Re: [PR] Added bulk XCom deletion support to Task Execution API [airflow]

Thu, 08 Jan 2026 22:07:43 -0800 


amoghrajesh commented on code in PR #59874:
URL: https://github.com/apache/airflow/pull/59874#discussion_r2674963715


##########
airflow-core/src/airflow/api_fastapi/execution_api/routes/xcoms.py:
##########
@@ -413,26 +417,40 @@ def set_xcom(
 
 
 @router.delete(
-    "/{dag_id}/{run_id}/{task_id}/{key:path}",
+    "/{dag_id}/{run_id}",
     responses={status.HTTP_404_NOT_FOUND: {"description": "XCom not found"}},
-    description="Delete a single XCom Value",
+    description="Delete XCom Value(s).",
 )
 def delete_xcom(
     session: SessionDep,
     dag_id: str,
     run_id: str,
-    task_id: str,
-    key: Annotated[str, Path(min_length=1)],
+    task_id: Annotated[str | None, Query()] = None,
+    key: Annotated[str | None, Query()] = None,
     map_index: Annotated[int, Query()] = -1,
 ):
-    """Delete a single XCom Value."""
+    """
+    Delete XCom entry(ies).
+
+    Supports bulk deletion when task_id and/or key are not provided.
+    """

Review Comment:
   This is dangerous. This makes: `DELETE 
/example_dag/manual__2025-01-01T00:00:00` a valid call and can delete all xcoms 
if not done carefully.
   
   Another issue I see is:
   `DELETE /dag/run?task_id=task_a&key=return_value` earlier can now be `DELETE 
/dag/run?task_id=task_a` unintentionally, which will delete all xcoms. 
   
   I think having another endpoint is the way to go here, something like a:
   ```python
   @router.delete(
       "/{dag_id}/{run_id}/xcoms",
       description="Bulk delete XCom values,
   )
   def bulk_delete_xcoms(
       session: SessionDep,
       dag_id: str,
       run_id: str,
       task_id: Annotated[str | None, Query()] = None,
       key: Annotated[str | None, Query()] = None,
       map_index: Annotated[int | None, Query()] = None,
   ):
   ```
   
   Does this not seem safer?



##########
airflow-core/src/airflow/api_fastapi/execution_api/routes/xcoms.py:
##########
@@ -66,7 +66,6 @@ async def has_xcom_access(
         status.HTTP_403_FORBIDDEN: {"description": "Task does not have access 
to the XCom"},
         status.HTTP_404_NOT_FOUND: {"description": "XCom not found"},
     },
-    dependencies=[Depends(has_xcom_access)],

Review Comment:
   Why has this been changed?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to