This is an automated email from the ASF dual-hosted git repository.
weilee pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 32403c9d062 feat(AIP-84): add auth to /ui/grid (#47651)
32403c9d062 is described below
commit 32403c9d06273479730f41d064b1c3975547a3a0
Author: Wei Lee <[email protected]>
AuthorDate: Thu Mar 13 11:25:00 2025 +0800
feat(AIP-84): add auth to /ui/grid (#47651)
---
airflow/api_fastapi/core_api/openapi/v1-generated.yaml | 2 ++
airflow/api_fastapi/core_api/routes/ui/grid.py | 6 ++++++
tests/api_fastapi/core_api/routes/ui/test_grid.py | 8 ++++++++
3 files changed, 16 insertions(+)
diff --git a/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
b/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
index 6c78d61f7ff..9cad372aaee 100644
--- a/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
+++ b/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
@@ -424,6 +424,8 @@ paths:
summary: Grid Data
description: Return grid data.
operationId: grid_data
+ security:
+ - OAuth2PasswordBearer: []
parameters:
- name: dag_id
in: path
diff --git a/airflow/api_fastapi/core_api/routes/ui/grid.py
b/airflow/api_fastapi/core_api/routes/ui/grid.py
index c145e334625..d21c367251e 100644
--- a/airflow/api_fastapi/core_api/routes/ui/grid.py
+++ b/airflow/api_fastapi/core_api/routes/ui/grid.py
@@ -26,6 +26,7 @@ from sqlalchemy import select
from sqlalchemy.orm import joinedload
from airflow import DAG
+from airflow.api_fastapi.auth.managers.models.resource_details import
DagAccessEntity
from airflow.api_fastapi.common.db.common import SessionDep, paginated_select
from airflow.api_fastapi.common.parameters import (
QueryDagRunRunTypesFilter,
@@ -44,6 +45,7 @@ from airflow.api_fastapi.core_api.datamodels.ui.grid import (
GridResponse,
)
from airflow.api_fastapi.core_api.openapi.exceptions import
create_openapi_http_exception_doc
+from airflow.api_fastapi.core_api.security import requires_access_dag
from airflow.api_fastapi.core_api.services.ui.grid import (
fill_task_instance_summaries,
get_child_task_map,
@@ -58,6 +60,10 @@ grid_router = AirflowRouter(prefix="/grid", tags=["Grid"])
@grid_router.get(
"/{dag_id}",
responses=create_openapi_http_exception_doc([status.HTTP_400_BAD_REQUEST,
status.HTTP_404_NOT_FOUND]),
+ dependencies=[
+ Depends(requires_access_dag(method="GET",
access_entity=DagAccessEntity.TASK_INSTANCE)),
+ Depends(requires_access_dag(method="GET",
access_entity=DagAccessEntity.RUN)),
+ ],
)
def grid_data(
dag_id: str,
diff --git a/tests/api_fastapi/core_api/routes/ui/test_grid.py
b/tests/api_fastapi/core_api/routes/ui/test_grid.py
index d9705324f54..463193c42ac 100644
--- a/tests/api_fastapi/core_api/routes/ui/test_grid.py
+++ b/tests/api_fastapi/core_api/routes/ui/test_grid.py
@@ -1003,6 +1003,14 @@ class TestGetGridDataEndpoint:
assert response.status_code == 422
assert response.json() == expected
+ def test_should_response_401(self, unauthenticated_test_client):
+ response = unauthenticated_test_client.get(f"/ui/grid/{DAG_ID_3}")
+ assert response.status_code == 401
+
+ def test_should_response_403(self, unauthorized_test_client):
+ response = unauthorized_test_client.get(f"/ui/grid/{DAG_ID_3}")
+ assert response.status_code == 403
+
def test_should_response_404(self, test_client):
response = test_client.get("/ui/grid/invalid_dag")
assert response.status_code == 404
