jason810496 commented on PR #47062:
URL: https://github.com/apache/airflow/pull/47062#issuecomment-2682286515
Hi @pierrejeambrun,
Here is a draft for the first entity that introduces authentication and
permissions. I want to ensure consistency across other entities and would
appreciate your advice on the following changes:
- **`tests/api_fastapi/conftest.py`**
- Added a bearer token with an admin role to the original `test_client`
fixture.
- Renamed the original `test_client` to `unauthenticated_test_client`
(since adding the `requires_access_*` dependencies to routers means we should
now respect the authorization header).
- **`tests/api_fastapi/core_api/routes/public/test_dags.py`**
- Is adding `_should_response_401` test cases for each router sufficient?
- Or should we cover more scenarios, such as Vertical Privilege
Escalation?
Looking forward to your thoughts!
cc @rawwar
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
