giannistbs opened a new pull request, #49548:
URL: https://github.com/apache/airflow/pull/49548
# Add support for restricting DAG trigger types
## Description
This PR implements the ability to restrict which trigger types are allowed
for a DAG. This feature allows DAG authors to specify which trigger types (UI,
REST API, CLI, etc.) should be disallowed for their DAGs, providing better
security and operational control.
Closes #40990
## Type of change
- [x] New feature (non-breaking change which adds functionality)
- [x] This change requires a documentation update
## Implementation Details
1. Added a new `disallowed_trigger_types` column to the `dag` table to store
the list of disallowed trigger types
2. Created a new `DagRunTriggerDisallowedError` exception class
3. Updated the DAG model to check for disallowed trigger types before
creating a DAG run
4. Enhanced API endpoints to handle the new exception and return appropriate
HTTP responses
5. Updated response models to include the disallowed trigger types
information
## Example Usage
DAG authors can now specify disallowed trigger types when defining their
DAGs:
```python
from airflow import DAG
from airflow.utils.types import DagRunTriggeredByType
dag = DAG(
dag_id='sensitive_data_pipeline',
schedule_interval='@daily',
# Prevent triggering via UI or REST API
disallowed_trigger_types=[DagRunTriggeredByType.UI,
DagRunTriggeredByType.REST_API],
# other DAG parameters...
)
```
## Testing
- [x] Unit tests added for the new functionality
- [x] Integration tests added for API endpoints
- [x] Migration tests added for the new database column
## Documentation
- [x] Updated DAG documentation to include the new parameter
- [x] Added examples of how to use the feature
- [x] Updated API documentation to reflect the new error responses
## Related Issues
- Closes #40990
## Checklist
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [x] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [x] I have added tests that prove my fix is effective or that my feature
works
- [x] New and existing unit tests pass locally with my changes
- [x] Any dependent changes have been merged and published in downstream
modules
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
