o-nikolas commented on code in PR #37430: URL: https://github.com/apache/airflow/pull/37430#discussion_r1498340343
########## airflow/auth/managers/base_auth_manager.py: ########## @@ -254,6 +254,24 @@ def is_authorized_custom_view( """ raise AirflowException(f"The resource `{fab_resource_name}` does not exist in the environment.") + def batch_is_authorized_connection( + self, + requests: Sequence[IsAuthorizedConnectionRequest], + ) -> bool: + """ + Batch version of ``is_authorized_connection``. + + By default, calls individually the ``is_authorized_connection`` API on each item in the list of + requests. Can lead to some poor performance. It is recommended to override this method in the auth Review Comment: ```suggestion requests, which can lead to some poor performance. It is recommended to override this method in the auth ``` ########## airflow/providers/amazon/aws/auth_manager/avp/facade.py: ########## @@ -116,6 +125,63 @@ def is_authorized( return resp["decision"] == "ALLOW" + def batch_is_authorized( + self, + *, + requests: Sequence[IsAuthorizedRequest], + user: AwsAuthManagerUser | None, + ) -> bool: + """ + Make a batch authorization decision against Amazon Verified Permissions. + + Check whether the user has permissions to access given resources. + + :param requests: the list of requests containing the method, the entity_type and the entity ID + :param user: the user + """ + if user is None: + return False + + entity_list = self._get_user_role_entities(user) + + self.log.debug("Making batch authorization request for user=%s, requests=%s", user.get_id(), requests) + + avp_requests = [ + prune_dict( + { + "principal": {"entityType": get_entity_type(AvpEntities.USER), "entityId": user.get_id()}, + "action": { + "actionType": get_entity_type(AvpEntities.ACTION), + "actionId": get_action_id(request["entity_type"], request["method"]), + }, + "resource": { + "entityType": get_entity_type(request["entity_type"]), + "entityId": request.get("entity_id", "*"), + }, + "context": self._build_context(request.get("context")), + } + ) + for request in requests + ] + + resp = self.avp_client.batch_is_authorized( + policyStoreId=self.avp_policy_store_id, + requests=avp_requests, + entities={"entityList": entity_list}, + ) + + self.log.debug("Authorization response: %s", resp) + + has_errors = any(len(result.get("errors", [])) > 0 for result in resp["results"]) + + if has_errors: + self.log.error( + "Error occurred while making a batch authorization decision. Result: %s", resp["results"] + ) + raise AirflowException("Error occurred while making a batch authorization decision.") Review Comment: Maybe just include the contents of the log.error in the Exception message? They're mostly the same I'm not sure that both are needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org