This is an automated email from the ASF dual-hosted git repository.
weilee pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 7d4a012b6ac feat(AIP-84): add auth to /ui/historical_metrics_data
(#47650)
7d4a012b6ac is described below
commit 7d4a012b6ac500f03e33a2ce71e0ca4a4502cc9f
Author: Wei Lee <[email protected]>
AuthorDate: Thu Mar 13 11:21:27 2025 +0800
feat(AIP-84): add auth to /ui/historical_metrics_data (#47650)
---
airflow/api_fastapi/core_api/openapi/v1-generated.yaml | 2 ++
airflow/api_fastapi/core_api/routes/ui/dashboard.py | 8 +++++++-
tests/api_fastapi/core_api/routes/ui/test_dashboard.py | 14 +++++++++++++-
3 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
b/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
index 2a3e06ea471..6c78d61f7ff 100644
--- a/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
+++ b/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
@@ -244,6 +244,8 @@ paths:
summary: Historical Metrics
description: Return cluster activity historical metrics.
operationId: historical_metrics
+ security:
+ - OAuth2PasswordBearer: []
parameters:
- name: start_date
in: query
diff --git a/airflow/api_fastapi/core_api/routes/ui/dashboard.py
b/airflow/api_fastapi/core_api/routes/ui/dashboard.py
index 94489ed68ad..e7f6d42c9d4 100644
--- a/airflow/api_fastapi/core_api/routes/ui/dashboard.py
+++ b/airflow/api_fastapi/core_api/routes/ui/dashboard.py
@@ -16,14 +16,16 @@
# under the License.
from __future__ import annotations
-from fastapi import status
+from fastapi import Depends, status
from sqlalchemy import func, select
+from airflow.api_fastapi.auth.managers.models.resource_details import
DagAccessEntity
from airflow.api_fastapi.common.db.common import SessionDep
from airflow.api_fastapi.common.parameters import DateTimeQuery,
OptionalDateTimeQuery
from airflow.api_fastapi.common.router import AirflowRouter
from airflow.api_fastapi.core_api.datamodels.ui.dashboard import
HistoricalMetricDataResponse
from airflow.api_fastapi.core_api.openapi.exceptions import
create_openapi_http_exception_doc
+from airflow.api_fastapi.core_api.security import requires_access_dag
from airflow.models.dagrun import DagRun, DagRunType
from airflow.models.taskinstance import TaskInstance
from airflow.utils import timezone
@@ -35,6 +37,10 @@ dashboard_router = AirflowRouter(tags=["Dashboard"],
prefix="/dashboard")
@dashboard_router.get(
"/historical_metrics_data",
responses=create_openapi_http_exception_doc([status.HTTP_400_BAD_REQUEST]),
+ dependencies=[
+ Depends(requires_access_dag(method="GET",
access_entity=DagAccessEntity.TASK_INSTANCE)),
+ Depends(requires_access_dag(method="GET",
access_entity=DagAccessEntity.RUN)),
+ ],
)
def historical_metrics(
session: SessionDep,
diff --git a/tests/api_fastapi/core_api/routes/ui/test_dashboard.py
b/tests/api_fastapi/core_api/routes/ui/test_dashboard.py
index 164c7d63f84..d3bab7da345 100644
--- a/tests/api_fastapi/core_api/routes/ui/test_dashboard.py
+++ b/tests/api_fastapi/core_api/routes/ui/test_dashboard.py
@@ -172,7 +172,19 @@ class TestHistoricalMetricsDataEndpoint:
],
)
@pytest.mark.usefixtures("freeze_time_for_dagruns", "make_dag_runs")
- def test_historical_metrics_data(self, test_client, params, expected):
+ def test_should_response_200(self, test_client, params, expected):
response = test_client.get("/ui/dashboard/historical_metrics_data",
params=params)
assert response.status_code == 200
assert response.json() == expected
+
+ def test_should_response_401(self, unauthenticated_test_client):
+ response = unauthenticated_test_client.get(
+ "/ui/dashboard/historical_metrics_data", params={"start_date":
"2023-02-02T00:00"}
+ )
+ assert response.status_code == 401
+
+ def test_should_response_403(self, unauthorized_test_client):
+ response = unauthorized_test_client.get(
+ "/ui/dashboard/historical_metrics_data", params={"start_date":
"2023-02-02T00:00"}
+ )
+ assert response.status_code == 403
