potiuk commented on code in PR #40897:
URL: https://github.com/apache/airflow/pull/40897#discussion_r1685302555
##########
airflow/api_internal/internal_api_call.py:
##########
@@ -68,21 +73,31 @@ def get_internal_api_endpoint():
InternalApiConfig._init_values()
return InternalApiConfig._internal_api_endpoint
+ @staticmethod
+ def get_auth() -> AuthBase | None:
+ return InternalApiConfig._internal_api_auth
+
@staticmethod
def _init_values():
use_internal_api = conf.getboolean("core",
"database_access_isolation", fallback=False)
if use_internal_api and not _ENABLE_AIP_44:
raise RuntimeError("The AIP_44 is not enabled so you cannot use
it.")
- internal_api_endpoint = ""
if use_internal_api:
- internal_api_url = conf.get("core", "internal_api_url")
- internal_api_endpoint = internal_api_url +
"/internal_api/v1/rpcapi"
- if not internal_api_endpoint.startswith("http://";):
- raise AirflowConfigException("[core]internal_api_url must
start with http://";)
+ internal_api_endpoint = conf.get("core", "internal_api_url")
+ if internal_api_endpoint.find("/", 8) == -1:
+ internal_api_endpoint = internal_api_endpoint +
"/internal_api/v1/rpcapi"
+ if not internal_api_endpoint.startswith("http://";) and not
internal_api_endpoint.startswith(
+ "https://";
+ ):
+ raise AirflowConfigException("[core]internal_api_url must
start with http:// or https://";)
+ InternalApiConfig._internal_api_endpoint = internal_api_endpoint
+ internal_api_user = conf.get("core", "internal_api_user")
+ internal_api_password = conf.get("core", "internal_api_password")
Review Comment:
1) We can rename it separately, but I'd rather use something less generic,
`internal_aip_44_api` should be specific enough for example, very "temporrary"
name as well. It has a little ripple effect and I'd rather do it when we fix
other missing issues to not add extra complexity.
2) Rather than using basic_auth, maybe a better approach will be that we
sign the request and verify them in similar way as we do with get_log() method?
That was the initial idea actually and then we would not need any other
configuration.
```
if not token:
metadata = {}
else:
try:
metadata = URLSafeSerializer(key).loads(token)
except BadSignature:
raise BadRequest("Bad Signature. Please use only the tokens
provided by the API.")
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
