o-nikolas commented on code in PR #37430:
URL: https://github.com/apache/airflow/pull/37430#discussion_r1498340343
##########
airflow/auth/managers/base_auth_manager.py:
##########
@@ -254,6 +254,24 @@ def is_authorized_custom_view(
"""
raise AirflowException(f"The resource `{fab_resource_name}` does not
exist in the environment.")
+ def batch_is_authorized_connection(
+ self,
+ requests: Sequence[IsAuthorizedConnectionRequest],
+ ) -> bool:
+ """
+ Batch version of ``is_authorized_connection``.
+
+ By default, calls individually the ``is_authorized_connection`` API on
each item in the list of
+ requests. Can lead to some poor performance. It is recommended to
override this method in the auth
Review Comment:
```suggestion
requests, which can lead to some poor performance. It is recommended
to override this method in the auth
```
##########
airflow/providers/amazon/aws/auth_manager/avp/facade.py:
##########
@@ -116,6 +125,63 @@ def is_authorized(
return resp["decision"] == "ALLOW"
+ def batch_is_authorized(
+ self,
+ *,
+ requests: Sequence[IsAuthorizedRequest],
+ user: AwsAuthManagerUser | None,
+ ) -> bool:
+ """
+ Make a batch authorization decision against Amazon Verified
Permissions.
+
+ Check whether the user has permissions to access given resources.
+
+ :param requests: the list of requests containing the method, the
entity_type and the entity ID
+ :param user: the user
+ """
+ if user is None:
+ return False
+
+ entity_list = self._get_user_role_entities(user)
+
+ self.log.debug("Making batch authorization request for user=%s,
requests=%s", user.get_id(), requests)
+
+ avp_requests = [
+ prune_dict(
+ {
+ "principal": {"entityType":
get_entity_type(AvpEntities.USER), "entityId": user.get_id()},
+ "action": {
+ "actionType": get_entity_type(AvpEntities.ACTION),
+ "actionId": get_action_id(request["entity_type"],
request["method"]),
+ },
+ "resource": {
+ "entityType": get_entity_type(request["entity_type"]),
+ "entityId": request.get("entity_id", "*"),
+ },
+ "context": self._build_context(request.get("context")),
+ }
+ )
+ for request in requests
+ ]
+
+ resp = self.avp_client.batch_is_authorized(
+ policyStoreId=self.avp_policy_store_id,
+ requests=avp_requests,
+ entities={"entityList": entity_list},
+ )
+
+ self.log.debug("Authorization response: %s", resp)
+
+ has_errors = any(len(result.get("errors", [])) > 0 for result in
resp["results"])
+
+ if has_errors:
+ self.log.error(
+ "Error occurred while making a batch authorization decision.
Result: %s", resp["results"]
+ )
+ raise AirflowException("Error occurred while making a batch
authorization decision.")
Review Comment:
Maybe just include the contents of the log.error in the Exception message?
They're mostly the same I'm not sure that both are needed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
