jscheffl commented on code in PR #44732:
URL: https://github.com/apache/airflow/pull/44732#discussion_r1874015957
##########
providers/src/airflow/providers/edge/worker_api/auth.py:
##########
@@ -66,13 +66,19 @@ def _forbidden_response(message: str):
def jwt_token_authorization(method: str, authorization: str):
"""Check if the JWT token is correct."""
try:
+ # worker sends method without api_url
+ api_url = conf.get("edge", "api_url")
+ base_url = conf.get("webserver", "base_url")
+ url_prefix = api_url.replace(base_url, "").replace("/rpcapi", "")
+ pure_method = method.replace(url_prefix, "")
+ pure_method = pure_method[1:]
Review Comment:
The token authentication is (for Airflow 2.10) used for both API calls of
Edge Worker as well as AIP-44 RPCAPI. With this change the EdgeWorker can call
the API _but_ calls to RPCAPI are broken. When a task starts it fails with:
```
[2024-12-06T21:21:03.181+0000] {auth.py:59} ERROR - Invalid method in token
authorization. signed
method='airflow.utils.cli_action_loggers._default_action_log_internal' called
method='irflow.utils.cli_action_loggers._default_action_log_internal'
error_id=c84e8a0a-6114-4fcf-8888-90dc150ce6b3
```
So maybe it would be better to make it like:
```suggestion
url_prefix = api_url.replace(base_url, "").replace("/rpcapi", "/")
pure_method = method.replace(url_prefix, "")
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
