, True),
+ (None, "b", "c", None, True),
+ (None, None, "c", "d", True),
+ ("a", "b", "c", "d", True),
+ ],
+ )
+ def test_dag_id_consistency(
+ self,
+ app,
+ dag_id_args: str | None,
+ dag_id_kwargs: str | None,
+ dag_id_form: str | None,
+ dag_id_json: str | None,
+ fail: bool,
+ ):
+ with app.test_request_context() as mock_context:
+ from airflow.www.auth import has_access_dag
+
+ mock_context.request.args = {"dag_id": dag_id_args} if dag_id_args
else {}
+ kwargs = {"dag_id": dag_id_kwargs} if dag_id_kwargs else {}
+ mock_context.request.form = {"dag_id": dag_id_form} if dag_id_form
else {}
+ if dag_id_json:
+ mock_context.request._cached_data = json.dumps({"dag_id":
dag_id_json})
+ mock_context.request._parsed_content_type =
["application/json"]
+
+ with create_user_scope(
+ app,
+ username="test-user",
+ role_name="limited-role",
+ permissions=[(permissions.ACTION_CAN_READ,
permissions.RESOURCE_DAG)],
+ ) as user:
+ with patch(
+
"airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager.get_user"
+ ) as mock_get_user:
+ mock_get_user.return_value = user
+
+ @has_access_dag("GET")
+ def test_func(**kwargs):
+ return True
+
+ result = test_func(**kwargs)
+ if fail:
+ assert result[1] == 403
+ else:
+ assert result is True
diff --git a/tests/www/test_auth.py b/tests/www/test_auth.py
index 79c61b2f52..952c1be05b 100644
--- a/tests/www/test_auth.py
+++ b/tests/www/test_auth.py
@@ -25,10 +25,7 @@ import airflow.www.auth as auth
from airflow.auth.managers.models.resource_details import DagAccessEntity
from airflow.exceptions import RemovedInAirflow3Warning
from airflow.models import Connection, Pool, Variable
-from airflow.security import permissions
-from airflow.settings import json
from airflow.www.auth import has_access
-from tests.test_utils.api_connexion_utils import create_user_scope
mock_call = Mock()
@@ -239,66 +236,3 @@ class TestHasAccessDagEntities:
mock_call.assert_not_called()
assert result.headers["Location"] == "login_url"
-
-
-@pytest.mark.db_test
-class TestHasAccessDagDecorator:
- @pytest.mark.parametrize(
- "dag_id_args, dag_id_kwargs, dag_id_form, dag_id_json, fail",
- [
- ("a", None, None, None, False),
- (None, "b", None, None, False),
- (None, None, "c", None, False),
- (None, None, None, "d", False),
- ("a", "a", None, None, False),
- ("a", "a", "a", None, False),
- ("a", "a", "a", "a", False),
- (None, "a", "a", "a", False),
- (None, None, "a", "a", False),
- ("a", None, None, "a", False),
- ("a", None, "a", None, False),
- ("a", None, "c", None, True),
- (None, "b", "c", None, True),
- (None, None, "c", "d", True),
- ("a", "b", "c", "d", True),
- ],
- )
- def test_dag_id_consistency(
- self,
- app,
- dag_id_args: str | None,
- dag_id_kwargs: str | None,
- dag_id_form: str | None,
- dag_id_json: str | None,
- fail: bool,
- ):
- with app.test_request_context() as mock_context:
- from airflow.www.auth import has_access_dag
-
- mock_context.request.args = {"dag_id": dag_id_args} if dag_id_args
else {}
- kwargs = {"dag_id": dag_id_kwargs} if dag_id_kwargs else {}
- mock_context.request.form = {"dag_id": dag_id_form} if dag_id_form
else {}
- if dag_id_json:
- mock_context.request._cached_data = json.dumps({"dag_id":
dag_id_json})
- mock_context.request._parsed_content_type =
["application/json"]
-
- with create_user_scope(
- app,
- username="test-user",
- role_name="limited-role",
- permissions=[(permissions.ACTION_CAN_READ,
permissions.RESOURCE_DAG)],
- ) as user:
- with patch(
-
"airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager.get_user"
- ) as mock_get_user:
- mock_get_user.return_value = user
-
- @has_access_dag("GET")
- def test_func(**kwargs):
- return True
-
- result = test_func(**kwargs)
- if fail:
- assert result[1] == 403
- else:
- assert result is True
