Dev-iL commented on code in PR #60280: URL: https://github.com/apache/airflow/pull/60280#discussion_r2676054668
########## providers/git/src/airflow/providers/git/bundles/git.py: ########## @@ -27,13 +27,59 @@ from git.exc import BadName, GitCommandError, InvalidGitRepositoryError, NoSuchPathError from tenacity import retry, retry_if_exception_type, stop_after_attempt -from airflow.dag_processing.bundles.base import BaseDagBundle +from airflow.dag_processing.bundles.base import BaseDagBundle, get_bundle_permissions from airflow.providers.common.compat.sdk import AirflowException from airflow.providers.git.hooks.git import GitHook log = structlog.get_logger(__name__) +def _apply_permissions_recursively(path: Path) -> None: + """ + Apply configured bundle permissions to a directory tree. + + This ensures that when user impersonation is used, the impersonated user + can access the cloned repository files. + + :param path: The root path to apply permissions to recursively + """ + folder_perms, file_perms = get_bundle_permissions() + with suppress(OSError): Review Comment: Yes - I suppose it is possible that the entire path becomes inaccessible mid-operation, although I don't know if we want to hide that. I can think of two approaches: 1. Remove the outer suppress - this makes the intent clearer - without masking errors from `os.walk` itself. 2. Log suppressed errors at DEBUG level so issues don't go unnoticed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
