dabla commented on code in PR #61351:
URL: https://github.com/apache/airflow/pull/61351#discussion_r2764636427
##########
providers/keycloak/src/airflow/providers/keycloak/auth_manager/keycloak_auth_manager.py:
##########
@@ -358,9 +381,24 @@ def _is_authorized(
elif method == "GET":
method = "LIST"
+ is_multi_team = conf.getboolean("core", "multi_team")
Review Comment:
Nit: I think this one could be moved at top of module so it only needs to be
evaluated once.
##########
providers/keycloak/src/airflow/providers/keycloak/auth_manager/keycloak_auth_manager.py:
##########
@@ -208,12 +218,14 @@ def is_authorized_dag(
details: DagDetails | None = None,
) -> bool:
dag_id = details.id if details else None
+ team_name = details.team_name if details else None
Review Comment:
Some duplicate code here, maybe foresee a protected helper method for this
name _get_team_name?
##########
providers/keycloak/src/airflow/providers/keycloak/auth_manager/keycloak_auth_manager.py:
##########
@@ -412,8 +450,17 @@ def _is_batch_authorized(
@staticmethod
def _get_token_url(server_url, realm):
- # Normalize server_url to avoid double slashes (required for Keycloak
26.4+ strict path validation).
- return
f"{server_url.rstrip('/')}/realms/{realm}/protocol/openid-connect/token"
+ return f"{server_url}/realms/{realm}/protocol/openid-connect/token"
+
+ @staticmethod
+ def _get_resource_name(resource_type: KeycloakResource, team_name: str |
None) -> str | None:
+ if not conf.getboolean("core", "multi_team"):
Review Comment:
Same here, move that to a constant at top of module
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
