This is an automated email from the ASF dual-hosted git repository.
pierrejeambrun pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 140196dc925 AIP-84 | Add Auth for Event Logs (#47246)
140196dc925 is described below
commit 140196dc925bf0269fc7e932639724e8003b51f5
Author: LIU ZHE YOU <[email protected]>
AuthorDate: Thu Mar 6 00:07:09 2025 +0800
AIP-84 | Add Auth for Event Logs (#47246)
---
airflow/api_fastapi/core_api/openapi/v1-generated.yaml | 4 ++++
.../api_fastapi/core_api/routes/public/event_logs.py | 3 +++
.../core_api/routes/public/test_event_logs.py | 18 ++++++++++++++++++
3 files changed, 25 insertions(+)
diff --git a/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
b/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
index acabf892d60..bb1fb080653 100644
--- a/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
+++ b/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
@@ -3542,6 +3542,8 @@ paths:
- Event Log
summary: Get Event Log
operationId: get_event_log
+ security:
+ - OAuth2PasswordBearer: []
parameters:
- name: event_log_id
in: path
@@ -3587,6 +3589,8 @@ paths:
summary: Get Event Logs
description: Get all Event Logs.
operationId: get_event_logs
+ security:
+ - OAuth2PasswordBearer: []
parameters:
- name: limit
in: query
diff --git a/airflow/api_fastapi/core_api/routes/public/event_logs.py
b/airflow/api_fastapi/core_api/routes/public/event_logs.py
index 713c54babc3..33b3c68e564 100644
--- a/airflow/api_fastapi/core_api/routes/public/event_logs.py
+++ b/airflow/api_fastapi/core_api/routes/public/event_logs.py
@@ -40,6 +40,7 @@ from airflow.api_fastapi.core_api.datamodels.event_logs
import (
EventLogResponse,
)
from airflow.api_fastapi.core_api.openapi.exceptions import
create_openapi_http_exception_doc
+from airflow.api_fastapi.core_api.security import DagAccessEntity,
requires_access_dag
from airflow.models import Log
event_logs_router = AirflowRouter(tags=["Event Log"], prefix="/eventLogs")
@@ -48,6 +49,7 @@ event_logs_router = AirflowRouter(tags=["Event Log"],
prefix="/eventLogs")
@event_logs_router.get(
"/{event_log_id}",
responses=create_openapi_http_exception_doc([status.HTTP_404_NOT_FOUND]),
+ dependencies=[Depends(requires_access_dag("GET",
DagAccessEntity.AUDIT_LOG))],
)
def get_event_log(
event_log_id: int,
@@ -61,6 +63,7 @@ def get_event_log(
@event_logs_router.get(
"",
+ dependencies=[Depends(requires_access_dag("GET",
DagAccessEntity.AUDIT_LOG))],
)
def get_event_logs(
limit: QueryLimit,
diff --git a/tests/api_fastapi/core_api/routes/public/test_event_logs.py
b/tests/api_fastapi/core_api/routes/public/test_event_logs.py
index 706e12e1dc2..d9b194c0a31 100644
--- a/tests/api_fastapi/core_api/routes/public/test_event_logs.py
+++ b/tests/api_fastapi/core_api/routes/public/test_event_logs.py
@@ -177,6 +177,16 @@ class TestGetEventLog(TestEventLogsEndpoint):
assert response.json() == expected_json
+ def test_should_raises_401_unauthenticated(self,
unauthenticated_test_client, setup):
+ event_log_id = setup[EVENT_NORMAL].id
+ response =
unauthenticated_test_client.get(f"/public/eventLogs/{event_log_id}")
+ assert response.status_code == 401
+
+ def test_should_raises_403_forbidden(self, unauthorized_test_client,
setup):
+ event_log_id = setup[EVENT_NORMAL].id
+ response =
unauthorized_test_client.get(f"/public/eventLogs/{event_log_id}")
+ assert response.status_code == 403
+
class TestGetEventLogs(TestEventLogsEndpoint):
@pytest.mark.parametrize(
@@ -306,3 +316,11 @@ class TestGetEventLogs(TestEventLogsEndpoint):
assert resp_json["total_entries"] == expected_total_entries
for event_log, expected_event in zip(resp_json["event_logs"],
expected_events):
assert event_log["event"] == expected_event
+
+ def test_should_raises_401_unauthenticated(self,
unauthenticated_test_client):
+ response = unauthenticated_test_client.get("/public/eventLogs")
+ assert response.status_code == 401
+
+ def test_should_raises_403_forbidden(self, unauthorized_test_client):
+ response = unauthorized_test_client.get("/public/eventLogs")
+ assert response.status_code == 403
